Hardware for dedicated hypervisor running only pfSense



  • Hello

    Thinking of upgrading my old circa 2010 core i3 pfSense box (I built it only recently but most of the parts were "free")

    Reasons to upgrade:
    a) AES-NI (for VPN and similar, even this old system can do over 100 mbps using OpenVPN though)
    b) The motherboard I'm using (Intel DH55HC) only seems to like one particular stick of Corsair DDR3 1333 memory I "stole" from my current desktop, this is obviously a problem as now my desktop has only 1X4GB, instead of 2X4GB of memory.
    c) Although I've tested with iperf3 and I can do a single connection and get 940mbps throughput WAN->LAN with local testing hardware, but not get that sum with multiple connections, although I only have 150/150 internet right now so it doesn't  matter. Just planning for the future as my ISP might have a gigabit plan eventually, and/or I might move to another location that has symmetrical gigabit available.

    My current system is built in a Rosewill 4U case with a Noctua heatsink and fan. I'm thinking of "downgrading" to a 2U case and heatsink to save rack space, as I only have 1 boot SSD in there. So I would need a Micro ATX motherboard.

    I'm thinking of getting a Sky/Kabylake Core i3 and getting a motherboard with VT-d so I can run pfSense in a hypervisor (Proxmox or ESXi) with my existing 4-port HP branded server NIC with PCIe passthrough for the pfSense VM. This is so I can take snapshots of my working setup and do testing easily without having to take the system down and reinstall, etc. I understand not all motherboards do PCIe passthrough well. Does anyone have experience with this?

    I live in Canada, and only need suggestions for the CPU and motherboard, should I wait for AMD's Ryzen based APU's or go with an i3?

    Thanks


  • Galactic Empire

    Why dedicated hypervisor running only pfSense? Just putting this out there, pfSense has bhyve hypervisor built in. It doesn't have GUI, however it works great and supports snapshots. Seems like a fun way to learn about another hypervisor.

    https://wiki.freebsd.org/action/show/bhyve?action=show&redirect=BHyVe

    I understand not all motherboards do PCIe passthrough well. Does anyone have experience with this?

    As long as your CPU and motherboard supports VT-d, you're good.

    This is so I can take snapshots of my working setup and do testing easily without having to take the system down and reinstall

    If this is your only concern, 2.4 is a better choice as it supports ZFS.

    Config backups and restore is a great way to get back online after bad configuration. You can always restore recent config from the console (option 15). These are automatically made every time you make a change within the GUI. Because of that, I believe you may be overthinking it with virtualization :)



  • @ivor:

    Why dedicated hypervisor running only pfSense?

    I already have another hypervisor running my other projects.

    I understand not all motherboards do PCIe passthrough well. Does anyone have experience with this?

    As long as your CPU and motherboard supports VT-d, you're good.

    Really? I thought it needed IOMMU support, which some people have had trouble with.

    If this is your only concern, 2.4 is a better choice as it supports ZFS.

    Config backups and restore is a great way to get back online after bad configuration. You can always restore recent config from the console (option 15). These are automatically made every time you make a change within the GUI. Because of that, I believe you may be overthinking it with virtualization :)

    Hmm, maybe. I have a friend that does a virtualized setup so he can easily test multiple pfSenses snapshots and that like. I also might be doing some custom modifications to pfSense so I would like having separate installs under a hypervisor as well.

    Most x86 hardware except for super embedded platforms supports virtualization as I can gather, just concerned about PCIe passthrough.

    Thanks


Log in to reply