Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
-
I'm going to re-emphasize that if the community wants an official build of pfSense for Hyper-V, all that is required is that someone who knows what they are doing get in-touch.
Because I don't really have time to learn Hyper-V, but I am interested in making this happen.
-
@gonzopancho:
I'm going to re-emphasize that if the community wants an official build of pfSense for Hyper-V, all that is required is that someone who knows what they are doing get in-touch.
You mean, like this?
BTW, I emailed a month ago to try and get access to the tools repo, but I haven't got a reply yet.
::) ::) ::) ::) ::)
-
I don't claim to be an expert, I just have enough persistence and knowledge of the different techs involved to try and dig for a way to get it working. It just takes longer (and even more patience) to figure it out.
Last week, I got the instructions on how to get into the pfsense-tools repo, but I had some issues (browser compatibility?) and I couldn't get it to work until just now. I can now get the latest version of the tools, I'll just have to reconfigure/recreate my build environment, become familiar with git and figure out how to do pull requests. Or I'll try and summarize the changes here later (it might be easier for someone with more knowledge of git to get the changes committed, they're fairly small).
In the meantime…
I've been working on the ISO-B variation (dynamic load of the modules, detect if using da or ad disk driver and set options on the new installation as appropriate). I've also been trying to get the hv_kvp service working, but there seems to be something amiss with the code itself, since I can't get it to report the IP address back to Hyper-V Manager even after I followed taliesins instructions to try and fixup a running installation or on a clean FreeBSD 8.3 installation (using the pre-compiled modules). There are some recent code changes to this functionality that are specific to FreeBSD 10 (that use APIs introduced in FreeBSD 9.x) and that make the FreeBSD 10 compiled module incompatible with the FreeBSD 8 module (in FreeBSD 10, developers seem to either be renaming the utilities module into hv_kvp or splitting out the kvp functionality), so this might take some more time to figure out (have to do some actual c programming) so we might need to leave it out of an initial Hyper-V edition (or it might have to wait for 2.2 on FreeBSD 10).
Is there an easy way to test performance other than the usual speedtest.net on the WAN which is not ideal test as that can vary a lot.
Also, is there any recommended configuration in regards to hardware acceleration, such as VMQs, offloading etc, both on the WAN (which I my case is connected to a modem) and LAN?(…) I've messed with both Hyper-V and VMWARE in both free and enterprise versions and for me Hyper-V is much better for my use which is only a small software house setup but I do use remoteFX and there is no VMWARE offering that competes identically with that. (...)
How can I confirm this within pfSense and ensure that its negotiating at 1000Mbps speeds?
To confirm stability, rather than a web benchmark, I used SCP to copy files in and out of pfSense. I attached to the VM a preallocated FAT32 disk with a couple gigs of large files (bunch of pfSense ISOs) and then used WinSCP to download the files to a server with a fast disk array. It's an easy benchmark setup to test for 1 Gbe performance (enable SSH on the console menu, use WInSCP to connect using root as the user and your web configurator password). To further stress test it, I also set it up to use an internal switch for the LAN interface to transfer files in and out on different interfaces at the same time (to get 2+ Gbe throughput, copy files into pfSense using SCP on the command line connecting to an SSH server on the "wan" interface, which was connected to my LAN, and use WinSCP from the host to copy files out of pfSense on the LAN interface connected to an internal switch).
On optimizations, in my setups, I've been enabling SR-IOV when creating the virtual switch (using Intel ET adapters teamed using Intel teaming SW). I haven't used this new version on servers running Hyper-V on 2008 R2 (enabling VMQ in the adapter settings) - better to push to upgrade the server to 2012 R2.
While VMWare is more common (it was there first) on established data centers, Hyper-V is a low cost entry point for small departmental and small branch data centers, specially when you only have Windows admins. VMWare's free ESX edition is a bit too limited, many might outgrow it quickly (so it gets expensive sooner), and Hyper-V enlightened drivers help performance (allowing for lighter VMs). It is a shame that RemoteFX HW acceleration doesn't work with Terminal Server (only with VDI Windows desktops).
update: its working when i use the 2.1.1 iso to install pfsense
received some calcru messages but now after everything is set up its working nicely.
maybe the guys who updated 2.1.1 to 2.1.2 had it working ? It seems like fresh installs of 2.1.2 do not work - at least not for me.Good to hear you got it working (hopefull we'll get an ISO out soon, so it is easier). I don't know why you had so much trouble. I did try both, adding the ko modules to a fresh 2.1.2 install and to upgrade 2.1.1 using the daily build server URL. I see some calcru messages shortly after boot, but few or none afterwards. Setting sysctl kern.timecounter.hardware=TSC doesn't seem to have an effect on my setup (other users have reported that that fixes it, it might be hardware dependent?). For my setup, Using nearby NTP servers seemed to work best to lower calcru messages.
