I am installing pfSense on the latest version of Proxmox. I have a quad Intel NIC with the subject chipset. I was following the configuration guide on Netgate’s website and it outlined choosing VirtIO for the network card. My question is would I get better throughput and performance if I use PCI Passthrough instead? I have a Gibabit Internet connection and I want to ensure I get the best performance possible. Would there be any real downside to doing this?
Thanks for any feedback.
Randy
I definitely get better speeds with pass through vs virtio. The netgate instructions are pretty old. Unless they updated it finally. Definitely was noticeable with a 10gb, haven’t tested with a 1gb tbh. Can help simplify your networking setup as well. Pass through is just like it would be if it was its own box. Depending on what you do, the proxmox networking (openvswitch or linux style) + pfsense + etc… can get a bit irritating.
Full disclosure: I ultimately opted to have pfsense exist as its own physical entity. If you have others in your immediate living space, or like to watch,the level1 news while you upgrade your boxes, having the internet go poof because something else needed to update gets old.
@CGBS well, it seems like some of my HW must not be compatible (would think it is, it’s all new. Intel i5-9400, Gigabyte B365M DS3H etc). I got an immio error when trying to enable and use pass through and the VM wouldn’t start. Disabled and went back to virtio and all went well. I enabled it in the config files as indicated in the video linked below. Maybe that’s not necessary?
Anyway, in virtio mode it runs ok, I’m getting about 900mb down and 600mb up, which seems to be about 85% of what I was getting with my old Ubiquity USG hardware router (was getting about 900/900). Not sure that the loss on the up side is from the virtualization or not. I can live with it, but would love to get the full near 1GB up/down like I was on the USG.
Thanks again,
Randy
Just keep in mind that if the pfsense you are virtualizing provides the network backbone for your hypervisor this is a terrible situation you put yourself in because if that VM ever goes down so does your ability to administer the hypervisor (unless you have an IPMI or something else to manage).
Proceed with caution.
@Dynamic_Gravity True enough. But luckily it’s here in my own home and I have physical access to the box at all times, so i can get in physical KVM from there. That’s a great point though. The mobo I put this on doesn’t have an IPMI, since it’s a “cheapo” board. The one I replaced did have it (it was a good Supermicro), but I didn’t have the cash to plunk down this time for a board of that calibre. That said, i reached out to Supermicro and they did give me an RMA to look at it. I sent it off and they should have it this week. If they can repair it for a reasonable price I may migrate back to that board (which makes the money I spent on this system a waste, but I guess I can find a use for it!).
Randy
Another thing to consider is you will need to set the hypervisor to a static IP, and then configure that pfsense boot order to be the first VM to start on bootup so that you don’t have issues.
Just trying to help prevent a death spiral xD
Cool, yep we’re on static IP and thus far this is the only host VM so by default it’s the first VM to start! LOL but I will keep that in mind, it’s a great point for sure!
Randy