Does Pfsense support dpdk ?
-
Is it possible to use pfsense on server with dpkd supported nic ? I would like to know before i try to implement it on our data center as firewall L3.
-
Not via dpdk drivers, no.
It will probably run on anything that dpdk supports but doesn't use dpdk.
Steve
-
i see but I need firewall that support dpdk driver. do you know other alternative open source firewall that support dpdk driver?
-
Not entirely sure what you need, but you saw TNSR right?
https://www.tnsr.com/ -
I want to ask the same thing regarding to install DPDK in pfSense. The port file is there:
https://doc.dpdk.org/guides/freebsd_gsg/install_from_ports.html
-
Still not sure what you would expect to do with that if you did install it? pfSense will not see those interfaces as usable.
Steve
-
I'm writing a packet sorting application on top of C++ library PcapPlusPlus, which supports both libpcap and DPDK. But I found that some packet are missing in capturing by libpcap. Thus, I look into alternative like DPDK.
See my discussion here: https://github.com/seladb/PcapPlusPlus/issues/342
-
Ah, OK. Interesting.
I would be doing that in FreeBSD first for sure. If it works as expected there you could try installing in pfSense. Though as I understand it you would need to use the DPDK driver with the NIC directly which would mean pfSense could not use it. I'm not sure how you would integrate that with a firewall.
Steve
-
There is no build stack in pfSense on purpose. I had to build my app in FreeBSD 11.2 VM. This was done already.
I’m not familiar with DPDK. It seemed that the compilation of DPDK needs to compile with FreeBSD kernel source. Can this kernel level binary module be migrated as well?
-
I have never tried with dpdk, other kernel modules can be copied though.
You have tested this in FreeBSD then?
Still not clear why you would want to use this in pfSense rather than FreeBSD. I can't see how you can use an interface for both purposes and if not how you would use it.
Steve
-
I haven’t tried DPDK in FreeBSD.
I had Netgate router but it is not beefy enough. So I copied the pfSense configuration from Netgate router and install pfSense in my retired PC.
I wrote a packet capturing app on top of libpcap. But I found that libpcap missed capturing from time to time. So I looked into alternative like DPDK.
I knew pfSense is FreeBSD. But it took me a while to set up FreeBSD as a router. I simply drop the XML and the installation and configuration is done.
-
OK. The issue I see is that to use the NIC with DPDK drivers, as I understand it, you need to unload any other drivers attaching to it. That means you can't use that NIC as an interface in pfSense. And that means that I'm not sure what traffic you can capture on this NIC. The only way I could see this being useful is if you connect it sepeartely to a mirror port.
Am I missing something?
Steve