Proxmox Networking

Proxmox Networking Performance

Leave a Comment / FreeBSD Articles, Operating Systems, ProxMox, Software / By /

Virtio Driver Issues

The Virtio driver is a great driver to use for all your guest virtual machines within Proxmox but it does have a couple of issues that affect performance. This is very noticeable if your guest operating system is running an application that uses libalias (for example a firewall, NAT, or routing) but it does also affect performance in almost all guests. Don’t worry though, there is an east fix.

In order to fix this issue, you just need to disable checksum offloading as wel las LRO and TSO in the Virtio on the guest VM. I do this in all my guests by default. Turning off these functions means that the kernel now has to process the offloading but this is a very small hit on a modern machine (usually not noticeable).

I run Proxmox on Debian and most of my guests run FreeBSD. This article will show instructions for a FreeBSD guest (same for pfsense and OPNsense firewalls), if you are running a different guest then the commands will be different.

Disable the offloading in the Guest

in FreeBSD, create the following file in /boot/loader.conf.d/

#  vi /boot/loader.conf.d/vtnet_fix.conf

The file should contain the following.

hw.vtnet.tso_disable="1"
hw.vtnet.lro_disable="1"
hw.vtnet.csum_disable="1"

Disabling LRO on the Proxmox host

It is also recommended to disable LRO on the Proxmox host. Use the following command to temporarily disable it. You will need to find out what the physical network interface name is. Looks like the Proxmox network section on your server (the proxmox web interface). You need the physical network (NIC) device name not the bridge device name. For this example, mine is a 10Gbps Intel card and it shows up as ens1f0) so I woulds enter the following:

# ethtool -K ens1f0 tso off

To make it permament, you need to edit the /etc/network/interfaces file and add in the ethtool command. Find the iface lines for your device and add the up line right after it like so:

# vi /etc/network/interfaces
iface ens1f0 inet manual
    up ethtool -K $IFACE tso off

NOTE: Some Broadcom chipsets will also require generic-receive-offload turned off as well.

Leave a Comment

Your email address will not be published. Required fields are marked *