Re: [pfSense-discussion] pfSense router/firewall in a Vmware ESXi guest for other guests

2010-10-07 Thread Chris Buechler 
On Thu, Oct 7, 2010 at 3:43 PM, Eugen Leitl eu...@leitl.org wrote:
 On Sat, Oct 02, 2010 at 03:53:54PM -0400, Chris Buechler wrote:

 That's not the normal experience from what I've seen, sounds specific
 to something in particular you're doing. I believe every environment
 I've seen that routes between VLANs within ESX handles the VLANs
 entirely at the ESX level, with one vswitch per VLAN and the firewall
 connected to the individual vswitches, maybe that's the difference.

 Running inside of VMware isn't nearly as fast as running on equivalent
 bare metal, but most of the time you don't need that kind of
 performance, 300 Mbps is easily achievable with e1000 NICs and
 moderately new (anything with VT) server hardware. I've been on dozens

 Chris, how much memory do you recommend for a pfSense ESXi instance,
 which handles 4 guests (one IP address each), 100 MBit/s switched
 setup? Do I need 1+ GByte, or can I risk allocating just 512
 MBytes to the guest?


It depends. Virtual sizing no diff from physical. Depends on
simultaneous connections, what packages and configurations they use,
etc. I use 128 MB RAM and 2 GB disks on most of my test and dev boxes,
they're mostly pretty basic though.

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense-discussion] pfSense router/firewall in a Vmware ESXi guest for other guests

2010-10-07 Thread Greg Hennessy 
If I may add one thought to this, 

Chokepoint have recently announced a virtual version of their 'blade' product 
which uses the VMSafe API to enable more efficient inspection of traffic 
travelling between virtual machines and the outside world. 

http://www.networkworld.com/news/2010/090110-check-point-vmware-security.html?hpg1=bn

Dunno what the possibilty of such an approach is with pfSense. 

Given the innards of VMWare is linux based, the ABI is likely to be interesting 
for other operating systems to interface against. 



Greg



From: Chris Buechler [cbuech...@gmail.com]
Sent: 07 October 2010 15:32
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] pfSense router/firewall in a Vmware ESXi 
guest for other guests

On Thu, Oct 7, 2010 at 3:43 PM, Eugen Leitl eu...@leitl.org wrote:
 On Sat, Oct 02, 2010 at 03:53:54PM -0400, Chris Buechler wrote:

 That's not the normal experience from what I've seen, sounds specific
 to something in particular you're doing. I believe every environment
 I've seen that routes between VLANs within ESX handles the VLANs
 entirely at the ESX level, with one vswitch per VLAN and the firewall
 connected to the individual vswitches, maybe that's the difference.

 Running inside of VMware isn't nearly as fast as running on equivalent
 bare metal, but most of the time you don't need that kind of
 performance, 300 Mbps is easily achievable with e1000 NICs and
 moderately new (anything with VT) server hardware. I've been on dozens

 Chris, how much memory do you recommend for a pfSense ESXi instance,
 which handles 4 guests (one IP address each), 100 MBit/s switched
 setup? Do I need 1+ GByte, or can I risk allocating just 512
 MBytes to the guest?


It depends. Virtual sizing no diff from physical. Depends on
simultaneous connections, what packages and configurations they use,
etc. I use 128 MB RAM and 2 GB disks on most of my test and dev boxes,
they're mostly pretty basic though.

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org