Determining Speed and Duplex for interface under Hyper-V

rnmixon

We are running pfSense 2.2 Release on Hyper-V 2012 R2 on a SuperMicro 5018A-FTN4 with 8 core Atom C2758.

I started getting the "bandwidth for qInternet higher than interface" error after running the Traffic Shaper wizard.

[2.2-RELEASE][root@pfSense.acmeinc.local]/root: pfctl -n -f /tmp/rules.debug
bandwidth for qInternet higher than interface
/tmp/rules.debug:101: errors in queue definition
parent qInternet not found for qACK
/tmp/rules.debug:102: errors in queue definition
parent qInternet not found for qVoIP
/tmp/rules.debug:103: errors in queue definition

The cause of the error seems to be documented pretty well in various posts such as this:
https://forum.pfsense.org/index.php?topic=75150.msg410100#msg410100

I've looked at the rules at the location pointed out:

 altq on  hn0 hfsc bandwidth 4.8Mb queue {  qInternet  }
 queue qInternet on hn0 bandwidth 4.8Mb hfsc (  ecn  , linkshare 4.8Mb  , upperlimit 4.8Mb  )  {  qACK,  qDefault,  qVoIP  }
 queue qACK on hn0 bandwidth 15% hfsc (  ecn  , linkshare 15%  )
 queue qDefault on hn0 bandwidth 7.5% hfsc (  ecn  , default  )
 queue qVoIP on hn0 bandwidth 32Kb hfsc (  ecn  ,  realtime 1.2Mb )

 altq on  hn1 hfsc queue {  qLink,  qInternet  }
 queue qLink on hn1 bandwidth 20% qlimit 500 hfsc (  ecn  , default  )
 queue qInternet on hn1 bandwidth 50331.648Kb hfsc (  ecn  , linkshare 50331.648Kb  , upperlimit 50331.648Kb  )  {  qACK,  qVoIP  }
 queue qACK on hn1 bandwidth 19.988% hfsc (  ecn  , linkshare 19.988%  )
 queue qVoIP on hn1 bandwidth 32Kb hfsc (  ecn  ,  realtime 1.2Mb )

OK - not sure exactly how the calculations are done - but 48Mbps should calculate out to 49.152Kbps, not 48 50331.648Kb. Still I'm running the shaper only for VOIP at this point - asking for 1.2Mbps up/down to protect about 12 call paths of VOIP traffic.
Our internet connection regularly tests at 50Mbps down, 5Mbps up. At first I set the shaper to 50 Mpbs / 5Mbps but then got the error, so I adjusted it down to 48Mbps and 4.8Mbps - still get the error.

Although I'm using synthetic NICs in the VM it sort of looks like the virtual NIC is limited to 50Mbps - not sure but that might be a 100Mbps adapter running at half duplex.

So following the advice in the posts I try to check speed and duplex on my interfaces. But when I go to Status->Interfaces neither the WAN or LAN interface shows speed or duplex. If I go to Interfaces->WAN or Interfaces->Lan the entry for "Speed and Duplex" is not shown.

What am I missing?

I've also run "ifconfig" (public addresses are altered a bit) but I don't see a "media" specification at all:

[2.2-RELEASE][root@pfSense.acmeinc.local]/root: ifconfig
pflog0: flags=100 <promisc>metric 0 mtu 33144
pfsync0: flags=0<> metric 0 mtu 1500
        syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
        nd6 options=21 <performnud,auto_linklocal>hn0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=18 <vlan_mtu,vlan_hwtagging>ether 00:15:5d:01:44:00
        inet 97.172.233.85 netmask 0xfffffff0 broadcast 97.172.233.95
        inet6 fe80::215:5dff:fe01:4400%hn0 prefixlen 64 scopeid 0x5
        inet 97.172.233.83 netmask 0xfffffff0 broadcast 97.172.233.95
        inet 97.172.233.90 netmask 0xfffffff0 broadcast 97.172.233.95
        inet 97.172.233.88 netmask 0xfffffff0 broadcast 97.172.233.95
        inet 97.172.233.89 netmask 0xfffffff0 broadcast 97.172.233.95
        inet 97.172.233.91 netmask 0xfffffff0 broadcast 97.172.233.95
        inet 97.172.233.92 netmask 0xfffffff0 broadcast 97.172.233.95
        nd6 options=23 <performnud,accept_rtadv,auto_linklocal>hn1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=18 <vlan_mtu,vlan_hwtagging>ether 00:15:5d:01:44:01
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::215:5dff:fe01:4401%hn1 prefixlen 64 scopeid 0x6
        nd6 options=21 <performnud,auto_linklocal>[2.2-RELEASE][root@pfSense.acmeinc.local]/root:</performnud,auto_linklocal></vlan_mtu,vlan_hwtagging></up,broadcast,running,simplex,multicast></performnud,accept_rtadv,auto_linklocal></vlan_mtu,vlan_hwtagging></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc>

Any ideas/help are really appreciated.

