From owner-freebsd-xen@freebsd.org Thu Oct 15 14:40:52 2015 Return-Path: Delivered-To: freebsd-xen@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2AE0A157BD for ; Thu, 15 Oct 2015 14:40:52 +0000 (UTC) (envelope-from prvs=7236e92fb=roger.pau@citrix.com) Received: from SMTP02.CITRIX.COM (smtp02.citrix.com [66.165.176.63]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.citrix.com", Issuer "Verizon Public SureServer CA G14-SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 70076163A for ; Thu, 15 Oct 2015 14:40:52 +0000 (UTC) (envelope-from prvs=7236e92fb=roger.pau@citrix.com) X-IronPort-AV: E=Sophos;i="5.17,686,1437436800"; d="scan'208";a="310599388" Subject: Re: [Xen-users] forcing HVM to specific network model with PV-aware FreeBSD DomU To: Andreas Pflug , References: <561F8065.5000807@pse-consulting.de> From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= X-Enigmail-Draft-Status: N1110 CC: FreeBSD XEN Message-ID: <561FBAA4.50700@citrix.com> Date: Thu, 15 Oct 2015 16:39:32 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <561F8065.5000807@pse-consulting.de> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-DLP: MIA1 X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2015 14:40:52 -0000 Hello, Adding the freebsd-xen mailing list since somebody might be able to provide better advice than me regarding network stuff. El 15/10/15 a les 12.31, Andreas Pflug ha escrit: > Hi! > > For quite a while, I've been running several pfSense firewall DomUs up > to version 2.15 on Xen. Since the FreeBSD kernel 8.3 of pfSense wasn't > xen-aware the model e1000 was used, and I had all networking features as > expected though performance was degraded. > > When the new pfSense 2.2 was introduced, the kernel changed to FreeBSD > 10.1 which now (finally!) includes a xen netfront driver, promising a > vastly improved performance. Unfortunately, its implementation is quite > sketchy: > - offloading issues, which can be worked around by disabling tx > offloading using a custom vif-script Is this related to the long-standing pf+TSO issues? There's a recent commit that should solve it: https://svnweb.freebsd.org/base?view=revision&revision=289316 There seems to be plans to issue an EN for that one, so you might be able to get it by just using freebsd-update (or whatever pfSense uses) without having to wait for a new stable release. > - VLANs are not supported. Can be achieved with multiple bridges in > Dom0, if 8 are enough. If you need more, you're out of luck. > - ALTQ not supported. No known workaround, preventing any traffic shaping. Sadly I'm not aware of anyone working on this two items. Any pickers? > On the FreeBSD side, it is said that the xn xen netfront driver can't be > disabled at boot time, unless a custom kernel is built (certainly not > desirable regarding security updates), so: > > How can I disable xen-netback drivers for a specific HVM? It should > respect the "model=e1000" setting (or maybe virtio?). I'm running Xen > 4.4 on Debian. I've recently committed a patch to HEAD in order to disable PV nics or disks on request: https://svnweb.freebsd.org/base?view=revision&revision=286999 I will backport it to stable-10 soon to make sure it's on the next stable release (FreeBSD 10.3). Apart from that, there's not much we can do now. Roger.