Pfsense with XEN
- 
 Since I've had no problems with Xen yet, I can tell you my exact configuration: 
 Mobo: Asus M2N-E
 CPU: Athlon64 X2 4000+The on-board nic, sound card, usb, and SATA controler were detected by SuSE10.3 with no issues (SuSE 10.1 and 10.2 also detected everything with no problems) 
 There were no issues with detecting ANY of the hardware in dom0 setup.
 The Mobo is using the nForce chipset, which is well supported in linux, which I persume is why everything worked out of the box.hope that helps. Hi all, 
 …
 From this tread I make up that Intel is not the right hardware voor a XEN server. I still have a change to cancel or change my order. Can anyone who got pfsense running in a guest domain tell me their hardware configuration. The components I am interesting in are mainly the motherboard and CPU. Moreover I like to know if the onboard SATA controller, graphics card and nic where recognized by Linux.Hope to hear from you, I like to have a good XEN server with a cool firewall for the comming 3 years. 
 Joost.
- 
 Hi I a running Xen 3.1 on Debian Etch. 
 3GB Ram, AMD Athlon64 X2 BE-2350 EE; MSI K9AG Neo2-Digital RS690G
 There reason why I am running only 3Gb of Ram is because there are some Problems with the 690Chipset an 64Bit Addressing. Therefore I have chosen the safe path.
 I could install Pfsense in HVM without any Problems.Regarding the 3Network Interfaces, seems that I had some old INfos. 
 Thanks for the updated Information!
- 
 Hi, thanks for the reactions. I just removed the Intel hardware from my order and replaced it by the following AMD hardware: 
 Asus Moederbord M2N-SLI Deluxe
 AMD Athlon 64 X2 5200+ 65 Watt
 Asus VGA GeForce EN7200GS/HTD 128 MBIts a slower configuration (with less headroom to expand) than the Intel hardware, but since virtualisation has to work with Linux, FreeBSD and Windows guests I see no other way. I will report back on my findings when I get everything… Regards, Joost. 
- 
 One short comment on your hardware: If you are going for a pure server, remove the video card and take on-board. It doesn't give any performance hit and saves money on purchase and on your power bill (arround 20+ Watts for those cards). 
 Its the reason I selected a G33 chipset, but I'm a little disapointed with getting FreeBSD on Xen running.
- 
 Joris, thanks for your comment. I really would like to have onboard video, because I don't care for fancy graphics. But the problem is that the Nvidia nforce 570 SLI MCP chipset works well with AMD and Linux, but doesn't have onboard video. If you have another suggestion for an AMD and Linux compatible chipset, I really like to know. I didn't know a simple videocard like that consumes 20W. Regards, Joost. 
- 
 It seems grub only allows chainloading the FreeBSD, so it seems BTX is the only way to go. So choose AMD if you desire to run FreeBSD on top of Xen. @Joost: If your from Holland (name suggests that), look at www.alternate.nl. Their site is very good and makes it quite easy to find an board that suits you needs. But maybe you don't get the peripherals & chipset you desire as a nice single package. If you look for power consumption, toms hardware includes this in their benchmarks. 
- 
 I think most if not all nforce chipsets work well with linux, since nvidia is quite supportive of the linux movement, and they even provide their own nforce driver. 
 Anyway, as for a 20W video card, why don't you look at getting an old PCI video card. Some 2D card like a Mtrox millenium or something like that… Those things couldn't have sucked up very much power.
 Just a thought.Joris, thanks for your comment. I really would like to have onboard video, because I don't care for fancy graphics. But the problem is that the Nvidia nforce 570 SLI MCP chipset works well with AMD and Linux, but doesn't have onboard video. If you have another suggestion for an AMD and Linux compatible chipset, I really like to know. I didn't know a simple videocard like that consumes 20W. Regards, Joost. 
- 
 Hi all, Last week I got the harware for my new server: 
 Asus Moederbord M2N-SLI Deluxe
 AMD Athlon 64 X2 5200+ 65 Watt
 Asus VGA GeForce EN7200GS/HTD 128 MB
 Samsung Spinpoint F1 750 GB (RAID 1)CentOS 5 installed without problems and everything was detected. The write performance on the motherboard/drives is good also (85 MB/s average during mirror rebuild). The only thing is that the power consumption during installation was a nice 80W, but after reboot it constantly stays on 110W. I think it is the XEN kernel that does not allow for frequency scaling. And about the video card's power consumption that isn't to bad either, less than 9W. But what is really inportant to this thread: pfsense work on this configuration as an HVM guest!!! I just asked the core team to add a howto about Xen and pfsense to their site. When that is possible I will write down the steps to make pfsense working on your (RHEL/CentOS) machine. In the mean time I will play around with the guest and try to get it configured properly. Another thing I have to look after is the stability of the pfsense guest. I already ran into an unresponsive pfsense guest twice. But this is not reproducible, and the last 2 days there were no problems. If anybody else has experience with pfsense & XEN stability I really like to know. I will report back when the howto is ready or when I find out more about the stability (the later takes a while :)). Regards, 
 Joost.
- 
 As of this past weekend, I am now using pfSense as my main router running in a HVM machine. 
 I bought a 4 port NIC, and after a bit of setup (to get the hardware nics assigned as virtual nics for all VM machines to see) all is running smoothly.
