Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] pfSense (2.6.0 & 22.01 ) is very slow on Hyper-V

    Scheduled Pinned Locked Moved Virtualization
    187 Posts 36 Posters 144.4k Views 34 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      DonZalmrol @Bob.Dig
      last edited by

      @bob-dig how is your Hyper-V guest set up? Similar to mine? Perhaps you need to disable VMQ and SR-IOV and test again?

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB Offline
        Bob.Dig LAYER 8 @DonZalmrol
        last edited by

        @donzalmrol Already did this, didn't helped.

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          DonZalmrol @Bob.Dig
          last edited by

          Ran an Iperf between two 10G my host and one guest:
          05dc8918-9076-49af-8d5b-09388dc26e8a-image.png

          f19352b2-a7be-4e1a-a776-76cda71a8002-image.png

          Receive quite good results on both TCP and UDP.

          1 Reply Last reply Reply Quote 0
          • S SteveITS referenced this topic on
          • S SteveITS referenced this topic on
          • T Offline
            ttmcmurry
            last edited by ttmcmurry

            This same scenario just played out in my environment as well. I spent hours on the line with my ISP trying to figure it out and left for the night with them escalating to a higher level technician.

            It occurred to me after getting off the phone to search the internet for pfsense and hyper-v in the last week and it led me straight to this article. The hyper-v config changes for RSC were unnecessary for my setup (it was already $false).

            I just spun up a new pfSense Hyper-V VM running 2.5.2 and restored from pfSense Auto Backup using the pre-upgrade auto config save, and everything is running perfectly. There were no Windows updates, no changes to Hyper-V / I reverted the settings I changed during diagnostics.

            There's certainly something not right with 2.6.0. I re-learned that I need to make fewer major changes in one setting.

            I took the opportunity to test pfSense 2.6.0 on various versions of Windows & Hyper-V. This same behavior occurred in Server 2016 (14393.4886), Windows 10 (19044.1526), and Windows 11 (22000.493).

            Bob.DigB 1 Reply Last reply Reply Quote 1
            • Bob.DigB Offline
              Bob.Dig LAYER 8 @ttmcmurry
              last edited by Bob.Dig

              @ttmcmurry said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

              I took the opportunity to test pfSense 2.6.0 on various versions of Windows & Hyper-V. This same behavior occurred in Server 2016 (14393.4886), Windows 10 (19044.1526), and Windows 11 (22000.493).

              That must have been some immense work on your part. What have you tried other then changing the host os?

              T 1 Reply Last reply Reply Quote 0
              • T Offline
                ttmcmurry @Bob.Dig
                last edited by ttmcmurry

                @bob-dig it didn't take that much time :) pfSense installs & configures fast! I grabbed two laptops, stuck some extra USB NICs on them, then probably spent 15 minutes on each installation to reproduce the issue. The ease of reproducing the issue across various hardware and Windows versions does speak to the consistency of the pfSense software; even though it has this undesirable problem, at least it's consistent and reproducible. Theoretically making finding the root cause easier.

                Other things I tried

                • Reboots ๐Ÿ˜Š (Gateway, Switch, Host, VM)
                • On the same day I upgraded to 2.6, my ATT Gateway also got a firmware release. I jumped to conclusions & laid blame upon ATT and pursued them for a fix that was never to come.
                • Examined Hyper-V vSwitch settings to ensure they were configured appropriately, bound to the correct physical uplinks (no changes made)
                • Examined HV VM vNIC settings to ensure nothing has changed; set to pfSense recommendations (no changes made)
                • Double checked my switching for loops/STP, logs, errors, unexpected BPDUs from someone adding a switch somewhere I didn't know about
                • Interfaced with the ATT Gateway directly with laptop to test performance (this led to isolating Hyper-V as the problem)
                • Upgraded Intel I350-T4 drivers & PROset to 27.0 (2022/02/09) which didn't fix or make anything worse.
                1 Reply Last reply Reply Quote 1
                • stephenw10S Online
                  stephenw10 Netgate Administrator
                  last edited by

                  And you are also seeing it specifically between VLANs on hn(4) NICs?

                  T 1 Reply Last reply Reply Quote 0
                  • T Offline
                    ttmcmurry @stephenw10
                    last edited by ttmcmurry

                    @stephenw10 Good day! In the pfSense VM, the interfaces are not associated with VLANs and there are no VLANs defined. From pfSense's perspective, it is working with native hn(x) interfaces.

                    78778e0e-8bbb-44e7-9f6b-a3325719462d-image.png

                    Hyper-V's vSwitches are all untagged. All VM vNICs in HV are untagged.

