F5F Stay Refreshed Power Users Networks Running OPNSense inside a virtual machine with NAT causes very slow performance.

Running OPNSense inside a virtual machine with NAT causes very slow performance.

Running OPNSense inside a virtual machine with NAT causes very slow performance.

L
Lord_Brynjolf
Junior Member
8
11-20-2016, 08:18 PM
#1
I build a Host with very capable Hardware, Core i7 3770K with 8GB of RAM and 120GB SSD Host, 120GB SSD VM, 2TB Cache As diagram below: before I put online, I was testing OPNSense NAT performance under VM, I found I couldn't achieve at least 350Mbps, I assign 2 vCPU for OPNSense alone, during iperf Test, OPNSense max out 100% CPU Usage. Currently I doing separate machine, I thought using VM can save some electricity, but performance are not satisfied
L
Lord_Brynjolf
11-20-2016, 08:18 PM #1

I build a Host with very capable Hardware, Core i7 3770K with 8GB of RAM and 120GB SSD Host, 120GB SSD VM, 2TB Cache As diagram below: before I put online, I was testing OPNSense NAT performance under VM, I found I couldn't achieve at least 350Mbps, I assign 2 vCPU for OPNSense alone, during iperf Test, OPNSense max out 100% CPU Usage. Currently I doing separate machine, I thought using VM can save some electricity, but performance are not satisfied

A
angelface3000
Junior Member
35
11-22-2016, 05:46 AM
#2
For improved performance on the NIC, consider using virtio with the virtio driver instead of the default e1000. Opt for bridged networking rather than NAT. You might also pass through an entire network card to the VM, which can make a big difference. However, I wouldn't run your router or firewall inside a VM if it manages your whole network—it's generally not a good practice to virtualize such critical components.
A
angelface3000
11-22-2016, 05:46 AM #2

For improved performance on the NIC, consider using virtio with the virtio driver instead of the default e1000. Opt for bridged networking rather than NAT. You might also pass through an entire network card to the VM, which can make a big difference. However, I wouldn't run your router or firewall inside a VM if it manages your whole network—it's generally not a good practice to virtualize such critical components.

X
xYuuki14
Junior Member
27
12-09-2016, 02:20 PM
#3
I understand, I'll keep OPNSense on real hardware. Using Pi-Hole and LANCache is secure in a VM because Pi-Hole doesn't need much CPU power.
X
xYuuki14
12-09-2016, 02:20 PM #3

I understand, I'll keep OPNSense on real hardware. Using Pi-Hole and LANCache is secure in a VM because Pi-Hole doesn't need much CPU power.

M
maxiionita
Member
172
12-10-2016, 01:08 AM
#4
Your router providing alternative DNS servers works well for clients during downtime. LanCache is indeed used for Steam games, though I can't say much about it since I don't use it personally.
M
maxiionita
12-10-2016, 01:08 AM #4

Your router providing alternative DNS servers works well for clients during downtime. LanCache is indeed used for Steam games, though I can't say much about it since I don't use it personally.