Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] pfSense (2.6.0 & 22.01 ) is very slow on Hyper-V

    Scheduled Pinned Locked Moved Virtualization
    187 Posts 36 Posters 144.5k Views 34 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      PaulPrior @PaulPrior
      last edited by

      @paulprior From Windows:
      6a704438-ca12-4b3a-b5fd-0708f6efb385-image.png

      1 Reply Last reply Reply Quote 0
      • Bob.DigB Offline
        Bob.Dig LAYER 8
        last edited by

        Maybe they are different problems, I for myself had no problem with my WAN speed from the beginning.

        1 Reply Last reply Reply Quote 0
        • P Offline
          PaulPrior
          last edited by

          So, disabling RSC has restored the network speed between VMs behind the pfSense and the internet (HTTPS download speeds), but the inter-vlan SMB file copy speeds are awful. Not quite dial-up modem speeds but almost.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Neither of you using hardware pass-through?

            You both have VLANs on hn NICs directly?
            I could definitely believe it was some hardware VLAN off-load issue.

            What do you see in: sysctl hw.hn

            Steve

            Bob.DigB D P 4 Replies Last reply Reply Quote 0
            • Bob.DigB Offline
              Bob.Dig LAYER 8 @stephenw10
              last edited by Bob.Dig

              @stephenw10 said in After Upgrade inter (V)LAN communication is very slow on Hyper-V, for others WAN Speed is affected:

              sysctl hw.hn


              hw.hn.vf_xpnt_attwait: 2
              hw.hn.vf_xpnt_accbpf: 0
              hw.hn.vf_transparent: 1
              hw.hn.vfmap:
              hw.hn.vflist:
              hw.hn.tx_agg_pkts: -1
              hw.hn.tx_agg_size: -1
              hw.hn.lro_mbufq_depth: 0
              hw.hn.tx_swq_depth: 0
              hw.hn.tx_ring_cnt: 0
              hw.hn.chan_cnt: 0
              hw.hn.use_if_start: 0
              hw.hn.use_txdesc_bufring: 1
              hw.hn.tx_taskq_mode: 0
              hw.hn.tx_taskq_cnt: 1
              hw.hn.lro_entry_count: 128
              hw.hn.direct_tx_size: 128
              hw.hn.tx_chimney_size: 0
              hw.hn.tso_maxlen: 65535
              hw.hn.udpcs_fixup_mtu: 1420
              hw.hn.udpcs_fixup: 0
              hw.hn.enable_udp6cs: 1
              hw.hn.enable_udp4cs: 1
              hw.hn.trust_hostip: 1
              hw.hn.trust_hostudp: 1
              hw.hn.trust_hosttcp: 1

              Is looking the same on both "machines".

              1 Reply Last reply Reply Quote 0
              • Bob.DigB Offline
                Bob.Dig LAYER 8 @stephenw10
                last edited by Bob.Dig

                @stephenw10 I moved the Windows machine to a new vNIC and vSwitch, this time without VLAN. Problem stays, so seems not VLAN related.

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  There are two loader variables we set in Azure that you don't have:

                  hw.hn.vf_transparent="0"
                  hw.hn.use_if_start="1"
                  

                  I have no particular insight into what those do though. And that didn't change in 2.6.

                  How is your traffic between internal interfaces different to via your WAN in the new setup?

                  Steve

                  Bob.DigB 1 Reply Last reply Reply Quote 0
                  • Bob.DigB Offline
                    Bob.Dig LAYER 8 @stephenw10
                    last edited by Bob.Dig

                    @stephenw10 There is no difference at all.

                    For the last two hours I tried to test with iperf between the hosts, with the old and new pfsense, and I couldn't measure any differences... so it might be SMB specific?
                    I only see one other person having the same problem.
                    It wouldn't been the first time I had to install pfSense fresh from the get-go after a new version. Whatever my usecase is, it might be special...
                    So I guess "This is the Way".

                    D Bob.DigB 2 Replies Last reply Reply Quote 0
                    • P Offline
                      PaulPrior
                      last edited by

                      Finally had to revert back to v2.5.2, the performance is just too poor on 2.6.0 to cope with. I'll have another shot at testing 2.6.0 at the weekend.

                      Lesson learned on my part here; always take a checkpoint before upgrading the firmware.

                      On the plus side, 2.5.2 is blisteringly fast!

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        Dominixise @Bob.Dig
                        last edited by

                        @bob-dig

                        Sorry to derail your topic but I am searching google too (maybe its a NAT issue with Hyper-V)

                        Here is some links with info that might be helpful:
                        https://superuser.com/questions/1266248/hyper-v-external-network-switch-kills-my-hosts-network-performance

                        https://anandthearchitect.com/2018/01/06/windows-10-how-to-setup-nat-network-for-hyper-v-guests/

                        Dom

                        Bob.DigB 1 Reply Last reply Reply Quote 0
                        • D Offline
                          DonZalmrol @stephenw10
                          last edited by DonZalmrol

                          @stephenw10 said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                          Neither of you using hardware pass-through?

