Hyper-V integration installed with pfSense 2.0.1
-
I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.
I have tried the default time servers, and many other with no noticeable differences. Any advice?
nlitend1
Well it appears to be a weird issue/conflict with traffic shaping. Does anyone have traffic shaping (particularly HSFC) working in pfsense on hyper-v and have NTP working?
NTP syncs just fine without traffic shaping enabled.
To enable traffic shaping (as previously discussed on page 6 of this thread) you need to add "hn" to /etc/inc/interfaces.inc in order to the the interfaces to show up for traffic shaping. The single lan muli-WAN wizard completes just fine, however after the changes are applied, all new connections don't work…aka, cannot browse to any new webpages etc....I found out that specifying the bandwidth of the LAN interface (in my case 1000Mb/s) seemingly fixes that issue and allows new connections to be made. At that point status->queues shows traffic being routed correctly. However, NTP is broken at that time and NTP status is then unreach/pending. I have tried numerous external ntp servers and even setup my local server as a NTP server to test and it does not work locally either.
Any ideas? Thanks.
nlitend1
-
Try and give us more details on your HW and host, so someone with a similar setup might help (and so when developers/testers read this thread, they know what to look for).
What CPU family and model? It sounds like an octa-core. How much memory assigned to pfSense? What OS on the host? What network card? Is it teamed? What type of teaming technology (for example, Broadcom BACS/BASP, Intel ANS, or Win 2012 LBFO)? VLANs? Are you using VMQ and/or SR-IOV? Any other hardware acceleration options in use?
Just a stab in the dark. If your network card supports it, you might want to try with and w/o hardware acceleation, to see if that has an impact.
Hardware Configurations:
S.O. Windows 2012 STD
Host Hyper-v
PowerEdge 420
2. Xeon E5-2430 8.4 Ghz
98 Memory
12 Network Adapters Broadcom NetXtreme Gigabit EthernetVirtual Machine
30GB HDD
10GB Memory
3 Network Adapters Broadcom NetXtreme Gigabit Ethernet (dedicated) VMQ DisableToday I installed pfSense on physical machine, it worked perfectly. The problem is I have about 20 servers on Hyper-V, need to fix this problem, whenever I test speed and high traffic, the server shuts down by itself.
Thanks,
dcgoes -
I have been testing the release build under Hyper-V Server 2012. There have been a few issues.
First, it is randomly crashing and rebooting. The crash log reports a kernel panic due to a sleeping thread. I'm not sure what to do to fix that. If that was the only issue, I could probably live with it.
The main issue I'm having is that when it reboots due to the crash, the interfaces are switching. For example, I set WAN to hn0 (mac xx::45), LAN to hn1 (mac xx::46). When it reboots, it is changing hn0 to the interface with mac xx::46 and hn1 to the interface with mac xx::45. So I have to reassign the interfaces. Does anyone know why it would do this or how to ensure that hn0 stays with a specific virtual network interface?
The last thing I've noticed, is that if the WAN is set to hn1, when the DHCP lease is ready to renew, it only does it for hn0 regardless of how I have the interfaces assigned. The LAN interface (set to hn0) will get a DHCP lease from the local DHCP server. Yes, it is set for static IP of 192.168.1.1, but when this happens, it will change to say 192.168.1.196.
-
I have the version pfSense-LiveCD-2.1-BETA1-amd64-hyperv-kernel-20130119-0948 installed on a two 2008 R2 Datacenters and as I posted above had reboot issues with it, I was looking at the System Logs at about the time it rebooted to see if there was anything to point me in the right direction and I noticed the familiar "RRD graphs responding to fast" and thinking that the version pfSense-LiveCD-2.0.3-PRERELEASE-amd64-hyperv-kernel-20130119-0048 had no RRD graphs unless reinstalled I thought perhaps there is a connection.
So I disabled RRD graphs in each of the installs and have been running for over 24 hours without a single hiccup.
Before trying this both routers wouldn't make it an hour without rebooting.I hope this helps.
Hello,
I have exactly the same problem. My pfSense Crash, and i have to reboot the VM for pfSense work again.
I am to in 2012.
Anyone have an idea ?
Best regards
Julien -
i dont't know wether my pfsense reboots automatically after a system crash or my vm reboots, but i don't need to do anything manually when that happens.
it runs on windows server 2012.
-
I am having a horrible time with the clock on 2.1 on Hyper-V. It appears to be moving much faster than actual time. (a.k.a gains about 8 hours every day and therefore the time is getting farther and farther ahead every day. I have checked NTP service and it loads and runs. It appears to work for a few minutes after boot and then gives me the unreach/pending error under status. Restarting the service does not seem to help.
I have tried the default time servers, and many other with no noticeable differences. Any advice?
nlitend1
Well it appears to be a weird issue/conflict with traffic shaping. Does anyone have traffic shaping (particularly HSFC) working in pfsense on hyper-v and have NTP working?
NTP syncs just fine without traffic shaping enabled.
