pfSense Firewall VM Question

T

tibere86

Member
Mar 9, 2018
4
0
6
68
I have been running pfSense on my Proxmox box as my primary firewall for about a month with no issues...but I do have three questions I have not really been able to find answers to. Here they go...

1) I have not been able to find a good (dummy proof) step by step guide to passing my WAN NIC through to my pfSense VM. Can anyone point me to a good one?

2) As pfSense is running in a VM using vCPU, is it recommended to enable or disable PowerD CPU controller within pfSense?

3) My last question pertains to Hyperthreading. When running a firewall, is it recommended to keep Hyperthreading enabled or disabled? I would assume having Hyperthreading enabled would add to latency, I'm not sure how noticeable it would be or not, which is what one would not want on a firewall.
 
Hi,

tibere86 said:
1) I have not been able to find a good (dummy proof) step by step guide to passing my WAN NIC through to my pfSense VM. Can anyone point me to a good one?
Click to expand...
see https://pve.proxmox.com/wiki/Pci_passthrough

tibere86 said:
2) As pfSense is running in a VM using vCPU, is it recommended to enable or disable PowerD CPU controller within pfSense?
Click to expand...
I think you mean powerd in the pfsence?
If yes you can do what you like in the VM but the real CPU do not take care about. So there is no power reduction on the host.

tibere86 said:
3) My last question pertains to Hyperthreading. When running a firewall, is it recommended to keep Hyperthreading enabled or disabled? I would assume having Hyperthreading enabled would add to latency, I'm not sure how noticeable it would be or not, which is what one would not want on a firewall.
Click to expand...
You should enable HT on virtual hosts. This is general recommended, but sure if you only use 1 VM with 2 vcores and your host has 4 real cores, it will increase the performance.
This is not the common way, normally you have more Vcpus (vcorse) than real cores(HT cores).
When the kernel has to switch context (less cores) cost this performance.
And if the kernel switch it is more costly than the HW with HT is doing this.
 
  • Like
Reactions: tibere86
wolfgang said:
Hi,


see https://pve.proxmox.com/wiki/Pci_passthrough


I think you mean powerd in the pfsence?
If yes you can do what you like in the VM but the real CPU do not take care about. So there is no power reduction on the host.


You should enable HT on virtual hosts. This is general recommended, but sure if you only use 1 VM with 2 vcores and your host has 4 real cores, it will increase the performance.
This is not the common way, normally you have more Vcpus (vcorse) than real cores(HT cores).
When the kernel has to switch context (less cores) cost this performance.
And if the kernel switch it is more costly than the HW with HT is doing this.
Click to expand...
Many thanks @wolfgang for providing answers to my questions.
 
Since I also run pfSense in Proxmox.
Are you talking about Hyperthreading in the computers BIOS settings?
 
Interceptor said:
Since I also run pfSense in Proxmox.
Are you talking about Hyperthreading in the computers BIOS settings?
Click to expand...
Yes, correct. The Hyperthreading ability of Xeon & Intel i7 CPUs. The functionality can be enabled/disabled via the BIOS.
 
Ok, i just did wonder and thought there is a option i don't know.
Never thought about disabling HT in the BIOS...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back