Backups of pfSense VM

  • Hi, when running pfSense under HyperV and you backup the host, it puts pfSense into a save state where it stops routing traffic for around 2 minutes while the filesystem does a VSS snapshot. This occurs even if the VM is not selected for backup, for some reason.

    Is there any way to avoid this when backing up the entire VM HD file? It is obviously not suited for production use while this is the case.

    Does ESXi also do this?

  • Moderator

    Hi, Spaghetti,

    ESXi has the same effect as HyperV when creating snapshots.

    Taking a snapshot with virtual machine memory renders the virtual machine to an inactive state while the memory is written to disk (1013163)

    If you take a snapshot of a virtual machine with memory, you may experience these symptoms while the memory is being written to disk:

    The virtual machine becomes unresponsive or inactive.
    The virtual machine does not respond to any commands.
    You cannot ping the virtual machine.

    However, if you use VMware vCenter Converter Standalone Client works well copying "Powered On" Windows or Linux machines. You can also set it to sync any changes made once the copy process has been completed.

  • I use pfSense in a VMware vCenter environment.  When the pfSense VM is snapped, connectivity is lost for approx 2 seconds.  Connectivity resumes after that while the snapshot continues to be created.  I do all backups after-hours and we haven't had any issues with the 2-second service delay.  A gap of minutes would not be acceptable for me, that's for sure.

  • LAYER 8 Global Moderator

    Whenever I am going to do something to my pfsense vm on esxi 5.5u1 I take a snap, but I do not snap the memory..  Don't really see the point in that - and when I take the snap there is no loss of anything..

    As long as you not taking a snap of memory, which a backup should really need the active memory state then there should be no loss of connectivity during the snap/backup.  I have taken backups using veem of vm while they are online and don't recall any outages or loss of access to the vms.

    So here took a snap while connected via vpn, running pings to both pfsense and something outside pfsense.. and no loss of anything.

  • I hadn't thought of not snapping the RAM, duh.

    I also do our backups with Veeam and haven't noticed any of our connectivity alarms being tripped during backup windows.

  • Theres no option in HyperV to backup the RAM, its while it does a VSS snapshot of the filesystem that this happens. It looks like it is freezing the VHD so the backup is crash consistent.

    Would there be any sort of driver update for the VM tools within the VM to fix this?

  • Happens because pfsense does not come with proper integration services for Hyper-v. Hope it will be fixed with Pfsense 2.2

  • I doubt it.  Integration between Hyper-V and pfSense happens at the FreeBSD level.  pfSense will support Hyper-V when FreeBSD does.  I see that Microsoft does already supply some bits for FreeBSD 9, but the real Hyper-V goodies are supposedly coming with FreeBSD 10.

  • Yes, i talked about Pfsense 2.2 because it is based on Freebsd 10.

    Snapshots are available if you want to test it :

    Edit : I think, it happens because the way vss snapshots are done changed between Hyper-V 2012 and 2012R2. Had the same problem with Windows VMs where we forgot to upgrade integration coponents.

  • Ah, I remember months ago there was debate about whether or not to base 2.2 on FreeBSD 10 or stick with 9.  I didn't know that 10 was settled.  Still, it will take some time for 2.2 to be released.

Log in to reply