Looking for some advice / recommendations / considerations on running OPNsense on bare metal vs virtualized, and if virtualized how best to do so.
I currently have OPNsense running bare metal on a Protectli FW6E Vault, with the following specs:
- Intel i7-8550U CPU @ 1.80GHz
- 120GB mSATA (1% utilization)
- 16GB RAM (6.5% utilization)
- 6 Gigabit Ethernet NIC ports
The Vault running OPNsense is the primary firewall and router, any wireless devices connect through a dumb AP running OpenWRT. Connected over Ethernet I have a RPi running HomeAssistant OS (would probably also move to virtual if that’s the chosen direction) as well as a TrueNAS setup.
How much of a performance hit would be expected running in some sort of container vs the current bare metal setup? Are there any other concerns with running the main firewall / router virtually vs bare metal to take into account?
I virtualized my OPNsense years ago via Proxmox and put it on HA. I’ve had it failover to another node that blinked out for some reason, and not noticed it for weeks. I’m a complete believer in virtualizing it. I used 2 nics per node and the external NIC is on a switch across all nodes. YOu could use VLANs instead.
Not to mention the snapshots before updates, and restoring via PBS (which I’ve had to do and takes a few minutes). I would never go back to bare metal.