VMWare Pentest lab: Extremely high CPU on host
-
I dont see any issues at all related to high CPU on 2.0.2 release.
Running 3 seperate FW's on 4.1 U3.
Packages:
File Manager
Open VM-Tools 8.8.1
PFBlocker
Snort
-
I am not. I only use 10Gbit internally and use the build-in 1Gbit for PF WAN.
No directpath, but virtualized through VmWare.
:)
I am running the 32bit version of Pfsense and VM version 7.
2vCPU and 1GB of memory. 11% memory used at the moment and 37% disk.
Use IBM X3550M4 with Intel 10GbE cars X520-T2.
If you are running at 10 Gbit/s uplink, do you use DirectPath I/O with the pNIC's to pfSense or do you virtualize them to pfSense?
Otherwise the platform is a more current generation than mine. -
Are people still having this issue with the latest esxi 5.1?
I am running 4.1 at the moment and basically any sort of large download kills access to every VM running on the host until it is complete! :(
I have tried everything I can think of and is listed on here, I am getting it on all versions of pfsense from 1.2.3 up to the latest.
It has got to the point now, I am either going to have to setup Pfsense on some dedicated hardware or switch to monowall but I really need openvpn :(
So is upgrading to esxi 5.1 a fix for this?
-
Try to limit the download bandwidth. ;)
Currently seeing ~2% CPU on the ESXi host on 2.0.3 REL.
-
I have tried that, even if I limit to 20 meg it still plays havoc :(
What version of ESX are you on?
-
4.1 U3.
Dont want to upgrade to 5.x since I dont need the new features in 5.x.
-
Looks like my only option is to move to hardware in that case :(
-
When use to running vm's then hardware is a pain in the ass…. :(
-
I know there are going to be vlans everywhere but what else can I do, I cant get any version of pfsense to play nice.
-
Have you tried 1.2.3?? Just for testing?
-
Yes I got exactly the same, the problem is as everyone is accessing the environment via ipsec tunnels or the ssl vpn all it takes is for one user to do a download and everyone's sessions jump about or die totally :(
-
Have you read this?
http://doc.pfsense.org/index.php/VPN_Capability_IPsec
No overlapping networks….
-
Yeah deffo no overlapping networks
-
Allright :) Do you have a 4.x vmware test platform??
-
Yeah
-
Can you test there to see if its a 5.x issue then?
Rather keep it in a VM than on physical hardware for the flexibility :)
-
Yeah I am willing to give that a go, but I need to drive a way to the DC to do the upgrade that's why I was asking if anyone had tried it, I didn't want a wasted trip :)
-
Nope the upgrade to 5.1 U1 didnt fix it :(
-
Try the 4.1 instead.
It could be interesting to see if its a 5.x issue.
-
I was on 4.1, I just went to 5.1 :)
Its not as bad with 5.1 and 5.1 seems to manage the cpus much better all machines are using less but it is still unusable :(