[Xen-users] forcing HVM to specific network model with PV-aware FreeBSD DomU

Andreas Pflug pgadmin at pse-consulting.de
Thu Oct 15 15:13:10 UTC 2015

Am 15.10.15 um 16:39 schrieb Roger Pau Monné:
> Hello,
> Adding the freebsd-xen mailing list since somebody might be able to
> provide better advice than me regarding network stuff.
> El 15/10/15 a les 12.31, Andreas Pflug ha escrit:
>> Hi!
>> For quite a while, I've been running several pfSense firewall DomUs up
>> to version 2.15 on Xen. Since the FreeBSD kernel 8.3 of pfSense wasn't
>> xen-aware the model e1000 was used, and I had all networking features as
>> expected though performance was degraded.
>> When the new pfSense 2.2 was introduced, the kernel changed to FreeBSD
>> 10.1 which now (finally!) includes a xen netfront driver, promising a
>> vastly improved performance. Unfortunately, its implementation is quite
>> sketchy:
>> - offloading issues, which can be worked around by disabling tx
>> offloading using a custom vif-script
> Is this related to the long-standing pf+TSO issues? There's a recent
> commit that should solve it:
> https://svnweb.freebsd.org/base?view=revision&revision=289316
> There seems to be plans to issue an EN for that one, so you might be
> able to get it by just using freebsd-update (or whatever pfSense uses)
> without having to wait for a new stable release.
Yes, this seems to be the issue.
>> - VLANs are not supported. Can be achieved with multiple bridges in
>> Dom0, if 8 are enough. If you need more, you're out of luck.
>> - ALTQ not supported. No known workaround, preventing any traffic shaping.
> Sadly I'm not aware of anyone working on this two items. Any pickers?
>> On the FreeBSD side, it is said that the xn xen netfront driver can't be
>> disabled at boot time, unless a custom kernel is built (certainly not
>> desirable regarding security updates), so:
>> How can I disable xen-netback drivers for a specific HVM? It should
>> respect the "model=e1000" setting (or maybe virtio?). I'm running Xen
>> 4.4 on Debian.
> I've recently committed a patch to HEAD in order to disable PV nics or
> disks on request:
> https://svnweb.freebsd.org/base?view=revision&revision=286999
> I will backport it to stable-10 soon to make sure it's on the next
> stable release (FreeBSD 10.3). Apart from that, there's not much we can
> do now.

Ah, while that won't fix the xn driver, it will give us back the en
driver. Hopefully it will find its way into pfSense's kernel, I'll drop
a note over there.


More information about the freebsd-xen mailing list