This started with 4.0, I have upgraded to 4.1 but haven't specifically tested performance since. Routing from one VLAN to another entirely inside VMware is still slow, however. AFAIK this is somehow related to interrupt handling and/or mitigation. The bad news is that since upgrading to 4.1, the pfSense guest occasionally loses ALL network interrupts for about 15 minutes at a time - this happens at least once or twice a week. It starts slowly, performance is merely degraded, then nothing, then slowly returns to normal - whole event takes ~15min.
Traffic arriving at or leaving the VMWare HOST shows normal performance levels, it's only traffic within the host that seems slow: SMB traffic across the pfSense router, no NAT involved, one pass-all pf rule, runs between 10Mbit/sec and 100Mbit/sec. I also see lots of TCP badness if I run a sniffer on either end - dup acks, dup pkts, and missing packets. I also have a lot (~7Mbyte/sec) of multicast traffic on one of the VLANs, which may contribute to the problem. -Adam > -----Original Message----- > From: Scott Ullrich [mailto:sullr...@gmail.com] > Sent: Saturday, October 02, 2010 13:37 > To: discussion@pfsense.com > Subject: Re: [pfSense-discussion] pfSense router/firewall in a > Vmware ESXi guest for other guests > > On Sat, Oct 2, 2010 at 2:27 PM, Adam Thompson <athom...@c3a.ca> > wrote: > > It works, but performance is, in my experience, poor. Don't use > trunking > > (802.3ad / LACP) and VLANs together, or inter-vlan routing slows > down > > drastically. This appears to be a VMWare problem, not a pfSense > problem. > > I recommend creating one virtual Ethernet device per network, and > in fact > > mapping each virtual switch (or vlan) to a physical NIC on the > host. > > Basically, keep the networking as simple as possible, don't get > fancy like > > I did. > > Was this with 4.0 or 4.1? 4.1 seems to drastically improved > across > the board in terms of I/O in general. > > Scott > > ------------------------------------------------------------------- > -- > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
