Virtio network adapter on qemu/kvm ubuntu LTS host drops packets. Use e1000.
Using pfsense 2.1.4-Release amd64 as a guest on an ubuntu 14.04 LTS linux server host, the virtio guest network adapter silently drops every few packets when the host adapter is a bridge between the guest and a real nic. The e1000 guest driver works normally.
I did not have any problems with dropped packets, but I did encounter the interfaces not working after reboot.
I resolved it by running a script on boot that takes the interface down, and takes it up again. Then everything worked fine.
#!/bin/sh #===================================================================== # pingtest.sh, v1.0.1 # Created 2009 by Bennett Lee # Released to public domain # # (1) Attempts to ping several hosts to test connectivity. After # first successful ping, script exits. # (2) If all pings fail, resets interface and retries all pings. # (3) If all pings fail again after reset, then reboots pfSense. # # History # 1.0.1 Added delay to ensure interface resets (thx ktims). # 1.0.0 Initial release. #===================================================================== #===================================================================== # USER SETTINGS # # Set multiple ping targets separated by space. Include numeric IPs # (e.g., remote office, ISP gateway, etc.) for DNS issues which # reboot will not correct. ALLDEST="google.com yahoo.com vg.no 220.127.116.11 18.104.22.168 22.214.171.124" # Interface to reset, usually your WAN BOUNCE=xl0 # Log file LOGFILE=/root/pingtest.log #===================================================================== COUNT=1 while [ $COUNT -le 2 ] do for DEST in $ALLDEST do #echo `date +%Y%m%d.%H%M%S` "Pinging $DEST" >> $LOGFILE ping -c1 $DEST >/dev/null 2>/dev/null if [ $? -eq 0 ] then #echo `date +%Y%m%d.%H%M%S` "Ping $DEST OK." >> $LOGFILE exit 0 fi done if [ $COUNT -le 1 ] then echo `date +%Y%m%d.%H%M%S` "All pings failed. Resetting interface $BOUNCE." >> $LOGFILE /sbin/ifconfig $BOUNCE down # Give interface time to reset before bringing back up sleep 10 /sbin/ifconfig $BOUNCE up # Give WAN time to establish connection sleep 60 else echo `date +%Y%m%d.%H%M%S` "All pings failed twice. Rebooting..." >> $LOGFILE /sbin/shutdown -r now >> $LOGFILE exit 1 fi COUNT=`expr $COUNT + 1` done
I do not use the script any more, as I migrated to a physical pfSense box, but you can use the script, and just modify it to change the interface.
I seem to recall that can be worked around by disabling checksum offloading (System > Advanced, Networking tab)