To enable traffic shaping (as previously discussed on page 6 of this thread) you need to add "hn" to /etc/inc/interfaces.inc in order to the the interfaces to show up for traffic shaping. The single lan muli-WAN wizard completes just fine, however after the changes are applied, all new connections don't work…aka, cannot browse to any new webpages etc....I found out that specifying the bandwidth of the LAN interface (in my case 1000Mb/s) seemingly fixes that issue and allows new connections to be made. At that point status->queues shows traffic being routed correctly. However, NTP is broken at that time and NTP status is then unreach/pending. I have tried numerous external ntp servers and even setup my local server as a NTP server to test and it does not work locally either.
Any ideas? Thanks.
nlitend1
Well i figured out a workaround to my issue of horrible clock timing and NTP not working. I changed the kern.timecounter.hardware=TSC to kern.timecounter.hardware=i8254 in advanced>system tuneables.
That allowed ntp to work correctly with traffic shaping. I do get the neverending calcru message in the console…but it's seemingly "harmless" to overall function.
Info was from this thread:
http://forums.freebsd.org/showthread.php?t=14924 -
i'm using kern.timecounter.hardware=TSC from ages and never get a calcru message after that.
i'm on server 2012 and pfSense 2.0.3 yet.
Yesterday i changed my ntp time server to my win server 2012 (local ip address) and the ntp message hang at boot seems that gone away.
-
i'm using kern.timecounter.hardware=TSC from ages and never get a calcru message after that.
i'm on server 2012 and pfSense 2.0.3 yet.
Yesterday i changed my ntp time server to my win server 2012 (local ip address) and the ntp message hang at boot seems that gone away.
Right. TSC does get rid of the calcru message and I was using that prior to settng up traffic shaping. However; if you want to use traffic shaping and still have an accurate clock, TSC can't be used because it essentially breaks the ntp server and the clock is never right after that.
-
Could you share your hyper-v pfSense ISO with us ?
Because I have many difficulties to correct the error and do not know what else to do
-
RE: lack of VLAN support, one workaround I've been using successfully on Hyper-V PF vm's is to simply create additional vNics in Hyper-V, tagging at the Host level. PF just sees them as separate Network Adapters, which should work just fine for your needs.
Best advice, at least in 2012 / 2012 R2 with Hyper-V is to team all the host nics, then use the HV Virtual Switch to break out vNics via powershell, especially if you need to expose them to the host.
Add-VMNetworkAdapter -VMNetworkAdapterName "eth1" -VMName "PFsense"
Set-VMNetworkAdapterVlan -VMName "PFsense" -Trunk -NativeVlanId 1 -AllowedVlanIdList 1-4094 -VMNetworkAdapterName "eth1"
Where PFsense is the name of your Virtual.To set the VLAN on the Host vNics, you'll need the -ManagementOS flag.
Set-VMNetworkAdapterVlan -ManagementOS [-Access] [-AllowedVlanIdList <string>] [-Community] [-ComputerName <string[]>] [-Isolated] [-NativeVlanId <int32>] [-Passthru] [-PrimaryVlanId <int32>] [-Promiscuous] [-SecondaryVlanId <int32>] [-SecondaryVlanIdList <string>] [-Trunk] [-Untagged] [-VlanId <int32>] [-VMNetworkAdapterName <string>] [-Confirm] [-WhatIf] [ <commonparameters>]</commonparameters></string></int32></string></int32></int32></int32></string[]></string> -
Many thanks to all for a superb product.
I have installed pfSense 2.1 Rel w/Hyper-V 20130915 pfSense-LiveCD-2.1-RELEASE-amd64-hyperv-kernel-20130915-1129.iso on Hyper-v 2012 R2 and it appears to work very well. At installation the synthetic Network Adapters are found and install with no problem.
My only question is concerning said Network Adapters which are reported as Degraded (Integration services upgrade required), is this the state of play at the moment or have I missed something/messed up?Thanks again
-
Bill, with your sucessful installation on Windows 2012 Hyper V are you seeing decent throughput?
Dale
-
Many thanks to all for a superb product.
I have installed pfSense 2.1 Rel w/Hyper-V 20130915 pfSense-LiveCD-2.1-RELEASE-amd64-hyperv-kernel-20130915-1129.iso on Hyper-v 2012 R2 and it appears to work very well. At installation the synthetic Network Adapters are found and install with no problem.
My only question is concerning said Network Adapters which are reported as Degraded (Integration services upgrade required), is this the state of play at the moment or have I missed something/messed up?Thanks again
This is normal when you install a Gen 1 VM. This even applies to Server 2012 (without R2) and Windows 8.0. With R2/8.1 Microsoft also updated the Integration tools.
-
Bill, with your sucessful installation on Windows 2012 Hyper V are you seeing decent throughput?
Dale
i've been using the 2.1 hyper-v kernel pfsense with much success in my datacenter environment for several months now
i'm using hyper-v 2012 in several failover clusters and pfsense is able to properly failover from 1 node to another as normal
i supply each VM with 3GB of VHDX and 1024MB of Memory with 2 standard NICs (not legacy)
it's great to just be able to also turn up an individual firewall instances for each customer on our gear with a different vlan for each customers internal subnet
all the features i've come to love in pfsense work perfectly, even openvpn and ipsec which are key to alot of work i do
i also do the vlan tagging at the host level in the settings for the VM
i honestly could not be happier with how well it's working, i will report back if i run into any majors issues
only thing i've noticed which many people have mentioned, is the time sync at console. which is a minor annoyance at most.
also to answer your question, i get 100MB up and 100MB down. exactly as i should.
