Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: nhk on April 01, 2026, 10:52:15 AM

Title: Performance Tunning on Openstack
Post by: nhk on April 01, 2026, 10:52:15 AM
Hello,

I am setting up IPS in an OpenStack environment. It works fine when I use a single NIC, but when I use more than one NIC, I encounter the following errors:

I tried configuring the system with:

dev.netmap.buf_num = 1000000
dev.netmap.admode = 0
dev.netmap.ring_num = 256
dev.netmap.buf_size = 4096

However, it did not work. When I changed dev.netmap.admode to 2, it started working, but only in emulated mode with poor performance.

I would appreciate any advice on how to run IPS efficiently in an OpenStack environment.

Thank you.
Title: Re: Performance Tunning on Openstack
Post by: Monviech (Cedrik) on April 01, 2026, 11:31:36 AM
You could look into the new divert-to mode which will not use the netmap driver, so it should have better performance in non-optimal environments.

https://docs.opnsense.org/manual/ips.html#general-setup

Title: Re: Performance Tunning on Openstack
Post by: nhk on April 01, 2026, 12:16:48 PM
Quote from: Monviech (Cedrik) on Today at 11:31:36 AMYou could look into the new divert-to mode which will not use the netmap driver, so it should have better performance in non-optimal environments.

https://docs.opnsense.org/manual/ips.html#general-setup



Thank you much. I will test it. :)
Text only | Text with Images