Help with High CPU Usage in OPNSense VM inside Proxmox

Jun 9, 2024
Hi everyone,
I'm experiencing an issue with high CPU usage in my OPNSense VM running inside Proxmox and could really use some help.
Setup Details:

Host Configuration:
Proxmox Host -> pve-manager/8.2.2 (running kernel: 6.8.4-3-pve)
Intel i7-8700 3.20GHz
IOMMU enabled (iommu=on and iommu=pt in /etc/default/grub)
Proxmox installed on SSD NVME default installation with LVM.

VM Configuration:
OPNSense VM -> OPNsense 24.1.8-amd64
4GB RAM -> Ballooning device deactivated
1 socket, 4 CPU threads (using host cpu type, testing with others doesn't change anything)
Passing through 4 ports of Intel I226V 2.5GbE as raw devices -> PCI-E is on in the settings of pci devices.
1 proxmox bridge to assign an IP to the proxmox host and set the gateway to be the OPNSense VM.
Qemu guest agent installed on OPNSense and activated on proxmox side.

When I run a speed test, downloading at speeds of 2.1 Gbps to 2.5 Gbps, Proxmox reports 80-100% CPU usage. However, inside the OPNSense dashboard, the CPU usage is reported as 5-20%.
I’m trying to understand why the CPU usage is so high on Proxmox.
Things I've Tried:

Tested with CPU mitigations turned off.
Tested OpenWRT and the CPU Usage doesn't go above 10-15% at full 2.5Gb speed so this is a problem with OPNSense.


Why is there such a discrepancy between CPU usage reported by Proxmox and OPNSense?
Is there anything I can do to optimize or reduce the CPU usage on Proxmox when running high-speed network tasks?

Any insights or suggestions would be greatly appreciated!
Thanks in advance!

Footnote: The screenshots below are during a speedtest from my desktop PC at a 1Gb/s throughput.



Jul 17, 2016
1 proxmox bridge to assign an IP to the proxmox host and set the gateway to be the OPNSense VM.
Check system/irq CPU usage on the host and VM. You probably have to use the CLI here. Am I guessing right that your internal default gateway (OPNsense) is configured on the the bridge? So any measurement goes through the Proxmox host first and then through the bridge setup to the OPNsense VM? If yes, the bottom line is, even when optimized any virtual networking setup on a FreeBSD VM is a CPU guzzling hog. Best I could do with an I5-8400 was 3GBit/s (@2.8Ghz, 35W TDP enforced) With a Linux VM I could easily reach 40GBit/s.

Do you really need all four NICs in the OPNsense VM?