                          You both have VLANs on hn NICs directly?
                          I could definitely believe it was some hardware VLAN off-load issue.

                          What do you see in: sysctl hw.hn

                          Steve

                          1. No, disabled in PFSense:
                            ce246da9-9add-4111-b5d3-1f6f4cca2499-image.png Enabling/ disabling ALTQ seems to have no measurable impact at this moment.

                          2. No, on Hyper-V its a direct virtual hardware adapter with a VLAN assigned to it, so for PFSense the interface is just an interface, I do not use any VLANs in PFSense. This is repeated for 8 interfaces.

                          3. sysctl hw.hn output:

                          hw.hn.vf_xpnt_attwait: 2
                          hw.hn.vf_xpnt_accbpf: 0
                          hw.hn.vf_transparent: 0
                          hw.hn.vfmap:
                          hw.hn.vflist:
                          hw.hn.tx_agg_pkts: -1
                          hw.hn.tx_agg_size: -1
                          hw.hn.lro_mbufq_depth: 0
                          hw.hn.tx_swq_depth: 0
                          hw.hn.tx_ring_cnt: 0
                          hw.hn.chan_cnt: 0
                          hw.hn.use_if_start: 1
                          hw.hn.use_txdesc_bufring: 1
                          hw.hn.tx_taskq_mode: 0
                          hw.hn.tx_taskq_cnt: 1
                          hw.hn.lro_entry_count: 128
                          hw.hn.direct_tx_size: 128
                          hw.hn.tx_chimney_size: 0
                          hw.hn.tso_maxlen: 65535
                          hw.hn.udpcs_fixup_mtu: 1420
                          hw.hn.udpcs_fixup: 0
                          hw.hn.enable_udp6cs: 1
                          hw.hn.enable_udp4cs: 1
                          hw.hn.trust_hostip: 1
                          hw.hn.trust_hostudp: 1
                          hw.hn.trust_hosttcp: 1
                          

                          Some images on how the PFSense guest is set up:
                          NW Adapter
                          df7c02a5-48ce-4a1b-87c9-d53e583ecd6f-image.png

                          HW Acceleration
                          5ce85ca0-1577-42a9-9e18-57b962ce46d8-image.png

                          Advanced features 1/2
                          da4b6515-ade6-49a4-a440-cef89030afe7-image.png

                          Advanced features 2/2
                          ad746300-f64f-4ba1-8c96-bc8ac4a2731f-image.png

                          My server's physical NW adapter is teamed in LACP:
                          a87b53e8-0899-4601-83a2-84d9463439e6-image.png

                          Using a HPE 10G 2-Port 546FLR-SFP+ (FLR -> Flexible LOM (Lan On Motherboard) Rack ) card which uses a Mellanox X-3 Pro processor which is supported by FreeBSD.
                          Datasheet: https://www.hpe.com/psnow/doc/c04543737.pdf?jumpid=in_lit-psnow-getpdf

                          @RMH-0 It matches my speedtest, the test is in Mbps (megabits/s) while PFSense is in MBps (megabytes/s), this is my speedtest output:
                          188b7ed3-71d5-412f-85c6-5e5c5ef3b3e7-image.png

                          1 Reply Last reply Reply Quote 0
                          • P Offline
                            PaulPrior @stephenw10
                            last edited by

                            @stephenw10 I disabled all of the hardware offloading (and many combinations of partially on and off). The only setting that increased speed was to disable ALTQ support which doubled the throughput but since it has already become about 10-20 times slower a doubling wasn't great.
                            All of my adapters are Hyper-V virtual adapters except for the one on the WAN interface which bonds to a physical intel adapter.
                            Back on v2.5.2 now and inter-vlan performance is an order of magnitude better.

                            D 1 Reply Last reply Reply Quote 1
                            • D Offline
                              DonZalmrol @PaulPrior
                              last edited by

                              @paulprior glad to hear that, I'm going to rollback my other site (B) and keep this one on 2.6.0 for further troubleshooting.

                              1 Reply Last reply Reply Quote 0
                              • Bob.DigB Offline
                                Bob.Dig LAYER 8 @Dominixise
                                last edited by Bob.Dig

                                @dominixise said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                                Here is some links with info that might be helpful:
                                https://superuser.com/questions/1266248/hyper-v-external-network-switch-kills-my-hosts-network-performance

                                I already tried using just private vSwitches, nothing changed.

                                @stephenw10 said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                                There are two loader variables we set in Azure that you don't have:

                                I added those to "SystemAdvancedSystem Tunables" and did a reboot but it didn't changed anything.