Thank you - Richard

rnmixon

I thought about posting this in the "Traffic Shaping" or "Hardware" forums but decided to post here in "Virtualization installations and techniques" since we are running under Hyper-V.

I don't want to double- post, but is there a way to link this to those forums?

rnmixon

OK, can anybody that is running pfSense 2.2 or above under Hyper-V 2012 R2 tell me if the pfSense Dashboard shows speed, duplex, etc for the interfaces?

On one of our FW-7551 physical firewalls we see something like "1000baseT <full-duplex>" above the IP address on the Dashboard. And if we click on the interface and go the Interface details page, there is a "Speed and Duplex" entry with "Advanced" button that the documentation refers to.

On the Hyper-V VM all I see is an IP address, and no "Speed and Duplex" entry on the Interfaces page.

I've attached clips of what I'm talking about in case it is not making sense.

If I'm way out in left field - please someone straighten me out on this.

Thank you - Richard

pfSense_interface_status_on_FW-7551.jpg_thumb

pfSense_interface_status_on_Hyper-V_VM.jpg_thumb </full-duplex>

cmb

That's just how the hn network driver (written by Microsoft) functions, though it's a bit unusual in that regard. It could pose issues for traffic shaping. We'll be talking to Microsoft next week actually, I'll make a note to bring that up then.

rnmixon

OK - thanks for clearing that up.

And from what I can tell, it certainly does cause issues for traffic shaping - the wizard errors out when using HFSC. Is there a way to override or supply a value for the wizard to use?

rnmixon

Just FYI, I also tried the CBQ discipline in the Traffic Shaper Wizard, and it get's the same type of error, so it seems to also need link speed:

[2.2.1-RELEASE][root@pfSense.custco.local]/root: pfctl -n -f /tmp/rules.debug
bandwidth for qInternet higher than interface
/tmp/rules.debug:59: errors in queue definition
parent qInternet not found for qACK
/tmp/rules.debug:60: errors in queue definition
parent qInternet not found for qVoIP
/tmp/rules.debug:61: errors in queue definition
parent qInternet not found for qOthersHigh
/tmp/rules.debug:62: errors in queue definition
parent qInternet not found for qOthersLow
/tmp/rules.debug:63: errors in queue definition
[2.2.1-RELEASE][root@pfSense.custco.local]/root:

I think I've got PRIQ set acceptably for now.

Please report back on what you hear from Microsoft … if there's a roadmap for fixing this or other work around.

rnmixon

OK, I have not heard anything posted on this in a couple of months, so I'm bumping.

Any news on whether we might be able to get more information back on the Hyper-V hn network driver in the future?

@cmb:

That's just how the hn network driver (written by Microsoft) functions, though it's a bit unusual in that regard. It could pose issues for traffic shaping. We'll be talking to Microsoft next week actually, I'll make a note to bring that up then.

Thank you - Richard

rnmixon

Chris/anyone,

Is there any feedback at all on how the discussion with Microsoft went on this issue?

@cmb:

That's just how the hn network driver (written by Microsoft) functions, though it's a bit unusual in that regard. It could pose issues for traffic shaping. We'll be talking to Microsoft next week actually, I'll make a note to bring that up then.

If not, what hypervisor has the best support for pfSense (and is reasonably easy to get up to speed on)?

We have been using Hyper-V on the rest of our customer servers for five years, so we were comfortable with it and did not want to move. Don't want to get into any religious wars on what is the best hypervisor - we knew Hyper-V and it worked for us. But giving up traffic shaping is probably too high a price to pay.

Our customers are all in the "under 20 user" category. We've been trying to standardize on a 1U box running a hypervisor that handles pfSense, their FreePBX phone system and an outgoing CentOS mail server. We actually run a second mirror and let Hyper-V's replication provide us with a (non-immediate) failover. It's worked well except for the traffic shaping part.

Any input at all is appreciated.

Thank you - Richard