-
I don't claim to be an expert, I just have enough persistence and knowledge of the different techs involved to try and dig for a way to get it working. It just takes longer (and even more patience) to figure it out.
First of all thanks to zootie for his work (and patience). Since there are lots of italian users of both pfSense and Hyper-V, I put together a step by step tutorial in italian to have zootie drivers loaded and running. The tutorial contains pics and descriptions. It can be useful for english speakers too, it is very "visual" and all the products snapshots are from English versions.
Just some questions, mainly for zootie:- looking at this thread, I'm not sure I can redistribute your drivers adding a mirror for them. The first place to search will always be the first post of this thread.
- are you going to publish updates to the drivers? Using 2.1.2 on Hyper-V 3 results in "drivers must be updated" (see the tutorial ending) and no IP address indication.
The tutorial is here (il tutorial in italiano è qui) http://goo.gl/oUYtN4
Thanks to all for helping pfSense to run on Hyper-V
-
First of all thanks to zootie for his work (and patience). Since there are lots of italian users of both pfSense and Hyper-V, I put together a step by step tutorial in italian to have zootie drivers loaded and running. The tutorial contains pics and descriptions. It can be useful for english speakers too, it is very "visual" and all the products snapshots are from English versions.
Just some questions, mainly for zootie:- looking at this thread, I'm not sure I can redistribute your drivers adding a mirror for them. The first place to search will always be the first post of this thread.
- are you going to publish updates to the drivers? Using 2.1.2 on Hyper-V 3 results in "drivers must be updated" (see the tutorial ending) and no IP address indication.
The tutorial is here (il tutorial in italiano è qui) http://goo.gl/oUYtN4
Thanks to all for helping pfSense to run on Hyper-V
Thanks for the guide, it was very helpful (with google translate)!
I am running 2.1.2 on Hyper-V in production as a router with a gigabit fiber connection, 8 synthetic interfaces and two IPSEC tunnels.
-
@gonzopancho:
I'm going to re-emphasize that if the community wants an official build of pfSense for Hyper-V, all that is required is that someone who knows what they are doing get in-touch.
Because I don't really have time to learn Hyper-V, but I am interested in making this happen.
I tried the 2.2-DEV-snapshots for a couple of days on Hyper-V, since BSD 10 has native Hyper-V support. Everything installs without hassle and the basic firewall functions perfectly out of the box. IPSEC doesn't work and there is zero logging done, but I suppose that's because those aren't ready in the snapshots yet?
-
Well, that's good news.
Please keep us up to date with this as the 2.2 snapshots mature.
-
Just wanted to report - seems stable, no issues and great performance for me since I last posted. I have not rebooted the VM.
Just running Ubound and OpenVPN, although have only briefly tested OpenVPN.
Thanks again Zootie!
-
I have this working across multiple hyper-v hosts with great stability, Zootie thanks a million
-
Please lay out the finished image.
-
First of all thanks to zootie for his work (and patience). Since there are lots of italian users of both pfSense and Hyper-V, I put together a step by step tutorial in italian to have zootie drivers loaded and running. The tutorial contains pics and descriptions. It can be useful for english speakers too, it is very "visual" and all the products snapshots are from English versions.
Just some questions, mainly for zootie:- looking at this thread, I'm not sure I can redistribute your drivers adding a mirror for them. The first place to search will always be the first post of this thread.
- are you going to publish updates to the drivers? Using 2.1.2 on Hyper-V 3 results in "drivers must be updated" (see the tutorial ending) and no IP address indication.
The tutorial is here (il tutorial in italiano è qui) http://goo.gl/oUYtN4
Thanks to all for helping pfSense to run on Hyper-V
Thanks for the guide, it was very helpful (with google translate)!
