So, the saga of getting my pfSense firewall up and running continues. I was able to get my Supermicro A1SAi-2750F up and running with VMWare ESXi 6.5 and virtualizing the pfSense instance. I gave the VM 2 CPU’s and 4GB of RAM, thinking that would be sufficient. The system seems to run well, except the clients are bottlenecked to about 380mb up/down on my 1gigabit circuit. On my old router (the Unifi USG) I was getting about 900mb+, which seemed right, so I’m sure my service provider isn’t the problem. Could the issue be the CPU on this Supermicro mainboard? I got better performance out of an Intel i5 9400 based system, but the problem was on that system I couldn’t get ESXi to run on it, so I could only use Proxmox (not that this is a problem) and on that platform for some reason my download speeds were normal (about 900mb) but I couldn’t get my upload speeds over 700mb…and I wasn’t happy about that. I figured the Supermicro board would be a better choice.
So, do you think the bottleneck on this Supermicro platform is the CPU being the Intel Atom C2750? Seems like it should be more than sufficient to get gigabit speeds, but maybe there’s something I’m unaware of?
When you’re running the speed test, what does the pfsense WebGUI say the CPU usage is at? Have you also tried running pfsense non-virtulized to test performance?
Edit: the C2750 is also an 8-core. Care to try dedicating more cores to the VM of Pfsense?
The pfSense WebGUI says the CPU is at about 46-54% utilization when the test runs. No i haven’t tried running it non-virtualized. I could do that, but it would require a full reload of the system. I would do that if it’s determined that the virtualization is indeed the problem, but that will be my last resort. I can add more CPUs, but it doesn’t seem like that would be the issue. I mean, if the CPU utilization is only about 50%, plus is pfSense using both CPUs I’ve given it already to simply transmit/receive data? Seems like a bit of overkill to add more CPU. But if I’m wrong I’m open to trying.
Adding more virtual cores to PFsense should be pretty simple in ESXI, so give that a try and see if it helps.
If you have any spare SSD’s/HDD’s, it should be very quick and simple to install pfsense onto one of them, to see if performance improves when pfsense is not virtualized.
It’s possible that the C2750’s performance is too poor to saturate gigabit speeds, but considering the Netgate 5100 is quoted to support 3.6Gb/s with an Intel Atom C3558, I’m confident that your Atom 2750 should be capable of at least gigabit.
Your Atom has about the same multi-core performance as the C3558, and half the single-core performance. Source.
When I had my A1SAi-2750F running bare-metal Pfsense, it was able to do 1Gbps no problem. I’d say your VM needs 4-6 cores to perform. Are you wanting to run other VMs on this server as well? If not, I’d just install Pfsense bare-metal and call it good.
Your disk isn’t going to be the problem, I think Pfsense runs mostly in memory.
yeah, I had planned to run a Linux VM to do Dockers and host a bunch of internal apps. But, I may just repurpose another system and run 2 servers. I was trying to avoid that in order to not have 2 servers sucking electricity…but guess I won’t have much of a choice. Thanks
When was this purchased? There’s a known bug that could cause gradual performance degradation and definitely causes eventual failure. Fixes were implemented in hardware beginning in early 2017.