Do you have performance tips for Proxmox virtualized pfSense?
-
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
VM to the new Proxmox 8 x86-64-v2-AES type.
I use processor type "Host" as I don't anticipate needing to live migrate my pfsense VM to another Proxmox host,
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
It also has six Intel I225-V 2.5Gbs ports.
Nice, I recently bought a similar unit.
Given the generous physical NIC we have, I pass through all NIC pfsense VM uses. Proxmox (and other VM's) connect to the pfsense VM via an external switch.@NollipfSense said in Do you have performance tips for Proxmox virtualized pfSense?:
If you follow the above, you'll see that both WAN and LAN are required to pass-through. It's best to have a separate interface for Proxmox.
Agree
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
The Netgear switch would will support two Ubiquiti POE+ APs, upstream connection to the ISP, a NAS running at 1Gbps and, possibly, two wired connections.
That's a bit weird. It is not clear why you are connecting the ISP to the Netgear switch.
Why are you not using a WAN connection:
ISP -> pfsense VM (optionally passed through) NICLan connection
pfsense VM (optionally passed through) NIC -> Netgear switch
(if pfsense Lan NIC is passed through, Proxmox & other VM will use a different physical NIC to connect to the Netgear switch / LAN. That also means if your Proxmox install has a problem you can easily connect it to another lan to fix it) -
@Patch said in Do you have performance tips for Proxmox virtualized pfSense?:
I use processor type "Host" as I don't anticipate needing to live migrate my pfsense VM to another Proxmox host,
Interesting. How do you get pfSense to then use hardware AES support, which is crucial for TLS performance?
That's a bit weird. It is not clear why you are connecting the ISP to the Netgear switch.
Why are you not using a WAN connection:
ISP -> pfsense VM (optionally passed through) NICI misstated it. I do plan to connect the ISP directly to the appliance. Not sure what I was thinking. :-)
Thanks.
-
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
How do you get pfSense to then use hardware AES support
My understanding is VM processor type "Host" means the VM is told it has the same processor as the Proxmox hypervisor is running on. So if the physical processor supports AES then the VM will be told that's the case.
-
@Patch said in Do you have performance tips for Proxmox virtualized pfSense?:
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
How do you get pfSense to then use hardware AES support
My understanding is VM processor type "Host" means the VM is told it has the same processor as the Proxmox hypervisor is running on. So if the physical processor supports AES then the VM will be told that's the case.
Hmmm....until I changed to the AES-specific host, none of the crypto showed as active in the pfSense summary. Weird.
-
@yobyot
Proxmox hardware settings for pfsense VM
pfsense GUI System information
-
@Patch said in Do you have performance tips for Proxmox virtualized pfSense?:
@yobyot
Proxmox hardware settings for pfsense VM
pfsense GUI System information
Hmmm…I wonder what the difference is between your appliance and mine is when it comes to the “Host” type.
-
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
Hmmm…I wonder what the difference is between your appliance and mine is when it comes to the “Host” type.
Looking at this screenshot below, WAN should be vtnet0 and LAN should be vtnet1...
Also, I have only followed the pfSense recipe quoted in earlier post and that required to use BIOS > OVMF for UEFI boot with machine Q35...
-
Yes. Use ESXi.
-
@NollipfSense said in Do you have performance tips for Proxmox virtualized pfSense?:
Looking at this screenshot below, WAN should be vtnet0 and LAN should be vtnet1...
Actually, no.
pfSense was running on an external Vault. When I migrated it to Proxmox, I put it on vmbr1. I haven't found a way to renumber the bridges so that it "looks" right and now I kinda like it.
-
@yobyot said in Do you have performance tips for Proxmox virtualized pfSense?:
Actually, no.
pfSense was running on an external Vault. When I migrated it to Proxmox, I put it on vmbr1. I haven't found a way to renumber the bridges so that it "looks" right and now I kinda like it.
Well, if it works for you, hooray...I just shared what the pfSense document says...like I installed using UEFI for pfSense on Proxmox, as well as, install Proxmox on ZFS.
