[SOLVED] Optimal Settings for OPNsense / pfSense

banana999

New Member
Jan 5, 2020
5
0
1
I'm using OPNsense in a VM as my router, and just had some questions about the optimal settings.

1) Do I want to enable PCI Passthrough (marked as an experimental feature), which will allow enabling hardware offloading?
Would I do this for both the LAN and WAN NICs or just one?

2) If I don't do the PCI Passthrough, should I enable Multiqueue for 1 / both NICs for the OPNsense VM?
And what number should it be if my physical CPU is 2 core 2 threads?

Thanks!
 
Last edited:

Stefan_R

Proxmox Staff Member
Staff member
Jun 4, 2019
282
44
28
Vienna
1) Do I want to enable PCI Passthrough (marked as an experimental feature), which will allow enabling hardware offloading?
Would I do this for both the LAN and WAN NICs or just one?
PCIe passthrough is the highest-performing option for VM network access. If your hardware supports it, it might be a good idea to use it.

Be aware though, that using it disables cluster migration support, and also doesn't allow your host to use the port. If your system only has two ports (WAN, LAN), you should probably not pass through both, unless you're really sure you know what you're doing (since your host will then not be reachable). But it can also be feasible to just pass through one port, say the WAN interface, and leave the other to the host (i.e. have the "LAN" side of the router VM be a bridge interface).

2) If I don't do the PCI Passthrough, should I enable Multiqueue for 1 / both NICs for the OPNsense VM?
And what number should it be if my physical CPU is 2 core 2 threads?
Check our docs for more on Multiqueue (if you scroll down a bit, you can also find the PCIe passthrough docs), but the optimal amount of queues recommended is however many cores you have assigned your VM. I'd recommend benchmarking both configurations (single queue, multi queue) to compare them, as multiqueue doesn't always make sense.
 
  • Like
Reactions: banana999

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!