                    40543a5e-88cc-42b9-885e-cd0ce32c7a8f-image.png

                    b2aff1e9-a2cc-47cc-8c9e-398173181f57-image.png

                    VLANs exist past the physical uplinks in the Physical Switch.

                    1 Reply Last reply Reply Quote 0
                    • werterW Offline
                      werter
                      last edited by

                      Decision: do not use hyper-v as virtualization platform ))
                      Better try Proxmox VE (open source)

                      E 1 Reply Last reply Reply Quote 0
                      • Bob.DigB Offline
                        Bob.Dig LAYER 8 @Bob.Dig
                        last edited by Bob.Dig

                        @bob-dig said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                        It wouldn't been the first time I had to install pfSense fresh from the get-go after a new version. Whatever my usecase is, it might be special...
                        So I guess "This is the Way".

                        Wasn't the way, creating a fresh pfSense-CE-2.6.0 sadly changed nothing. ๐Ÿ˜ž

                        If of interest:
                        Capture.PNG

                        T 1 Reply Last reply Reply Quote 0
                        • T Offline
                          ttmcmurry @Bob.Dig
                          last edited by

                          @bob-dig yep. Thx for validating. 2.5.2 is fine, use that till they resolve the issue. ๐Ÿ˜

                          Bob.DigB 1 Reply Last reply Reply Quote 0
                          • Bob.DigB Offline
                            Bob.Dig LAYER 8 @ttmcmurry
                            last edited by Bob.Dig

                            @ttmcmurry said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                            2.5.2 is fine, use that till they resolve the issue.

                            If netgate does, they seem to care only for azure and we all know since the exchange debacle, that the MS Cloud is not the same as MS's server products... So my hopes are rather low on this. Might have to try with DDA once again.

                            D 1 Reply Last reply Reply Quote 0
                            • D Offline
                              DD @Bob.Dig
                              last edited by

                              @bob-dig Or we switch to OPNsense which is working ok on the same system where pfSense is not working ok. ๐Ÿ™„

                              Bob.DigB 1 Reply Last reply Reply Quote 0
                              • Bob.DigB Offline
                                Bob.Dig LAYER 8 @DD
                                last edited by

                                @dd I couldn't even install OPNsense on hyper-v not long ago, you had to do a trick, and those guys want to use the normal FreeBSD too.
                                I am stuck, if DDA is not going to work. I have hard time to change my firewall Distro but even more changing my Homserver OS... ๐Ÿ˜ฉ

                                D 1 Reply Last reply Reply Quote 0
                                • D Offline
                                  DD @Bob.Dig
                                  last edited by

                                  @bob-dig They have new version 22.1 which is based on FreeBSD 13 and it's working ok. I have tried it. I think that problem with pfSense 2.6 is because it's based on FreeBSD 12.3. Same problem is with pfSense 2.7.0-DEVELOPMENT which is on FreeBSD 12.3 too. I think, fix will not be available for longer time but they must something to do because now is not pfSense 2.6 (and Plus) useable on Hyper-V.

                                  johnpozJ Bob.DigB 3 Replies Last reply Reply Quote 1
                                  • johnpozJ Offline
                                    johnpoz LAYER 8 Global Moderator @DD
                                    last edited by

                                    @dd said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                                    They have new version 22.1 which is based on FreeBSD 13 and it's working ok.

                                    Huh? 22.01 is using 12.3 same as 2.6

                                    versions.jpg

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                    D 1 Reply Last reply Reply Quote 0
                                    • D Offline
                                      DD @johnpoz
                                      last edited by

                                      @johnpoz We talked about OPNsense.

                                      1 Reply Last reply Reply Quote 1
                                      • Bob.DigB Offline
                                        Bob.Dig LAYER 8 @DD
                                        last edited by Bob.Dig

                                        @dd said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                                        because now is not pfSense 2.6 (and Plus) useable on Hyper-V.

                                        Thanks for your heads-up regarding OPNsense and FreeBSD Version. But there are many people using the newest pfSense on hyper-v, they resolved their problems it seems, although I don't know what they are exactly doing with it. If you only use it as a firewall and not as a router, that would still work here too or lets say for me at least, your WAN-Speed was and is also affected.

                                        So why is it so different, really making no sense to me.

                                        @dd said in After Upgrade inter (V)LAN communication is very slow (on Hyper-V).:

                                        but they must something to do

                                        I don't think so, we are not paying them and hyper-v isn't used much anyway, so... no.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S Online
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Are you able to test FreeBSD 12.3 in a similar config?

                                          Bob.DigB 1 Reply Last reply Reply Quote 0
                                          • Bob.DigB Offline
                                            Bob.Dig LAYER 8 @stephenw10
                                            last edited by

                                            @stephenw10 I can't. Is in the current release this already patched? I can't tell for sure, would be helpful to know.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.