OPNSense under VM (NAT) extremely slow

[Anime4000]

I build a Host with very capable Hardware, Core i7 3770K with 8GB of RAM and 120GB SSD Host, 120GB SSD VM, 2TB Cache

As diagram below:

 

before I put online, I was testing OPNSense NAT performance under VM, I found I couldn't achieve at least 350Mbps,

I assign 2 vCPU for OPNSense alone, during iperf Test, OPNSense max out 100% CPU Usage.

 

Currently I doing separate machine, I thought using VM can save some electricity, but performance are not satisfied

[Windows7ge]

To get better performance on the NIC you might prefer to use virtio+the virtio driver as oppose to like the default e1000. Then use bridged as oppose to NAT.

 

Alternatively you could pass-though a whole NIC to the VM. That should help greatly too.

 

Really though I wouldn't run your router/firewall in a VM if it controls your entire network. It's one of the things that's not a great idea to virtualize as a functional deployment.

[Anime4000]

46 minutes ago, Windows7ge said:

Really though I wouldn't run your router/firewall in a VM if it controls your entire network. It's one of the things that's not a great idea to virtualize as a functional deployment.

I see, I'll stick OPNSense on Real Hardware.

As Pi-Hole and LANCache, safe in VM since Pi-Hole not require CPU power

[Windows7ge]

15 minutes ago, Anime4000 said:

I see, I'll stick OPNSense on Real Hardware.

As Pi-Hole and LANCache, safe in VM since Pi-Hole not require CPU power

So long as your Router is handing out a secondary or tertiary DNS that your clients can use when the pi-hole VM is down (which will happen) then yes that should be fine.

 

LanCache is for Steam games correct? I can't really comment on that as I don't use it myself.