[SOLVED] Optimal Settings for OPNsense / pfSense

banana999

Member
Jan 5, 2020
10
1
23
I'm using OPNsense in a VM as my router, and just had some questions about the optimal settings.

1) Do I want to enable PCI Passthrough (marked as an experimental feature), which will allow enabling hardware offloading?
Would I do this for both the LAN and WAN NICs or just one?

2) If I don't do the PCI Passthrough, should I enable Multiqueue for 1 / both NICs for the OPNsense VM?
And what number should it be if my physical CPU is 2 core 2 threads?

Thanks!
 
Last edited:
1) Do I want to enable PCI Passthrough (marked as an experimental feature), which will allow enabling hardware offloading?
Would I do this for both the LAN and WAN NICs or just one?
PCIe passthrough is the highest-performing option for VM network access. If your hardware supports it, it might be a good idea to use it.

Be aware though, that using it disables cluster migration support, and also doesn't allow your host to use the port. If your system only has two ports (WAN, LAN), you should probably not pass through both, unless you're really sure you know what you're doing (since your host will then not be reachable). But it can also be feasible to just pass through one port, say the WAN interface, and leave the other to the host (i.e. have the "LAN" side of the router VM be a bridge interface).

2) If I don't do the PCI Passthrough, should I enable Multiqueue for 1 / both NICs for the OPNsense VM?
And what number should it be if my physical CPU is 2 core 2 threads?

Check our docs for more on Multiqueue (if you scroll down a bit, you can also find the PCIe passthrough docs), but the optimal amount of queues recommended is however many cores you have assigned your VM. I'd recommend benchmarking both configurations (single queue, multi queue) to compare them, as multiqueue doesn't always make sense.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!