Additional CPU Flags for OPNSense

Apr 17, 2020
33
4
13
40
I'm trying to figure out if it's possible to add the CPU flags sse4_1 and sse4_2 when your using the default kvm64 cpu type? OPNSense complains about the lack of SSE4_1 when I enable the AES flag. If I pick the host cpu type AES works correctly but for some reason OPNSense routing performance is reduced by 50%. I can pick a cpu type of SandyBridge and everything works but that seems like maybe the wrong approach. Trying to set the flag via qm fails with a regex error.

Code:
root@cloudctl1:~# qm set 100 --cpu=kvm64,flags=+sse4.1
400 Parameter verification failed.
cpu: invalid format - format error
cpu.flags: value does not match the regex pattern

I found the cpu flags here http://www.linux-kvm.org/page/Tuning_KVM
 
Last edited:
I can't seem to get that to work. I rebooted after adding the file.

I'm running pve-manager/6.1-8/806edfe1 (running kernel: 5.3.18-3-pve)

Code:
root@cloudctl1:~# cat /etc/pve/virtual-guest/cpu-models.conf
cpu-model: cpu1
    flags +aes;+sse4.1
    reported-model host
root@cloudctl1:~# qm set 100 --cpu=custom-cpu1
400 Parameter verification failed.
cpu: invalid format - format error
cpu.cputype: value 'custom-cpu1' does not have a value in the enumeration '486, athlon, Broadwell, Broadwell-IBRS, Broadwell-noTSX, Broadwell-noTSX-IBRS, Cascadelake-Server, Cascadelake-Server-noTSX, Conroe, core2duo, coreduo, EPYC, EPYC-IBPB, Haswell, Haswell-IBRS, Haswell-noTSX, Haswell-noTSX-IBRS, host, Icelake-Client, Icelake-Client-noTSX, Icelake-Server, Icelake-Server-noTSX, IvyBridge, IvyBridge-IBRS, KnightsMill, kvm32, kvm64, max, Nehalem, Nehalem-IBRS, Opteron_G1, Opteron_G2, Opteron_G3, Opteron_G4, Opteron_G5, Penryn, pentium, pentium2, pentium3, phenom, qemu32, qemu64, SandyBridge, SandyBridge-IBRS, Skylake-Client, Skylake-Client-IBRS, Skylake-Client-noTSX-IBRS, Skylake-Server, Skylake-Server-IBRS, Skylake-Server-noTSX-IBRS, Westmere, Westmere-IBRS'

qm set <vmid> [OPTIONS]
root@cloudctl1:~# qm set 100 --cpu=cpu1
400 Parameter verification failed.
cpu: invalid format - format error
cpu.cputype: value 'cpu1' does not have a value in the enumeration '486, athlon, Broadwell, Broadwell-IBRS, Broadwell-noTSX, Broadwell-noTSX-IBRS, Cascadelake-Server, Cascadelake-Server-noTSX, Conroe, core2duo, coreduo, EPYC, EPYC-IBPB, Haswell, Haswell-IBRS, Haswell-noTSX, Haswell-noTSX-IBRS, host, Icelake-Client, Icelake-Client-noTSX, Icelake-Server, Icelake-Server-noTSX, IvyBridge, IvyBridge-IBRS, KnightsMill, kvm32, kvm64, max, Nehalem, Nehalem-IBRS, Opteron_G1, Opteron_G2, Opteron_G3, Opteron_G4, Opteron_G5, Penryn, pentium, pentium2, pentium3, phenom, qemu32, qemu64, SandyBridge, SandyBridge-IBRS, Skylake-Client, Skylake-Client-IBRS, Skylake-Client-noTSX-IBRS, Skylake-Server, Skylake-Server-IBRS, Skylake-Server-noTSX-IBRS, Westmere, Westmere-IBRS'

qm set <vmid> [OPTIONS]
 
I also tried putting the file at /etc/pve/cpu-models.conf based on the mailing list but it didn't make a difference. The list of valid CPUs seems to be hard coded.
 
I have the same problem with sse4.1 flag in opnsense
Were you ever able to get this working ?
my config: /etc/pve/virtual-guests/cpu-models.conf
cpu-model: custom-cpu1
flags +aes;+sse4.1

# qm set 101 --cpu=custom-cpu1
400 Parameter verification failed.
cpu: invalid format - Custom cputype 'cpu1' not found
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!