I have 4 physical NICs,
onboard reltek (full duplex) (host connection to lan)
2x PCIe intel (full duplex) (mac vtaps on both for the pfsense VM’s LAN and WAN )
1x PCI intel (half duplex) (spare)
going over the physical network from host to vm or vise versa can be brutal on the cpu
put this in netplan
bridges:
br0:
addresses: [ 172.16.69.1/32 ]
dhcp4: no
dhcp6: no
optional: true
and used this xml
<network>
<name>kvm-bridge</name>
<forward mode="bridge" />
<bridge name="br0"/>
</network>
set the static ip in the guest and there is no connection between host/guest
here are my host interfaces
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 50:e5:49:d9:87:6b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.126/24 metric 100 brd 10.0.0.255 scope global dynamic enp2s0
valid_lft 84500sec preferred_lft 84500sec
inet6 fe80::52e5:49ff:fed9:876b/64 scope link
valid_lft forever preferred_lft forever
3: enp1s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 00:15:17:be:13:e4 brd ff:ff:ff:ff:ff:ff
4: enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:15:17:be:13:e5 brd ff:ff:ff:ff:ff:ff
inet6 fe80::215:17ff:febe:13e5/64 scope link
valid_lft forever preferred_lft forever
5: enp3s6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:1b:21:c4:fa:08 brd ff:ff:ff:ff:ff:ff
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fe:e7:a1:b5:c2:ea brd ff:ff:ff:ff:ff:ff
inet 172.16.69.1/32 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::fce7:a1ff:feb5:c2ea/64 scope link
valid_lft forever preferred_lft forever
7: macvtap0@enp1s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 500
link/ether 52:54:00:95:04:64 brd ff:ff:ff:ff:ff:ff
8: macvtap1@enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 500
link/ether 52:54:00:08:57:83 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fe08:5783/64 scope link
valid_lft forever preferred_lft forever
9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:db:29:27 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fedb:2927/64 scope link
valid_lft forever preferred_lft forever
and this is the nic on the guest
vtnet2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Host_Direct
options=c07b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE>
ether 52:54:00:db:29:27
inet6 fe80::5054:ff:fedb:2927%vtnet2 prefixlen 64 scopeid 0x3
inet 172.16.69.2 netmask 0xffffffff broadcast 172.16.69.2
media: Ethernet 10Gbase-T <full-duplex>
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
on a side note from my last thread rick mentioned, it seems iperf on pfsense is just brutal on the cpu compared to on ubuntu bare metal or vm it does not matter, this CPU will pull 0.6A on ubuntu and 2.6A on pfsense when using iperf in full duplex