Latest PFsense for hyper-V?
-
Which part does?
-
not using the "Legacy" drivers.
-
Have issues getting it to run without the legacy drivers?
I had to do the install of the snapshots 3 times to get it to work. Haven't bothered updating to the latest snapshot in the worry it won't work anymore.
Running for weeks without a hiccup.
-
FWIW I've had 2.2 running on Hyper-V 2012 R2 for the past week and a half at home with nary a hiccup. Works beautifully. No perceptible CPU usage even under full load at night with everyone watching Netflix or gaming. Mix of Realtek and Intel NICs. Granted host is a 3770k, but still, I don't think I've seen CPU usage > 10%.
-
FWIW I've had 2.2 running on Hyper-V 2012 R2 for the past week and a half at home with nary a hiccup. Works beautifully. No perceptible CPU usage even under full load at night with everyone watching Netflix or gaming. Mix of Realtek and Intel NICs. Granted host is a 3770k, but still, I don't think I've seen CPU usage > 10%.
I concur with all of this. Huge decrease in CPU usage since switching from the legacy drivers. Performance gains are significant
-
Just to add another me too post, I just upgraded from the 2.1 based install, my host is still 2008 R2 and was running leagcy adapters (obviously). Having just got 100Mb fibre installed I was finding the VM could only actually do about 90Mb because of the legacy adapters and their "limit" of 100Mb.
Switched over to 2.2 by doing a clean install and importing the config and then just disconnected the old VM and connected the new and away everything went. I now get a solid 100Mb down :)
-
I concur with all of this. Huge decrease in CPU usage since switching from the legacy drivers. Performance gains are significant
An update - I ditched the realtek NICs and threw in a couple Intels, now the CPU usage is nothing - literally. Rock solid wireline performance and I never see a load on it even with two VPN tunnels and kids hammering Netflix :).
Hypervisor is Hyper-V 2012R2 on Server 2012 R2. I'm not necessarily a fan of the Hypervisor but pfSense is rock solid on it. I've got nothing but praise at this point for the setup.
-
Horray for compatibility in hyper-v!
-
Same as here. Works good.
-
I've been using pfSense in hyper-v 2012 r2 for over 6 months.
The 'degraded' status can be more or less ignored, it just means it isn't reading the data about it from the OS, doesn't mean performance is actually degraded.
Performance is awesome overall, I'm going to be setting it up as my primary router for Google Fiber once I get that installed. I'll be trying to see if I can set it up with CARP as well.
The only real issue I run into occasionally is with traffic actually flowing through the WAN after a reboot\update. I often need to power off the VM entirely and then power it back on for my interfaces to work again.
-
I'll be trying to see if I can set it up with CARP as well.
edit: scratch that, CARP now works with Hyper-V, see my later post in this thread.
The only real issue I run into occasionally is with traffic actually flowing through the WAN after a reboot\update. I often need to power off the VM entirely and then power it back on for my interfaces to work again.
I'm guessing that's due to a timing issue we've seen on some reboots on our own systems and some others'. The clock runs backwards and/or is otherwise messed up in that circumstance but only during boot and maybe a couple minutes after. I haven't had a chance to dig too far into that one, on our systems it doesn't seem to have any negative impact beyond log noise from the "runtime went backwards". I've heard from at least one other person who needs to do the same power off/on at times after that timing issue occurs. I'll be looking at that further post-2.2 release as well.
-
I've heard from at least one other person who needs to do the same power off/on at times after that timing issue occurs. I'll be looking at that further post-2.2 release as well.
Ah, yes I do regularly get the runtime \ clock went backwards message. I figure it's due to the way that cpu cycles are handed out to each VM and how the VM itself keeps time or possibly also due to the VM Host overriding the VM time. I don't usually see issues associated with it, though.
To be honest I haven't fully validated that I'm still getting the interface issue in the latest releases. I got into the habit of doing a full shutdown & startup after each update, so I'll have to try it again normally next time I update to see if the issue recurs.
-
@cmb:
I'll be trying to see if I can set it up with CARP as well.
