pfSense SR-IOV support on Microsoft Hyper-V
I've got a couple of customers running pfSense on Hyper-V (Microsoft Hyper-V Server 2016) - the free version.
It works great and it was very simple to get pfSense 2.4.4-p3 working, next, next, next, next, done!
Thee customers have Intel 10 Gbe cards and SR-IOV running on Hyper-V today. SR-IOV is awesome and works well, reducing host CPU utilization and speeding up networking because SR-IOV bypasses the Hyper-V virtual switch communicates directly with the network card.
A quick google search shows some people have had success with SR-IOV and FreeBSD so it must be actually possible.
Drives that I'd like to see are;
- Intel X710
- Intel X722
Are there any plans for pfSense to bake in SR-IOV support?
@nzkiwi68 I think it's Hyper-V that doesn't support SRV-IO on FreeBSD.
For my own info, what version of Hyper-V server is free?
EDIT - Huh, how about that...
That’s a really old article from Microsoft, dated 30 Aug 2017 and I’d be quite surprised if FreeBSD doesn’t have SR-IOV support. A quick google search suggests FreeBSD does work with SR-IOV and hyper-v.
As for free hyper-v...
Hyper-v free edition server 2016 or 2019, both are easily available and totally free.
@nzkiwi68 So I see now. Glad I read. Too bad my antique doesn't have SLAT.
From Intel, June '19. I think your gripe is with FreeBSD and not pfSense.
Well, that's not looking very promising!
Thanks though for your post, upvote for you!
bjd223 last edited by bjd223
What iperf speeds are you getting without SR-IOV? Can you use VMQ?
If your hardware supports it you could probably pass a NIC right through to the VM with DDA.
@bjd223 I couldn't pass the NIC through, as, I normally use 2 x 10 Gbe NIC setup with Microsoft SET (Switch Embedded Teaming) which since Server 2016 allows SR-IOV through to the NIC.
That way I am protected from a single NIC failure, and, because of SET we have double the VF (virtual function slots) for the VM to use with SR-IOV.
It's not just about speed, but, a lot lower CPU.
Consider 2 VMs on two different hosts talking to one another;
vm > virtual switch > physical NIC > across network switch > physical NIC > virtual switch > vm
vm > physical NIC > across network switch > physical NIC > vm
So there's 2 lots of CPU savings to be made, because the virtual switch is all software/CPU cycles. Sure it's efficient, but it still adds overhead and takes CPU cycles.
SR-IOV makes a lot of sense.
I notice FortiGate firewall VM have a requirement for SR-IOV for their implementation.
bjd223 last edited by
@nzkiwi68 Yes I understand the performance benefits on SR-IOV. However if it is not supported in the version of FreeBSD that pfsense is using then it will not work.
Your next best choice is VMQ and if you are lucky you will fall under tier 2 which is maximum offload for VMQ.
@bjd223 yep. Doesn't change the fact I'd still love to see SR-IOV support...
Thanks for your comments.
provels last edited by
FWIW (and worth every penny paid), here's a H-V tuning article from Altaro.
bjd223 last edited by bjd223
@nzkiwi68 If you look at the FreeBSD Wiki https://wiki.freebsd.org/HyperV which was last updated on 10/04/19, it implies that the article will be updated as new info is available, so I think that article reflects the current state of affairs.
I think the integration drivers are contributed to FreeBSD primarily by MS themselves. So I doubt the pfsense devs want to get involved upstream of the pfsense project (or can even do it to begin with since it is probably very complicated and may also need updates to Hyper-V itself).
I know that pfsense 2.5 is supposed to be based on FreeBSD 12, which if you are lucky will have updated integrations which include SR-IOV.
@bjd223 Thanks, it will be interesting to see what FreeBSD 12 brings.