Does a virtual bridge has a high CPU cost compared to PCIe passthrough for Network cards?

[logui]

I am virtualizing OPNsense in Proxmox, I need two network cards from the Host available in the OPNsense VM (WAN, LAN), might need more in the future for VLAN or other network segmentation.

I can enable them in bridge or passthrough mode, I have read that bridge will have a CPU cost and passthrough will have a RAM cost, because all guest memory needs to be allocated at boot.

Please could you help clarify if these statements are true or not, I am using a host device with 64GB RAM, Intel Core i7-10810U CPU, and 6 Intel I225-V Rev. B3 2.5G Ethernet cards.

From a throughput perspective, the ISP is 5G internet so around 300-400Mbps and I don't have a NAS in the LAN or anything else with high traffic.

Thank you

 

[BobhWasatch]

I can enable them in bridge or passthrough mode, I have read that bridge will have a CPU cost and passthrough will have a RAM cost, because all guest memory needs to be allocated at boot.

#1 might be true, but at normal WAN speeds you won't notice except maybe on the weakest hardware.
#2 is true but why are you allocating more RAM than it needs to begin with?

Please could you help clarify if these statements are true or not, I am using a host device with 64GB RAM, Intel Core i7-10810U CPU, and 6 Intel I225-V Rev. B3 2.5G Ethernet cards.

From a throughput perspective, the ISP is 5G internet so around 300-400Mbps and I don't have a NAS in the LAN or anything else with high traffic.

The CPU cost of a bridge won't be noticeable with that CPU and traffic. In my opinion PCI pass-thru is not worth it for a case like this.

 

[logui]

Thank you, what is better from a security perspective (network traffic isolation, tampering, etc.) network card Bridge or PCIe passthrough? It seems to me PCI passthrough, but I might be wrong, thanks

 

[BobhWasatch]

Any security risk for either is much, much, less than the risk of someone breaking into your router directly.