There's an issue in the network driver that prevents CARP from working currently, but that is something we'll be working with Microsoft to address post-2.2 release.
Microsoft has patched the issue, and we're looking at folding it into pfSense version 2.2
-
I can confirm that CARP is fully functional in Hyper-V with the most recent 2.2 snapshot available! Thanks to the folks at Microsoft for fixing it and getting us the patch. Those who'd like to use CARP in Hyper-V, check out the most recent 2.2 from snapshots.pfsense.org and let us know your experiences.
-
Is anyone up and running on Gen 2 VM's with 2.2 and non legacy drivers?
-
It seems as if freeBSD with Generation 2 VMs are not fully supported:
https://technet.microsoft.com/en-us/library/dn848318.aspxBut it could work if you disable secure boot option:
https://technet.microsoft.com/en-us/library/dn282285.aspxHere's a list of Best practices for running FreeBSD on Hyper-V:
https://technet.microsoft.com/en-us/library/dn848317.aspxP.S. Have to admit that I didn't implement any of those recommended practices :-o
Cheers,
Thomas -
No, pfsense won't even boot off the ISO under a Generation 2 setup–even if you disable secure boot. The pfsense ISO would would require GPT/EFI partition or be converted to GPT/UEFI to boot... You'll get an error message: "Boot Failed. EFI SCSI Device" ... Confirmed.
-
Is anyone up and running on Gen 2 VM's with 2.2 and non legacy drivers?
Gen 2 wouldn't really give you any advantages for pfSense even if it would install (which it won't). The big advantage is Synthetic network drivers, which 2.2 now supports. Install at as a Gen 1 with synthetic drivers (No more legacy drivers required) and be happy :)
-
Looks like Hyper-V and pfSense just won't get along…
My test setup looks like this:
• Host OS: Windows 8.1 Enterprise with Hyper-V up and running (essentially the same as Windows Server 2012 R2)
• Physical networking: WiFi - Broadcom (ven-14e4, dev-4359), Ethernet - Broadcom (ven-14e1, dev-16b5)
• Virtual networking: 1x External (tied to WiFi-adapter, impossible otherwise), 2x Private (different subnets)
• VM with 3 NICs: 1x WAN (to External), 2x LAN (to each of Privates) (tested both legacy and regular ones in different setups)
• Latest pfSense (2.2.0 Release x64)Every WAN-assigned NIC, regardless of generation, fails to interact with the rest of the external network (no DHCP interaction). The regular one seems to start working as intended somehow after I reboot the host OS (which itself is strange enough), but after some time, regardless of WAN load, all traffic going through WAN vNIC is just silently blocked until I down-up-dhclient said NIC (rinse-and-repeat every 2~5 minutes); legacy vNIC refuses even to get IP address. Once I reassign WAN vNIC to Ethernet adapter though, it suddenly starts working flawlessly. =\ As of private vNICs, they work as intended, no problems detected there (for now).
To sum it up:
• Hyper-V: WAN vNIC (hn0; regular) connected to physical WiFi adapter = no internet, and even if there is somehow, then it won't last long anyway (down-up-dhclient every now and then)
• Hyper-V: WAN vNIC (hn0; regular) connected to physical Ethernet adapter = all ok
• Hyper-V: WAN vNIC (de0; legacy) connected to physical WiFi adapter = no external access AT ALL
• Hyper-V: WAN vNIC (de0; legacy) connected to physical Ethernet adapter = all ok (supposedly; didn't test because regular one worked as intended)
• VMware: everything works out of the box no matter which physical adapter I connect pfSense's WAN vNIC to (duh)Kinda makes me want to give up trying and just scrap Hyper-V.
-
I can report that the 2.2 releases, both Beta and Release, work fine with Hyper-V, and with CARP.
6 Pf's on different hosts/clusters & I have a CARP array doing OpenVPN Site-to-Sites to other PF's, works fine.
Only thing you need to do i've found is:
Use a Gen1 VM.
Set the disk to be fixed size.
Enable MAC Spoofing on the NICs that will have CARP addresses.
Disable dynamic memory.