On Sat, Oct 02, 2010 at 03:53:54PM -0400, Chris Buechler wrote: > That's not the normal experience from what I've seen, sounds specific > to something in particular you're doing. I believe every environment > I've seen that routes between VLANs within ESX handles the VLANs > entirely at the ESX level, with one vswitch per VLAN and the firewall > connected to the individual vswitches, maybe that's the difference. > > Running inside of VMware isn't nearly as fast as running on equivalent > bare metal, but most of the time you don't need that kind of > performance, 300 Mbps is easily achievable with e1000 NICs and > moderately new (anything with VT) server hardware. I've been on dozens
Chris, how much memory do you recommend for a pfSense ESXi instance, which handles 4 guests (one IP address each), 100 MBit/s switched setup? Do I need 1+ GByte, or can I risk allocating just 512 MBytes to the guest? Can I allocate 1 virtual CPU to the pfSense instance, or should I allocate 2? (This is a quadcore i7 box, with 8 GByte RAM). Finally, will there be issues if I try for a pfSense carp+pfsync failover, using two pfSense VMWare instances, each on abovementioned i7 box? There's one Intel NIC present, each on a 100 MBit/s switched port. Presumably, I can add another and connect both with a patch cable. Nothing else heavy on the pfSense side, only haproxy. Thanks! > of such systems personally this year alone, across numerous different > customer environments. It's a common setup, and works well including > for routing between VLANs. I know at least a couple setups that route > backups between VLANs, maxes out the system at a bit over 300 Mbps, > but runs fine every night and the resulting performance degradation > for the other interfaces while the firewall VM is pegged isn't an > issue in that environment (everything else still works fine). We have > customers who run their entire colo environments in vSphere including > firewalls, setting the edge CARP pair so the two never get vmotioned > to the same host for proper redundancy. > > To answer the original question, there are numerous environments > running that way with great results. Very solid performance and > reliability. ESX and ESXi are equivalent, any mentions of ESX here > could be ESXi just the same (and many of the environments I'm > referring to are ESXi). -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
