From owner-freebsd-xen@freebsd.org Wed Jul 29 07:00:36 2015 Return-Path: Delivered-To: freebsd-xen@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5854D9AD527 for ; Wed, 29 Jul 2015 07:00:36 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 42780B3F for ; Wed, 29 Jul 2015 07:00:36 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: by mailman.ysv.freebsd.org (Postfix) id 3F86B9AD526; Wed, 29 Jul 2015 07:00:36 +0000 (UTC) Delivered-To: xen@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E11C9AD525 for ; Wed, 29 Jul 2015 07:00:36 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from smtp.krpservers.com (smtp.krpservers.com [62.13.128.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.krpservers.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DEBEDB3E for ; Wed, 29 Jul 2015 07:00:32 +0000 (UTC) (envelope-from kpielorz_lst@tdx.co.uk) Received: from [10.12.30.100] (vpn01-01.tdx.co.uk [62.13.130.213]) (authenticated bits=0) by smtp.krpservers.com (8.14.9/8.14.9) with ESMTP id t6T6lSBh052967 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 29 Jul 2015 07:47:29 +0100 (BST) (envelope-from kpielorz_lst@tdx.co.uk) Date: Wed, 29 Jul 2015 07:47:28 +0100 From: Karl Pielorz To: xen@FreeBSD.org Subject: Poor network performance with Xen + OpenVPN? Message-ID: X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-BeenThere: freebsd-xen@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion of the freebsd port to xen - implementation and usage List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 07:00:36 -0000 Hi All, A while ago I ran into an issue with FreeBSD + Xen and networking (where FreeBSD PVHVM domU's can't "route" traffic to/from other domU's (fbsd/linux/windows) - e.g. as a default gateway). I seem to have run into what appears to be another network issue now - XenServer 6.5-SP1 +hotfixes, with FreeBSD 10.1-p4 (as PVHVM), and OpenVPN 2.3.7 Everything 'works OK' - but the performance is pretty poor. Most noticeable - if you have a browser open fetching pages via the VPN - the pages arrive very slowly, and any ssh sessions etc. are instantly put on a 'go slow', you also start getting ping timeouts when pinging hosts the other side of the VM/VPN until the pages are fetched. Swap back to a bare metal system (on the same networks) - it works fine, switch back over to the VM - and again, performance is lousy. The host running OpenVPN isn't really under any load (it's only job is running OpenVPN) - nor is it's XenServer. If I connect to another OpenVPN host which is running on an HVM FreeBSD 9.1 domU - performance is indistinguishable from the bare metal (as you'd expect considering the relatively low volumes of traffic over the VPN etc.) Can anyone suggest any fixes / where to look to try and keep it as PVHVM, and get the performance back? - as we've already got a collection of HVM machines (to work round the other network problem) - which I don't really want to add to, as they're not agile :( Cheers, -Karl