Hyper-V performance issues



  • Hi all,

    So I've been through my share of troubles with Hyper-V and pfSense before and now am legitimately stuck.

    We have a Dell R720 with a few light VM's and a pfSense instance. This server previously was a ESXi host where pfSense performed fine.
    ISP: Pilot (NYC) 1gig symmetrical

    pfSense is set up in front of a Layer 3 switch which is defining the subnets. Traffic forwards to pfSense and all works well.
    Performance is the only issue.
    pfSense is given 4vCPU, 4GB RAM and has 3 NIC's assigned. Two for WAN VLAN's for both ISPs and one for the LAN to the L3 switch.
    We get around 300/400 on the pfSense box. Where on ESXi we used to clear 900/900.
    We had the Broadcom 5720 NIC's in the 720. Just gutted them and switched to an Intel I-350 daughter board. Still no change.
    I've tried dedicated NIC's to pfSense and just LAGG'ing all four NIC's together and telling pfSense what to do.

    Still can't get the speeds any higher. Direct connection to pilot works fine and hyper-v on a workstation connected directly to the WAN works fine as well. Which basically narrows it down.

    At this point I'm out of options except admitting defeat that Hyper-V just can't perform with pfSense. Any other options here? Has anyone truly maxed out a 1gig link with pfSense on HyperV?



  • I have pfSense installed as VM on Hyper-V Server 2016. One WAN and two LAN segments on Intel i-350 quad port card. One LAN segment is connected to one Gb switch and another LAN segment to MoCa 2.0 - coax cable - MoCa 2.0 - Gb switch. There are only 4-5 firewall rules between two LAN segments and I can get maximum speed that MoCa 2.0 adapter allows (about 920 mb/s both ways) between them.

    I have only 2 virtual CPUs assigned to pfSense from Xeon E3-1231V3. I'm not running many add-ons, and nothing that would have high impact on throughput performance, like Squid or Snort.



  • Did you try things like SRV-IO or tweaking the NICs parameters in Hyper-V? That should make some difference.

    Also, does your CPU go to 100% for at least one of the assigned cores?

    The NIC features are supposed to offload work form the CPUs, especially the Intel ones should support this.



  • Been through all those suggestions but I appreciate the responses. I currently have 4 cores assigned, none seem to pin even under heavy load. The I350 nic settings I've left at their defaults. With the Broadcom's I had VMQ's disabled. The IPSec offload is enabled on the virtual NIC's. I'm starting to think that some how the Layer3 configuration is playing a role in the issue. I'm going to do a bit more research and follow up.