Hi all,
Like many others (and with much thanks to the STH Youtube channel!), I'm now running what seems to be this year's high fashion of home firewall config:
During maxed-out downloads from the internet, I'm seeing proxmox reporting the guest CPU rising from 5% to a stable 25% (much higher than I'd expect for a trifling 45Mbps), but the opnsense VM itself reports almost zero change and idle CPU usage during this download. The opnsense UI also feels quite laggy when accessing it during a download. If I switch the two NICs back to virtio adapters exposed from Proxmox, the problem is much reduced with host CPU rising to somewhere around 10% instead. When looking at top on the Proxmox host, the CPU usage is virtually all in the kvm process.
Any thoughts? Is there anything I specifically need to check? I've already confirmed that hardware checksum offload is disabled (this appears to be the default in opnsense for my install), but have tried with it enabled (no change). My experience (to be fair, VMware and much bigger / better hardware!) is that PCI passthrough should be extremely low overhead for both host and guest, with the "cost" of this configuration mostly in a lack of flexibility (e.g. migrating VMs in a cluster) and inability to share resource between multiple VMs, something I'm happy to forego here.
Tried plenty of stuff, but not getting anywhere so have switched back to virtio for now, but would be nice to get to the bottom of this, or at least get experience from others as to what they are seeing.
Like many others (and with much thanks to the STH Youtube channel!), I'm now running what seems to be this year's high fashion of home firewall config:
- Aliexpress N5105 (i226-V version), using decent RAM and SSD (i.e. Crucial + Samsung)
- Proxmox (7.4-3 - clean install last week and fully updated post-install)
- OPNsense (23.1.7_3), configured with two cores and 4GB
During maxed-out downloads from the internet, I'm seeing proxmox reporting the guest CPU rising from 5% to a stable 25% (much higher than I'd expect for a trifling 45Mbps), but the opnsense VM itself reports almost zero change and idle CPU usage during this download. The opnsense UI also feels quite laggy when accessing it during a download. If I switch the two NICs back to virtio adapters exposed from Proxmox, the problem is much reduced with host CPU rising to somewhere around 10% instead. When looking at top on the Proxmox host, the CPU usage is virtually all in the kvm process.
Any thoughts? Is there anything I specifically need to check? I've already confirmed that hardware checksum offload is disabled (this appears to be the default in opnsense for my install), but have tried with it enabled (no change). My experience (to be fair, VMware and much bigger / better hardware!) is that PCI passthrough should be extremely low overhead for both host and guest, with the "cost" of this configuration mostly in a lack of flexibility (e.g. migrating VMs in a cluster) and inability to share resource between multiple VMs, something I'm happy to forego here.
Tried plenty of stuff, but not getting anywhere so have switched back to virtio for now, but would be nice to get to the bottom of this, or at least get experience from others as to what they are seeing.