I am running 2.1.2 on Hyper-V in production as a router with a gigabit fiber connection, 8 synthetic interfaces and two IPSEC tunnels.
Did the same here, translated the Italian to English and then walked through it while setting up pfSense 2.1.3 under Hyper-V. Works like a charm! Connectivity speeds are lightening fast now. Have been looking for this for years. Thanks a lot to all who has made this possible! Really a shame that the pfSense crew doesn't allow for this to be downloadable. It helps many others.
-
Really a shame that the pfSense crew doesn't allow for this to be downloadable. It helps many others.
as a reminder, if it wasn't called "pfSense", it wouldn't be an issue.
We're so close to 2.2 (and the Hyper-V support is so much better in FreeBSD 10), that the strategy is to release a Hyper-V variant for 2.2.
-
@gonzopancho:
We're so close to 2.2 (and the Hyper-V support is so much better in FreeBSD 10), that the strategy is to release a Hyper-V variant for 2.2.
Awesome, good to hear! Can't wait. pfSense rocks :)
-
hi gonzopancho, hi all
i am new in this forum and we're thinking about using pfsense in our company. we would like to use it in a hyper-v vm on a win8.1 embedded machine.
@gonzopancho:
We're so close to 2.2 (and the Hyper-V support is so much better in FreeBSD 10), that the strategy is to release a Hyper-V variant for 2.2.
"so close" sounds nice :) any timelines on the progress of version 2.2? is the strategy still valid to release also a hyper-v variant?
i appreciate any information on it, thanks!!cheers, fele
-
hi gonzopancho, hi all
i am new in this forum and we're thinking about using pfsense in our company. we would like to use it in a hyper-v vm on a win8.1 embedded machine.
@gonzopancho:
We're so close to 2.2 (and the Hyper-V support is so much better in FreeBSD 10), that the strategy is to release a Hyper-V variant for 2.2.
"so close" sounds nice :) any timelines on the progress of version 2.2? is the strategy still valid to release also a hyper-v variant?
i appreciate any information on it, thanks!!cheers, fele
Don't hold your breath that 2.2 will fix this. I tested with one of the beta builds and could not get it to even boot reliably. I don't sense that pfsense folks really give a damn about hyper-v. Truth is visualization is quickly becoming the preeminent platform for infrastructure. Hyper-V is a very nice product with a premium feature set and is offered both for free as a stand alone product or bundled and neatly integrated with nearly all current desktop and server operating systems from Microsoft. Hyper-V is a major player that should not be ignored.
-
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
-
hi cmb
thanks for your comments!
as we need an official version (no BETA), are you able to give any thoughts about timelines? when will there be a first official release? end of Q3? end of this year?thanks, felix
-
As always, it'll be released when it's ready.
-
@cmb:
I've heard from several people who had no luck with 2.1.x versions that 2.2 is working fine for them in HyperV. There is also more we'll be doing there to get all the integration components working nicely.
Virtualization is among our most common usage scenarios. We spend a good deal of time ensuring such environments work well. For Hyper-V, that wasn't practical before Microsoft worked with NetApp, Citrix and others on FreeBSD support in Hyper-V. That started in 2012, and wasn't included until FreeBSD 10 (released this year).
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
My apologies, I was far too rash and unfair, my impatience lead to frustration and venting. Pfsense did install and with some coaxing I did get it to run; the stability issues where probably due to it being an alpha build. I am sad to see a working revision of 2.1 be pulled from circulation when you could just as easily endorsed it as your own, I'm sure its originator would have donated it freely. Doing so would have satisfied trademark concerns.
-
@cmb:
It's not that we "don't give a damn about hyper-v", it's that Microsoft waited a long time before they gave a damn about FreeBSD.
VMware has always supported FreeBSD, and we've been widely used in VMware from day one. Now that Microsoft has caught up (over a decade later), we'll get to Hyper-V as well.
I think there are reasons on both sides. Microsoft concentrated on Windows (of course), then for the "exotic" systems integrated Linux and only then BSD. Now it's a very fast growing hypervisor, being integrated in all Windows versions, so for a Virtual-aware project it just can't be ignored.
I think there are at least two levels of support:- just wait for FreeBSD project progress
- spend time and money and prepare some modules that will integrate on boot in the current version.
I vote for the second one :), once created the first setup like in my tutorial, it should be easy to auto-configure it in pfSense.