 I just have to learn how to use pfSense now.I was debating about how I should set the LAN side of things. My two options are: - Use the internal bridged interface (which connects all the VM's together) as the LAN port
- Use one of the ports on the 4nic card as a LAN, and connect that to my switch, to which the server (and all the VMs) are hooked up to through.
 I decided to use the spare nic port as the LAN, since I had the option. 
 I don't know if this was the best choice.Any thoughts? 
- 
 Hi all, After a lot of stability problems, I finally got it right by creating a completely new XEN configuration file. The only thing that the pfsense HVM guest can't handle is when I start copying large (>2GB) files on the host system. Then the guest crashes and I have to destroy it before I can start it again. The weird thing is that my Windows XP HVM guest can handle this and is always stable just like the para-virtuelized guests. Outsidre, the best option is to delegate the WAN interface to the pfsense guest alone. This way the WAN interface only connects pfsense to the WAN. HOWEVER, right now this can only be done for para-virtualized guests (so we have to wait for HVM support and use a bridge for now). 
 For your LAN interface you can use a bridge. This way you can also connect the other guests on the pfsense host to the LAN. In addition you can (physically) attach a switch and other computers.
 I also have a few questions for you. Which OS is installed on your XEN host? Do you also have problems copying large files?Regards, 
 Joost.
- 
 I also have a few questions for you. Which OS is installed on your XEN host? Do you also have problems copying large files? The dom0 is OpenSuse 10.3. 
 The guests are: pfSense (HVM), FreeNAS (HVM), and 2 openSuSE10.3 (para) installs. I have XP installed as an HVM, but don't use it much.I have had some problems similar to what you describe. If I do heavy file access + CPU access on the host (dom0) machine, then the system crashes. From what I've been able to find on the net, this is a problem experienced by others as well, and is a xen 3.1 problem. 
 I know it's an XEN problem, cuz if I boot the system with the regular kernel (no xen installed) I can do as much file access as I want with no problems at all.
 My workaround this has been to do all my file access over NFS, in another VM. Of course it's slower, but it doesn't crash my system.
- 
 jhavers You might try vmware instead of xen. Since your only using the full virtualization with the windows and pfsense guest your not taking advantage of the what xen offers over vmware. I've never had an issue running pfsense in vmware. It has been rock solid. Keep in mind that you'll need to reboot into the non xen kernel as vmware and xen can't coexist in dom0. 
- 
 Outsidre, to bad you experience the same. My work around is to shutdown the pfsense guest, since that is the only system that is crashing under heavy file access. Therefore I think that it has to do with the combination XEN & pfsense, since my HVM Windows XP guest and the para-virtualized guest are not crashing under heavy file access. What i still want to try (when I have the time) is to install pfsense on its own partition instead of in a file. Mayby that makes the difference. rsw686, I can't use vmware since I also have 3 para-virtualized Linux guests. Their performance is outstanding, little processor load (1/20 of that of a HVM) and rock solid. 
- 
 rsw686, I can't use vmware since I also have 3 para-virtualized Linux guests. Their performance is outstanding, little processor load (1/20 of that of a HVM) and rock solid. Gotcha. It really seems like you need two systems to have a rock stable setup. Xen excels with para virtualization and vmware excels with full virtualization. Maybe Xen will fix this issue along with the incompatibilities with Intel VT chips in the later releases. 
- 
 Got this from the http://www.xen.org/ Welcome to the Xen 3.2 download page! This release contains architectural improvements and new user-visible features including: 
 * Xen Security Modules (XSM)
 * ACPI S3 suspend-to-RAM support for the host system
 *** Preliminary PCI pass-through support (using appropriate Intel or AMD I/O-virtualization hardware)**
 * Preliminary support for a wider range of bootloaders in fully virtualized (HVM)guests, using full emulation of x86 real mode
 * Faster emulation of standard (non-super) VGA modes for HVM guests
 * Configurable timer modes for HVM guests, depending on how the guest OS manages time-keeping
 * Many other changes and enhancements across all supported machine architecturesNow I just wait until Redhat implements Xen 3.2 in RHEL 5 and then I can give pfsense a dedicated WAN interface. Joost 
- 
 i have pfsense on xen 3.2 running excellent 
- 
 I need to get PF Sense runn on XEN. I just install 5.0.0 and can't get it to install yet. How big is your image? And would you be will to let me get a copy of a working image from you. If not how did you tweak the settings so that it will run. 
 RC
- 
 I am now up and running on XEN. I have replaced my permanent firewall with a virtual server instance. It is running really well. So far everything is working really well. I have down graded from 1.2.1 to 1.2 production release. I am getting ready to shut my virtual server down and make a backup of the instance. This will let me recover very quickly. I get the specification of my server out in the forum in the next few days. I going to setup a 1.3 instance and so I can shut my production instance down and then bring the other up for quick testing. XEN offers a great deal of flexibility. RC 
- 
 ;D I now am running on XEN 5.0.0. Here is the hardware that I am running on. AMD Quad Phenom 2.5 processor 
 MSN-SLI motherboard
 6 GB of ram
 512 mb SLI video adapter
 Broadcom 1 GB adapter
 On board ethernet adapter
 dual 100 mb Intel ethernet adapter
 3 x 320 GB HD's (non raid array currently)
 550 watt power supplyReplacing the following servers: 
 DELL SC1500
 DELL SC 440
 COMPAQ DL360
 COMPAQ DL380It's a mix of production and test boxes. For hosting servers and devices that you will access it's great. It's working awesome. 
 RC