[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XEN PV networking: checksum issues

many thanks for your answer. After some tests and a number of days with the system back up and running flawlessly I can confirm that changing the TX offloading in the dom0 for the vif I/f connectedt to the HVM domU with pfSense running was the solution.

No other change over and above this, especially none within the pfSense domU was required as was no change to the RX offload in dom0 for any domain (including the pfSense domain) or the TX offloading for any other domU.

My suspicion is that it is either an issue with FreeBSD 10.1 (I have a number of 10.0 domUs running and none of these exhibit this behaviour) or, more likely, spefific to the pf packet filter (which is not running on any of the 10.0 domUs) or the firewall software. I'll update my 10.0 systems to 10.1 in due course and can then either confirm or rule out an issue with 10.1 per se.

BTW changing the setting for the vif can easily be automated by using the script= option for the vif specification in the relevant domU xl configuration file.

Thanks again (as always) for your valuable input.


Am 29.01.15 um 12:24 schrieb Ian Campbell:
On Thu, 2015-01-29 at 11:20 +0000, Ian Campbell wrote:
On Thu, 2015-01-29 at 01:53 +0100, Atom2 wrote:
Regardless of the fact that checksums for the above stated reason are
not required, is there a parameter that ensures that network packets do
arrive with correct checksums - ideally on just that one virtual
interface that's connected to the firewall.

You can use ethtool

Except I see now that at least one VM is BSD and AFAIK ethtool is a
Linux thing, so depending on which setting needs tweaking that may not

I don't know if BSD has something similar you can toggle -- I think
there is a freebsd-xen list on lists.bsd.org which might have someone
who knows if there isn't anyone here.

I think disabling offload on the vifX.Y for the BSD domain is what you
want though (so dom0 will calculate the checksum before handing over to

Maybe pfsense has an option to ignore the checksum? Really that ought to
happen automatically if the NIC has offload capabilities -- another one
for the bsd list perhaps?


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.