Discussion:
[pfSense] Very slow traffic from other VM's through pfSense on XenServer
Morten Christensen
2014-12-20 22:33:15 UTC
Permalink
I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver
Creedence beta 3.

Both have a pfSense 2.2 RC as router/firewall and a couple of Ubuntu
Linux VM's and a windows-VM.

Traffic through both the physical xenserver-box and the virtual pfSense
firewall goes at expected speeds.
But traffic from the other VM's on the same server through the pfSense
out on wan/internet goes very, very slow.
It goes so bad they cannot update themselve with apt-get.

When I try with iperf from a linux VM through the pfSense's WAN the
speed is 3,82 KBits/sec.
The VM's and pfSense are connected with an internal single-server
network (as OPT1), and tests to iperf server run on pfSense from a linux
VM shows gigabit-speed.

One of the pfSense' has xen-tools installed. The other has not. I cannot
se improvements with the tools installed.

Anobody with experience on pfSence and XenServer, that can give me in a
direction to experiment in?


--
Morten Christensen
Morten Christensen
2014-12-22 19:43:57 UTC
Permalink
Post by Morten Christensen
I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver
Creedence beta 3.
Both have a pfSense 2.2 RC as router/firewall and a couple of Ubuntu
Linux VM's and a windows-VM.
Traffic through both the physical xenserver-box and the virtual
pfSense firewall goes at expected speeds.
But traffic from the other VM's on the same server through the pfSense
out on wan/internet goes very, very slow.
It goes so bad they cannot update themselve with apt-get.
When I try with iperf from a linux VM through the pfSense's WAN the
speed is 3,82 KBits/sec.
The VM's and pfSense are connected with an internal single-server
network (as OPT1), and tests to iperf server run on pfSense from a
linux VM shows gigabit-speed.
One of the pfSense' has xen-tools installed. The other has not. I
cannot se improvements with the tools installed.
One of my XenServers can get several public IP'numbers. On that I now
have installed VM's with both an IPCop firewall and a Zentyal firewall.
When one of those new firewall-VMs' is default gateway for the ordinary
VM's on the XenServer, their wan/internet-speed is normal.

So it must be a configuration-problem om pfSense.

Still no ideas how to find the problem ?


--
Morten Christensen
Morten Christensen
2014-12-27 23:25:02 UTC
Permalink
Post by Morten Christensen
Post by Morten Christensen
I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver
Creedence beta 3.
Both have a pfSense 2.2 RC as router/firewall and a couple of Ubuntu
Linux VM's and a windows-VM.
Traffic through both the physical xenserver-box and the virtual
pfSense firewall goes at expected speeds.
But traffic from the other VM's on the same server through the
pfSense out on wan/internet goes very, very slow.
It goes so bad they cannot update themselve with apt-get.
When I try with iperf from a linux VM through the pfSense's WAN the
speed is 3,82 KBits/sec.
The VM's and pfSense are connected with an internal single-server
network (as OPT1), and tests to iperf server run on pfSense from a
linux VM shows gigabit-speed.
One of the pfSense' has xen-tools installed. The other has not. I
cannot se improvements with the tools installed.
One of my XenServers can get several public IP'numbers. On that I now
have installed VM's with both an IPCop firewall and a Zentyal firewall.
When one of those new firewall-VMs' is default gateway for the
So it must be a configuration-problem om pfSense.
Still no ideas how to find the problem ?
Tried to install a pfSense 2.1.5 as VM.
With 2.1.5 as default gateway other VM's on the Xenserver have normal
wan/internet-speed.

But very slow speeed through 2.2RC continues.
--
Morten Christensen
Chris L
2014-12-28 04:43:36 UTC
Permalink
Post by Morten Christensen
I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver Creedence beta 3.
Both have a pfSense 2.2 RC as router/firewall and a couple of Ubuntu Linux VM's and a windows-VM.
Traffic through both the physical xenserver-box and the virtual pfSense firewall goes at expected speeds.
But traffic from the other VM's on the same server through the pfSense out on wan/internet goes very, very slow.
It goes so bad they cannot update themselve with apt-get.
When I try with iperf from a linux VM through the pfSense's WAN the speed is 3,82 KBits/sec.
The VM's and pfSense are connected with an internal single-server network (as OPT1), and tests to iperf server run on pfSense from a linux VM shows gigabit-speed.
One of the pfSense' has xen-tools installed. The other has not. I cannot se improvements with the tools installed.
One of my XenServers can get several public IP'numbers. On that I now have installed VM's with both an IPCop firewall and a Zentyal firewall.
So it must be a configuration-problem om pfSense.
Still no ideas how to find the problem ?
Tried to install a pfSense 2.1.5 as VM.
With 2.1.5 as default gateway other VM's on the Xenserver have normal wan/internet-speed.
But very slow speeed through 2.2RC continues.
I installed 2.2-RC and am seeing exactly the same thing. 12/26 2.2-RC and XenServer 6.2

Upgrading from 2.1.5 yielded an unbootable node (can’t mount root).

I then attached the .iso to the existing 2.1.5 vm and installed fresh. Got the slow throughput.

I then created a new VM using the iso and got the slow throughput.

I disabled NAT for this virtual LAN -> WAN and told my actual external pfSense to NAT for the internal network and no change.

Shaping disabled, no limiters defined.

Loading...