                                I did some more iperfing, this time also the other way around, so I changed client and server and there it shows:

                                C:\>iperf2.exe -c 192.168.1.10 -p 4711 -t 60 -i 10
                                ------------------------------------------------------------
                                Client connecting to 192.168.1.10, TCP port 4711
                                TCP window size: 64.0 KByte (default)
                                ------------------------------------------------------------
                                [  1] local 192.168.183.10 port 55124 connected with 192.168.1.10 port 4711
                                [ ID] Interval       Transfer     Bandwidth
                                [  1] 0.00-10.00 sec  1.38 MBytes  1.15 Mbits/sec
                                [  1] 10.00-20.00 sec   128 KBytes   105 Kbits/sec
                                [  1] 20.00-30.00 sec   256 KBytes   210 Kbits/sec
                                [  1] 30.00-40.00 sec   256 KBytes   210 Kbits/sec
                                [  1] 40.00-50.00 sec   128 KBytes   105 Kbits/sec
                                [  1] 50.00-60.00 sec   256 KBytes   210 Kbits/sec
                                [  1] 0.00-123.86 sec  2.38 MBytes   161 Kbits/sec
                                
                                C:\>iperf2.exe -c 192.168.183.10 -p 4711 -t 60 -i 10
                                ------------------------------------------------------------
                                Client connecting to 192.168.183.10, TCP port 4711
                                TCP window size: 64.0 KByte (default)
                                ------------------------------------------------------------
                                [  1] local 192.168.1.10 port 56363 connected with 192.168.183.10 port 4711
                                [ ID] Interval       Transfer     Bandwidth
                                [  1] 0.00-10.00 sec  6.29 GBytes  5.41 Gbits/sec
                                [  1] 10.00-20.00 sec  6.28 GBytes  5.40 Gbits/sec
                                [  1] 20.00-30.00 sec  6.94 GBytes  5.97 Gbits/sec
                                [  1] 30.00-40.00 sec  6.81 GBytes  5.85 Gbits/sec
                                [  1] 40.00-50.00 sec  6.99 GBytes  6.01 Gbits/sec
                                [  1] 50.00-60.00 sec  6.94 GBytes  5.96 Gbits/sec
                                [  1] 0.00-60.00 sec  40.3 GBytes  5.77 Gbits/sec
                                

                                Only tcp is affected and it only shows when "my" machine is the server, not the other way around. It is not SMB specific and I already mentioned that connecting to socks proxy in another vlan also makes these problems.

                                1 Reply Last reply Reply Quote 0
                                • Bob.DigB Offline
                                  Bob.Dig LAYER 8
                                  last edited by Bob.Dig

                                  I made yet another test, just private switches between two VMs and the pfSense VM, no external, no physical switch involved and no VLAN.

                                  Again TCP is problematic, this time in both directions. One UDP bench for reference.

                                  C:\>iperf2.exe -c 192.168.45.100 -p 4711 -t 60 -i 10
                                  ------------------------------------------------------------
                                  Client connecting to 192.168.45.100, TCP port 4711
                                  TCP window size: 64.0 KByte (default)
                                  ------------------------------------------------------------
                                  [  1] local 192.168.44.100 port 52446 connected with 192.168.45.100 port 4711
                                  [ ID] Interval       Transfer     Bandwidth
                                  [  1] 0.00-10.00 sec   384 KBytes   315 Kbits/sec
                                  [  1] 10.00-20.00 sec   256 KBytes   210 Kbits/sec
                                  [  1] 20.00-30.00 sec   128 KBytes   105 Kbits/sec
                                  [  1] 30.00-40.00 sec   256 KBytes   210 Kbits/sec
                                  [  1] 40.00-50.00 sec   256 KBytes   210 Kbits/sec
                                  [  1] 50.00-60.00 sec   128 KBytes   105 Kbits/sec
                                  [  1] 0.00-121.14 sec  1.38 MBytes  95.2 Kbits/sec
                                  
                                  
                                  C:\>iperf2.exe -c 192.168.44.100 -p 4711 -t 60 -i 10
                                  ------------------------------------------------------------
                                  Client connecting to 192.168.44.100, TCP port 4711
                                  TCP window size: 64.0 KByte (default)
                                  ------------------------------------------------------------
                                  [  1] local 192.168.45.100 port 55314 connected with 192.168.44.100 port 4711
                                  [ ID] Interval       Transfer     Bandwidth
                                  [  1] 0.00-10.00 sec  4.00 MBytes  3.36 Mbits/sec
                                  [  1] 10.00-20.00 sec  3.88 MBytes  3.25 Mbits/sec
                                  [  1] 20.00-30.00 sec  3.88 MBytes  3.25 Mbits/sec
                                  [  1] 30.00-40.00 sec  3.88 MBytes  3.25 Mbits/sec
                                  [  1] 40.00-50.00 sec  3.88 MBytes  3.25 Mbits/sec
                                  [  1] 50.00-60.00 sec  3.88 MBytes  3.25 Mbits/sec
                                  [  1] 0.00-61.97 sec  23.5 MBytes  3.18 Mbits/sec
                                  