-
I hope we'll see official pfsense for hyper-v this summer: http://blogs.technet.com/b/port25/archive/2012/05/11/freebsd-to-run-as-a-first-class-guest-on-windows-server-hyper-v.aspx
-
Bill, with your sucessful installation on Windows 2012 Hyper V are you seeing decent throughput?
Dale
Hi Dale
Sorry for the late reply. I am seeing throughput as expected and though the NICs throw up integration services warnings they seem to be working fine in terms of speed.Bill
-
Many thanks to all for a superb product.
I have installed pfSense 2.1 Rel w/Hyper-V 20130915 pfSense-LiveCD-2.1-RELEASE-amd64-hyperv-kernel-20130915-1129.iso on Hyper-v 2012 R2 and it appears to work very well. At installation the synthetic Network Adapters are found and install with no problem.
My only question is concerning said Network Adapters which are reported as Degraded (Integration services upgrade required), is this the state of play at the moment or have I missed something/messed up?Thanks again
This is normal when you install a Gen 1 VM. This even applies to Server 2012 (without R2) and Windows 8.0. With R2/8.1 Microsoft also updated the Integration tools.
Ah I see…
Saw a nice script to convert from Gen 1 to Gen 2, trouble is its just Win8/2012. http://code.msdn.microsoft.com/windowsdesktop/Convert-VMGeneration-81ddafa2
Was about to try a fresh Pfsense install as Gen 2 but I see its only for the latest and greatest MS OSs.
Don't know why I am worrying as it all works fine.Bill
-
I'm cross posting on this thread, and my own bounty thread.
I've had success getting this up and running, but as soon as any proper traffic goes across it - Crash. Every time. Then it reboots and the network cards are muddled up.
Very sadly a show stopper. I'm increasing bounty to $1000 for a fix.
Sleeping thread (tid 100036, pid 12) owns a non-sleepable lock
sched_switch() at sched_switch+0x102
mi_switch() at mi_switch+0x176
sleepq_wait() at sleepq_wait+0x42
_sx_xlock_hard() at _sx_xlock_hard+0x305
hn_start() at hn_start+0x57d
if_transmit() at if_transmit+0xea
ether_output_frame() at ether_output_frame+0x33
ether_output() at ether_output+0x50d
ip_output() at ip_output+0xda9
tcp_output() at tcp_output+0xa7d
tcp_do_segment() at tcp_do_segment+0xbbc
tcp_input() at tcp_input+0xcb8
ip_input() at ip_input+0x162
netisr_dispatch_src() at netisr_dispatch_src+0x7b
ether_demux() at ether_demux+0x169
ether_input() at ether_input+0x191
netvsc_recv() at netvsc_recv+0x202
hv_rf_on_receive() at hv_rf_on_receive+0x147
hv_nv_on_channel_callback() at hv_nv_on_channel_callback+0x38e
hv_vmbus_on_events() at hv_vmbus_on_events+0xa8
intr_event_execute_handlers() at intr_event_execute_handlers+0x104
ithread_loop() at ithread_loop+0x95
fork_exit() at fork_exit+0x11f
fork_trampoline() at fork_trampoline+0xe
–- trap 0, rip = 0, rsp = 0xffffff8000125d00, rbp = 0 ---
panic: sleeping thread
cpuid = 1
KDB: enter: panic
panic.txt0600001712274404005 7134 ustarrootwheelsleeping threadversion.txt06000022412274404005 7607 ustarrootwheelFreeBSD 8.3-RELEASE-p11 #0: Sun Sep 15 12:27:10 PDT 2013
root@fbsd83minx64.corp.itbxb.com:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 -
First, it is randomly crashing and rebooting. The crash log reports a kernel panic due to a sleeping thread. I'm not sure what to do to fix that. If that was the only issue, I could probably live with it.
The main issue I'm having is that when it reboots due to the crash, the interfaces are switching. For example, I set WAN to hn0 (mac xx::45), LAN to hn1 (mac xx::46). When it reboots, it is changing hn0 to the interface with mac xx::46 and hn1 to the interface with mac xx::45. So I have to reassign the interfaces. Does anyone know why it would do this or how to ensure that hn0 stays with a specific virtual network interface?
I have the exact same issues… Really too bad... it's unstable. Randomly reboots (once or twice a day). And if it does, it does not come up cleanly (interfaces are wrongly assigned). I can fix that by shutting it down through hyperv with the button and start it up again.. and then magically interfaces are correct again...
Panic String: sleeping thread
-
I hope we'll see official pfsense for hyper-v this summer: http://blogs.technet.com/b/port25/archive/2012/05/11/freebsd-to-run-as-a-first-class-guest-on-windows-server-hyper-v.aspx
Look at post date: 11 May 2012 11:35 AM
All working good now!
