[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XEN PV networking: checksum issues

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: Atom2 <ariel.atom2@xxxxxxxxxx>
Date: Mon, 09 Feb 2015 00:11:20 +0100
Cc: xen-users@xxxxxxxxxxxxx
Delivery-date: Sun, 08 Feb 2015 23:12:47 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Ian,

many thanks for your answer. After some tests and a number of days withthe system back up and running flawlessly I can confirm that changingthe TX offloading in the dom0 for the vif I/f connectedt to the HVM domUwith pfSense running was the solution.

No other change over and above this, especially none within the pfSensedomU was required as was no change to the RX offload in dom0 for anydomain (including the pfSense domain) or the TX offloading for any otherdomU.

My suspicion is that it is either an issue with FreeBSD 10.1 (I have anumber of 10.0 domUs running and none of these exhibit this behaviour)or, more likely, spefific to the pf packet filter (which is not runningon any of the 10.0 domUs) or the firewall software. I'll update my 10.0systems to 10.1 in due course and can then either confirm or rule out anissue with 10.1 per se.

BTW changing the setting for the vif can easily be automated by usingthe script= option for the vif specification in the relevant domU xlconfiguration file.


Thanks again (as always) for your valuable input.

Atom2

Am 29.01.15 um 12:24 schrieb Ian Campbell:

On Thu, 2015-01-29 at 11:20 +0000, Ian Campbell wrote:

On Thu, 2015-01-29 at 01:53 +0100, Atom2 wrote:

Regardless of the fact that checksums for the above stated reason are
not required, is there a parameter that ensures that network packets do
arrive with correct checksums - ideally on just that one virtual
interface that's connected to the firewall.


You can use ethtool


Except I see now that at least one VM is BSD and AFAIK ethtool is a
Linux thing, so depending on which setting needs tweaking that may not
help.

I don't know if BSD has something similar you can toggle -- I think
there is a freebsd-xen list on lists.bsd.org which might have someone
who knows if there isn't anyone here.

I think disabling offload on the vifX.Y for the BSD domain is what you
want though (so dom0 will calculate the checksum before handing over to
pfsense).

Maybe pfsense has an option to ignore the checksum? Really that ought to
happen automatically if the NIC has offload capabilities -- another one
for the bsd list perhaps?

Ian.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] XEN PV networking: checksum issues
  - From: Ian Campbell

Prev by Date: Re: [Xen-users] Build error: "unknown type name vmemrange_t"
Next by Date: Re: [Xen-users] XEN PV networking: checksum issues
Previous by thread: [Xen-users] Build error: "unknown type name vmemrange_t"
Next by thread: Re: [Xen-users] XEN PV networking: checksum issues
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.