Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] 2.3.2 on ESXi 5.5.0U3 - network performance issue

    Scheduled Pinned Locked Moved Virtualization
    5 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      roootzi
      last edited by

      Hey,

      sorry for my English, it's not my native language.

      So far I managed to setup one vm as part of a CARP setup. Most of the stuff is working now(NAT,VIPs,CP+freeradius…). But it seems like I can't get a decent performance out of the box.

      My hardware:

      • vmware host - ESXi 5.5.0U3
      • hp nc364t
      • bridged all four ports through to pfsense as vmxnet3
      • vm with 2CPUs x 1Core, 2G Ram

      Pfsense-settings:

      • 2.3.2 Pfsense
      • CPU Type: Intel(R) Xeon(TM) CPU 2.80GHz/2 CPUs: 2 package(s) x 1 core(s)
      • simple nat on Lan-side, CaptivePortal turned off
      • Wan 10 FW-Rules, Lan 2 Rules
      • 4 Interfaces; 1xWan 1xLan 1xProjectlan(enabled but unused) 1xSync
      • 3 VIPs
      • Packages: AutoConfigBackup/Backup/darkstat/freeradius2/iftop/iperf/OpenVMTools

      I ran iperf against pfsense:
      Wan-side -> 288-504 Mbits/s
      Lan-side  -> 216-277 Mbits/s
      (disabled CP,darkstate)
      While I ran tested the WebUI was not accessable!

      I also tried a debian8 vm on the same card/ports against iperf and I got over 900 Mbits/s, using the e1000 driver.
      It looks like I am doing something wrong  :o

      What is the recommanded vmware driver for better pfsense performance, e1000e or vmxnet3? Is there anything else I could try, maybe more resources?

      Thanks for your time
      otzi

      Edit: forget to mention vmware-tools are installed

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        did you iperf thru pfsense?  Pfsense is a router/firewall not really optimized for answering traffic to itself.

        What do you mean you bridged thru all 4 interfaces?  In esxi you would have a vmkern, and then other vswitch(es) for your other hardware interfaces.  Can you post your esxi network configuration.  Example below is mine.

        esxivswitches.png
        esxivswitches.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • R
          roootzi
          last edited by

          @johnpoz:

          did you iperf thru pfsense?  Pfsense is a router/firewall not really optimized for answering traffic to itself.

          I used iperf against the pfsense itself.
          Early this week, after I finished setting up this pfsense box, I noticed  that speed maxed out at 300, sometimes at 450MBits/s testing it against a decent nas-box(physical no vm) doing simple ftp. Normally I get 600-700 Mbits/s from this nas, sometimes less depending the network; … While I was moving files from wan2lan I couldn't even load the WebUI. So I requested another cpu and 2GB Ram in total. Performance didn't change after this, so I changed adapter type from e1000 to vmxnet3 on esxi. But it's still isn't moving any faster?! I figured that I should try another vm on the same vswitch, thought it would be better for comparison. As I said debian8 is getting 900+ through, with 1core 1GB ram.

          What do you mean you bridged thru all 4 interfaces?  In esxi you would have a vmkern, and then other vswitch(es) for your other hardware interfaces.  Can you post your esxi network configuration.  Example below is mine.

          You are right. I didn't bridge the adapter through. I meant to say that nothing else is running on those physical ports; only pfsense.

          However I attached the network vswitch-overview. I am not the main administrator of the esxi - I am running another smaller machine(centos-vm-host) which will be the backup-CARP-member. Anyway I think the vswitch-setup isn't the issue, but correct me if I'm wrong.

          I looked, but couldn't find any reports indicating problems regarding pfsense 2.3.2 running on esxi 5.5.0U3!

          20160908_network_vmhost.png
          20160908_network_vmhost.png_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            What are you hiding here, is that your pfsense setup?  Why would its lan/wan be the same vswitch?

            What are those other networks on each vswitch.  I don't see more than 1 vm on those switches - so only pfsense?

            So what is your Iperf THRU pfsense.. ie that is routing/firewalling..  Testing to pfsense IP is not a valid test of the performance of pfsense as a router/firewall its a test of how fast you could move a file to pfsense directly, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              roootzi
              last edited by

              I changed the vm settings and it seems to be all good now.  :)
              After reading the hardware requirements https://www.pfsense.org/hardware/:

              501+ Mbps -> Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

              I ended up with more cores…

              @johnpoz:

              What are you hiding here, is that your pfsense setup?  Why would its lan/wan be the same vswitch?

              Well, yes… I am hiding the public dns/ip.
              Arguably lan/wan on one vswitch doesn't make much sense and I will change that....

              What are those other networks on each vswitch.  I don't see more than 1 vm on those switches - so only pfsense?

              So what is your Iperf THRU pfsense.. ie that is routing/firewalling..  Testing to pfsense IP is not a valid test of the performance of pfsense as a router/firewall its a test of how fast you could move a file to pfsense directly, etc.

              I did a lot of file transfers and watched the traffic graph max out around 950 or something… I will do iperf through the pfsense as you recommend and report back tomorrow.

              However I can mark the thread [SOLVED].

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.