Hardware overkill for dedicated OpnSense?

[bowlinggurra]

I have OpnSense running on a Fujitsu ESPRIMO P520 E85+ M14W cladding the following hardware:

• Intel i5-4590 @ 3.30GHz
• 12GB DDR3 RAM
• Intel Ethernet Server Adapter I350-T2V2

With this, I'm actually getting the speeds that I pay for with my fiber connection, which is what I was after.
However, I've started wondering if I'm just throwing a lot of untapped performance away with running this machine dedicated to only functioning as my router like this. So I've considered throwing a Proxmox installation on it and instead have OpnSense run in a container/vm with some additional service, like Nextcloud, working on that machine as well.

What do you think? I really don't want to create any significant (or any) decrease in routing performance from doing this. Any suggestions as to how I should approach this analytically? Can I run some performance tests before and after going the Proxmox-route to compare the results?

Thanks.

[meyergru]

That machine is O.K. to use as a router (albeit it is far more power-hungry when compared to something more modern, that performs at the same level - like an N100).

Under Proxmox, it is seriously questionable, mostly because it has too little RAM. Proxmox itself eats up some of it, such that you only have ~4 GByte for each of two VM instances. Sharing memory by balooning does not work too well with FreeBSD/OpnSense either.

So you may be able to have a NextCloud instance besides your OpnSense, but do not expect anything more.

[Patrick M. Hausen]

Adding to @meyergru I have become a fan of PCIe pass through of dedicated network interfaces if you run a firewall virtualised. You might want to consider adding another NIC for Proxmox and dedicate that I350-T2V2 to the OPNsense VM.

Virtual network adapters come with a serious performance penalty.

[Greg_E]

Including the ZFS cache, I have more than 8GB of ram in use on my bare metal firewall. Just shy of 4GB of "real" ram used when I checked it a moment ago.