Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Performance running Virtualized (VMware) vs Native hardware

    Virtualization
    2
    4
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AxSD
      last edited by

      I'm in the process of building a pfsense box in a virtual environment right now just to test it first. Once it goes live, I can either reinstall it as a standalone on separate computer, or I can put it on my current VMware workstation as another VM.

      Hardware will not be the limitation, so will virtualizing the router cause any throughput problems or any other performance hits compared to running it on the actual hardware? Will it be less secure since the firewall is on the same level as the OS and all the other VMs?

      I would much prefer to run it as a VM for ease of management, but if there is a noticeable difference in performance or security, then I'll build a separate computer to host this pfsense router.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Go virtual.  So much easier to manage and maintain.  While I haven't done any bar-metal testing versus VM, I haven't noticed any problems on our 100Mbps link.  I run under ESXi 5.5U2.  I would not recommend running in on VMware Workstation.  If you have the hardware to spare, setup either Xenserver, ESXi or Hyper-V Server and run it on that instead of client virtualization.  As for security, I can't recall seeing much in the way of exploits that allow a process to break out of the sandbox and affect other VMs.  Not impossible, but not very easy from what I understand.  VMware has a small footprint and attack surface.

        1 Reply Last reply Reply Quote 0
        • A
          AxSD
          last edited by

          Thank you for the reply.

          I would run it on a type-1 hypervisor, but the problem is that there is already an infrastructure when it comes to virtualization, so it would be easier for me to just add it as another VM on VMware workstation (type-2 hypervisor). If I virtualize it on ESXi, I'd have to build another computer, which at that point, I might as well just run it as a standalone on the hardware.

          If anyone notices any general performance difference between type-2 VM level vs type-1 VM level, vs bare hardware, please do comment.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I might as well just run it as a standalone on the hardware.

            Well sure, if you want to forego all of the amazing benefits of virtualizing the server.  That's the whole point of virtualizing.  Backups & snapshots have saved my ass so many times.  Being able to move the VM while live from one box to another.  Cloning the VM so that I could play in a sandbox without affecting the network.  No more hardware worries, and if the ESXi host dies, I can spin pfSense back up on another host in a minute or two.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.