F5F Stay Refreshed Power Users Networks Running OPNSense inside a virtual machine with NAT causes very slow performance.

Running OPNSense inside a virtual machine with NAT causes very slow performance.

Running OPNSense inside a virtual machine with NAT causes very slow performance.

L
Lord_Brynjolf
Junior Member
Find
8
11-20-2016, 08:18 PM
#1
I build a Host with very capable Hardware, Core i7 3770K with 8GB of RAM and 120GB SSD Host, 120GB SSD VM, 2TB Cache As diagram below: before I put online, I was testing OPNSense NAT performance under VM, I found I couldn't achieve at least 350Mbps, I assign 2 vCPU for OPNSense alone, during iperf Test, OPNSense max out 100% CPU Usage. Currently I doing separate machine, I thought using VM can save some electricity, but performance are not satisfied
Reply
Reply
L
Lord_Brynjolf
11-20-2016, 08:18 PM #1

I build a Host with very capable Hardware, Core i7 3770K with 8GB of RAM and 120GB SSD Host, 120GB SSD VM, 2TB Cache As diagram below: before I put online, I was testing OPNSense NAT performance under VM, I found I couldn't achieve at least 350Mbps, I assign 2 vCPU for OPNSense alone, during iperf Test, OPNSense max out 100% CPU Usage. Currently I doing separate machine, I thought using VM can save some electricity, but performance are not satisfied

Reply
Reply
A
angelface3000
Junior Member
Find
35
11-22-2016, 05:46 AM
#2
For improved performance on the NIC, consider using virtio with the virtio driver instead of the default e1000. Opt for bridged networking rather than NAT. You might also pass through an entire network card to the VM, which can make a big difference. However, I wouldn't run your router or firewall inside a VM if it manages your whole network—it's generally not a good practice to virtualize such critical components.
Reply
Reply
A
angelface3000
11-22-2016, 05:46 AM #2

For improved performance on the NIC, consider using virtio with the virtio driver instead of the default e1000. Opt for bridged networking rather than NAT. You might also pass through an entire network card to the VM, which can make a big difference. However, I wouldn't run your router or firewall inside a VM if it manages your whole network—it's generally not a good practice to virtualize such critical components.

Reply
Reply
X
xYuuki14
Junior Member
Find
27
12-09-2016, 02:20 PM
#3
I understand, I'll keep OPNSense on real hardware. Using Pi-Hole and LANCache is secure in a VM because Pi-Hole doesn't need much CPU power.
Reply
Reply
X
xYuuki14
12-09-2016, 02:20 PM #3

I understand, I'll keep OPNSense on real hardware. Using Pi-Hole and LANCache is secure in a VM because Pi-Hole doesn't need much CPU power.

Reply
Reply
M
maxiionita
Member
Find
172
12-10-2016, 01:08 AM
#4
Your router providing alternative DNS servers works well for clients during downtime. LanCache is indeed used for Steam games, though I can't say much about it since I don't use it personally.
Reply
Reply
M
maxiionita
12-10-2016, 01:08 AM #4

Your router providing alternative DNS servers works well for clients during downtime. LanCache is indeed used for Steam games, though I can't say much about it since I don't use it personally.

Reply
Reply