On the recommendation of a friend, I decided to try XCP-NG directly on an older server MB that I had available. Basic setup is single socket Xeon, a bunch of memory, and a couple of NICs.
Goal: turn this box into a pfSense router… everything I read beforehand seems to indicate the pfSense works well as a VM and it seemed like a cool little side project! Install went well and, other than the steep learning curve, I quickly had the hypervisor setup with pfSense VM running. I followed all the instructions about putting the VM tools onto pfSense and turning off the TX checksum.
Issue: The host server performance seems to show the physical CPU is barely loaded but pfSense (via management interface) is showing 50-60% CPU load! At this point, there is zero real traffic running! Something is not adding up.
A little help from someone more experienced would be appreciated.
Be aware that virtualizing pfsense isn’t a good idea. There is a reason it is called the forbidden router. But if you choose to proceed down this path I’d suggest looking at system stats. Navigate to Diagnostics → System Activity and see what is hogging your CPU load.
I am having the same problem. I followed all the steps in terms of disabling TCP offloading in xcp-ng, and I have disabled all the hardware offloading within Pfsense, but getting 60% CPU load of just interrupts inside Pfsense, while the host shows 1-2% CPU activity only.
Interestingly, I also seem to have a significant limitation in terms of traffic - only 400MBps down, but full 920MBps up using speedtest.net on a 1Gb fiber link (my actual router running non-virtualized Pfsense gets 940/940) - cannot figure that one out.
I ran a systat command to see what is going on here. This is what my output is. Something is going on with the CPU’s for sure. I am on XCP-ng 8.2 latest.