                                  
                                  C:\>iperf2.exe -c 192.168.44.100 -p 4712 -u -t 60 -i 10 -b 10000M
                                  ------------------------------------------------------------
                                  Client connecting to 192.168.44.100, UDP port 4712
                                  Sending 1470 byte datagrams, IPG target: 1.12 us (kalman adjust)
                                  UDP buffer size: 64.0 KByte (default)
                                  ------------------------------------------------------------
                                  [  1] local 192.168.45.100 port 62027 connected with 192.168.44.100 port 4712
                                  [ ID] Interval       Transfer     Bandwidth
                                  [  1] 0.00-10.00 sec  3.61 GBytes  3.10 Gbits/sec
                                  [  1] 10.00-20.00 sec  3.63 GBytes  3.12 Gbits/sec
                                  [  1] 20.00-30.00 sec  3.67 GBytes  3.15 Gbits/sec
                                  [  1] 30.00-40.00 sec  3.63 GBytes  3.12 Gbits/sec
                                  [  1] 40.00-50.00 sec  3.67 GBytes  3.15 Gbits/sec
                                  [  1] 50.00-60.00 sec  3.70 GBytes  3.18 Gbits/sec
                                  [  1] 0.00-60.00 sec  21.9 GBytes  3.14 Gbits/sec
                                  [  1] Sent 16009349 datagrams
                                  [  1] Server Report:
                                  [ ID] Interval       Transfer     Bandwidth        Jitter   Lost/Total Datagrams
                                  [  1] 0.00-60.00 sec  21.6 GBytes  3.09 Gbits/sec   0.915 ms 254222/16009348 (1.6%)
                                  
                                  

                                  I am kinda done. 😉

                                  D 1 Reply Last reply Reply Quote 0
                                  • D Offline
                                    DonZalmrol @Bob.Dig
                                    last edited by

                                    @bob-dig how is your Hyper-V guest set up? Similar to mine? Perhaps you need to disable VMQ and SR-IOV and test again?

                                    Bob.DigB 1 Reply Last reply Reply Quote 0
                                    • Bob.DigB Offline
                                      Bob.Dig LAYER 8 @DonZalmrol
                                      last edited by

                                      @donzalmrol Already did this, didn't helped.

                                      D 1 Reply Last reply Reply Quote 0
                                      • D Offline
                                        DonZalmrol @Bob.Dig
                                        last edited by

                                        Ran an Iperf between two 10G my host and one guest:
                                        05dc8918-9076-49af-8d5b-09388dc26e8a-image.png

                                        f19352b2-a7be-4e1a-a776-76cda71a8002-image.png

                                        Receive quite good results on both TCP and UDP.

                                        1 Reply Last reply Reply Quote 0
                                        • S SteveITS referenced this topic on
                                        • S SteveITS referenced this topic on
                                        • T Offline
                                          ttmcmurry
                                          last edited by ttmcmurry

                                          This same scenario just played out in my environment as well. I spent hours on the line with my ISP trying to figure it out and left for the night with them escalating to a higher level technician.

                                          It occurred to me after getting off the phone to search the internet for pfsense and hyper-v in the last week and it led me straight to this article. The hyper-v config changes for RSC were unnecessary for my setup (it was already $false).

                                          I just spun up a new pfSense Hyper-V VM running 2.5.2 and restored from pfSense Auto Backup using the pre-upgrade auto config save, and everything is running perfectly. There were no Windows updates, no changes to Hyper-V / I reverted the settings I changed during diagnostics.

                                          There's certainly something not right with 2.6.0. I re-learned that I need to make fewer major changes in one setting.

                                          I took the opportunity to test pfSense 2.6.0 on various versions of Windows & Hyper-V. This same behavior occurred in Server 2016 (14393.4886), Windows 10 (19044.1526), and Windows 11 (22000.493).

                                          Bob.DigB 1 Reply Last reply Reply Quote 1
                                          • Bob.DigB Offline
                                            Bob.Dig LAYER 8 @ttmcmurry
                                            last edited by Bob.Dig

                                            @ttmcmurry said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                                            I took the opportunity to test pfSense 2.6.0 on various versions of Windows & Hyper-V. This same behavior occurred in Server 2016 (14393.4886), Windows 10 (19044.1526), and Windows 11 (22000.493).

                                            That must have been some immense work on your part. What have you tried other then changing the host os?

                                            T 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.