Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 30 Jan 2011 22:36:08 +1100
From:      Alex <joovke@joovke.com>
To:        freebsd-xen@freebsd.org
Subject:   terrible performance with xn0 interface and PF
Message-ID:  <4D454D28.8050106@joovke.com>
next in thread | raw e-mail | index | archive | help 
Hi guys,

I managed to get the XENHVM kernel working, obviously I had to adjust my 
pf.conf as the network interface is now xn0 instead of re0. All i did 
was edit the config, and replace all instances of re0 with xn0. The 
performance seems to be aweful. I was wondering why network connectivity 
was so slow. A download test struggled to do 2KB/s. I disabled pf and 
suddenly the speed skyrocketed. Any ideas where to look? I have the 
following in my kernel for PF:

device pf
device pflog
device pfsync
options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build

and pf.conf (very basic setup):

mailblocklist = "{ 69.6.26.0/24 }"
#blacklist = "{ 202.16.0.11 }"

# Rule  0 (xn0)
#pass in quick on xn0 inet proto icmp from any  to (xn0)  label "RULE 0 
-- ACCEPT "

#block mail server(s) that continue to try and send me junk
block in quick on xn0 inet proto tcp  from $mailblocklist to (xn0) port 25

#block anyone else who's in the blacklist
#block in quick on xn0 inet from $blacklist to (xn0)

pass in quick on xn0 inet proto tcp  from any  to (xn0) port { 110, 25, 
80, 443, 21, 53 } flags any  label "RULE 0 -- ACCEPT "
pass in  quick on xn0 inet proto udp  from any  to (xn0) port 53  label 
"RULE 0 -- ACCEPT "

#
# Rule  1 (lo0)
pass  quick on lo0 inet  from any  to any no state  label "RULE 1 -- 
ACCEPT "
#
# Rule  2 (xn0) -- allow all outbound connectivity
pass out  quick on xn0 inet  from any  to any  label "RULE 2 -- ACCEPT "

# Rule  3 (xn0)
# deny all not matched by above
block in quick on xn0 inet  from any  to any no state  label "RULE 3 -- 
DROP "

--------------------------

Any ideas why I would be seeing such a performance hit? The only thing 
that's changed is the kernel+network interface type.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D454D28.8050106>