new setup cannot reach line speeds

[muusemuuse]

I've set up a fedora server and threw OPNsense into a VM on it.  The system has a ryzen 5800xt CPU and a dual port intel i226v NIC installed.  I have pinned 2 CPU cores to the OPNsense VM and fed 1 thread from each core to the VM.  The WAN port is passed to the VM via direct attachment (bridge right now, though I will probably change that to private) and the LAN port uses linux bridges for the untagged traffic as well as the vlan ports on it.  The plan is to pass them all as separate interfaces into OPNsense, then tell the host to grab an IP on whatever bridge I need it to talk to.

OPNsense is configured right now to only use the WAN and LAN ports.  I havent set up the vlan interfaces yet.  Firewall rules are still defaults.

My interent connection speed is 1000 down/40 up, but in this configuration I can only hit 670 down/40 up on speedtest.net from a client device on the network.  I tried doing this bare metal for comparison and it hit 824/40.  connecting a macbook to the modem directly got me to 916/40. I'm using virtuio since passthrough is just not going to happen with this crappy motherboard but supposedly that should be fine.

I know there's going to be some overhead with this, and I haven't done any performance tuning yet because I'm still testing out basic functionality first, but this seems a bit severe.  I have clearly overlooked something, but I'm stumped as to what I'm missing.

I checked the read me first posts on here.  I saw there were some mitigations I could disable in OPNsense and did try that but no change.  There is a firmware update possibly out there for this NIC but the linux host has custody of the NIC and it's not telling me what version firmware it has on it.  That update seems to be more about stability than performance anyway and I'm getting stable connections, just not performant ones.

What am I overlooking?