Pfsense with XEN
-
Hi all,
After a lot of stability problems, I finally got it right by creating a completely new XEN configuration file. The only thing that the pfsense HVM guest can't handle is when I start copying large (>2GB) files on the host system. Then the guest crashes and I have to destroy it before I can start it again. The weird thing is that my Windows XP HVM guest can handle this and is always stable just like the para-virtuelized guests.
Outsidre, the best option is to delegate the WAN interface to the pfsense guest alone. This way the WAN interface only connects pfsense to the WAN. HOWEVER, right now this can only be done for para-virtualized guests (so we have to wait for HVM support and use a bridge for now).
For your LAN interface you can use a bridge. This way you can also connect the other guests on the pfsense host to the LAN. In addition you can (physically) attach a switch and other computers.
I also have a few questions for you. Which OS is installed on your XEN host? Do you also have problems copying large files?Regards,
Joost. -
I also have a few questions for you. Which OS is installed on your XEN host? Do you also have problems copying large files?
The dom0 is OpenSuse 10.3.
The guests are: pfSense (HVM), FreeNAS (HVM), and 2 openSuSE10.3 (para) installs. I have XP installed as an HVM, but don't use it much.I have had some problems similar to what you describe. If I do heavy file access + CPU access on the host (dom0) machine, then the system crashes. From what I've been able to find on the net, this is a problem experienced by others as well, and is a xen 3.1 problem.
I know it's an XEN problem, cuz if I boot the system with the regular kernel (no xen installed) I can do as much file access as I want with no problems at all.
My workaround this has been to do all my file access over NFS, in another VM. Of course it's slower, but it doesn't crash my system. -
jhavers You might try vmware instead of xen. Since your only using the full virtualization with the windows and pfsense guest your not taking advantage of the what xen offers over vmware. I've never had an issue running pfsense in vmware. It has been rock solid.
Keep in mind that you'll need to reboot into the non xen kernel as vmware and xen can't coexist in dom0.
-
Outsidre, to bad you experience the same. My work around is to shutdown the pfsense guest, since that is the only system that is crashing under heavy file access. Therefore I think that it has to do with the combination XEN & pfsense, since my HVM Windows XP guest and the para-virtualized guest are not crashing under heavy file access.
What i still want to try (when I have the time) is to install pfsense on its own partition instead of in a file. Mayby that makes the difference.
rsw686, I can't use vmware since I also have 3 para-virtualized Linux guests. Their performance is outstanding, little processor load (1/20 of that of a HVM) and rock solid.
-
rsw686, I can't use vmware since I also have 3 para-virtualized Linux guests. Their performance is outstanding, little processor load (1/20 of that of a HVM) and rock solid.
Gotcha. It really seems like you need two systems to have a rock stable setup. Xen excels with para virtualization and vmware excels with full virtualization. Maybe Xen will fix this issue along with the incompatibilities with Intel VT chips in the later releases.
-
Got this from the http://www.xen.org/
Welcome to the Xen 3.2 download page! This release contains architectural improvements and new user-visible features including:
* Xen Security Modules (XSM)
* ACPI S3 suspend-to-RAM support for the host system
*** Preliminary PCI pass-through support (using appropriate Intel or AMD I/O-virtualization hardware)**
* Preliminary support for a wider range of bootloaders in fully virtualized (HVM)guests, using full emulation of x86 real mode
* Faster emulation of standard (non-super) VGA modes for HVM guests
* Configurable timer modes for HVM guests, depending on how the guest OS manages time-keeping
* Many other changes and enhancements across all supported machine architecturesNow I just wait until Redhat implements Xen 3.2 in RHEL 5 and then I can give pfsense a dedicated WAN interface.
Joost
-
i have pfsense on xen 3.2 running excellent
-
I need to get PF Sense runn on XEN. I just install 5.0.0 and can't get it to install yet. How big is your image? And would you be will to let me get a copy of a working image from you.
If not how did you tweak the settings so that it will run.
RC -
I am now up and running on XEN. I have replaced my permanent firewall with a virtual server instance. It is running really well. So far everything is working really well. I have down graded from 1.2.1 to 1.2 production release.
I am getting ready to shut my virtual server down and make a backup of the instance. This will let me recover very quickly. I get the specification of my server out in the forum in the next few days. I going to setup a 1.3 instance and so I can shut my production instance down and then bring the other up for quick testing.
XEN offers a great deal of flexibility.
RC
-
;D I now am running on XEN 5.0.0. Here is the hardware that I am running on.
AMD Quad Phenom 2.5 processor
MSN-SLI motherboard
6 GB of ram
512 mb SLI video adapter
Broadcom 1 GB adapter
On board ethernet adapter
dual 100 mb Intel ethernet adapter
3 x 320 GB HD's (non raid array currently)
550 watt power supplyReplacing the following servers:
DELL SC1500
DELL SC 440
COMPAQ DL360
COMPAQ DL380It's a mix of production and test boxes. For hosting servers and devices that you will access it's great. It's working awesome.
RC