On 8/24/2011 11:31 AM, Lars Hansson wrote:
If you want a comparison, I have run a small OpenBSD router under KVM
and it easily sustained 80Mbps. It was connected to a FastEthernet
switch so it couldnt actually go much higher. This was using the
emulated e1000 KVM device and OpenBSD 4.9 release with mpbios& iic
disabled (disabling iic removes some annoying boot messages). The KVM
server was a modest 3Ghz Core2 Duo with 4Gb RAM and a lot of other
VM's running.
Cheers,
Lars
You might see a bit more performance by load-balancing across two or
more VMs. Where I work, we have a couple virtual routers / firewalls
(these systems are internal-only so security on these machines isn't
critical)
I found that having 2 VMs load balanced in CARP gave more performance
than doubling the resources on a single system. No tweaking was done on
the systems which makes them much easier to maintain. Plus we can spin
up more to add additional throughput without any downtime
Recently we have added a few more firewalls to load balance with, each
using the same configuration and adding performance to the cluster. We
are seeing diminishing returns on each firewall we add (Overhead due to
pfsync, CARP, etc)
The VM host runs VMware ESXi on 16 GB RAM and 2 8-core Opterons (6128HE,
2 Ghz) and has two 10-Gb network cards (inside and outside) and 2x 1 Gb
cards (Management and inter-host network). The VMs are configured with
a single processor core and 256 Mb RAM and 3 Virtual Gb network cards
(Inside, outside and pf-sync)
