Pfsense server hardware settings
-
Hello All,
I have just installed new PFsense based on following hardware blow , and would like to get some help on settings
as my network card is Intel Gigabit ET Quad Port Server Adapter would it be good idea to uncheck with such type of adapter following options
Disable hardware TCP segmentation offload and Disable hardware large receive offload?
Second question would it be good idea to update driver from Intel or leave it by default installed?
Please advice
ThanksServers chassis:
Server Intel chaises based R1304BTL
Xeon(R) CPU E31230
8GB DDR3 FBUF
2X500GB SATA 3
Additional Network Intel Gigabit ET Quad Port Server Adapter -
Assuming you are running 2.0.1 you should leave the drivers as installed unless you have reason to do anything different. They are patched from the drivers that shipped with FreeBSD 8.1 on which 2.0.1 is built.
You should consider this page:
http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_CardsCheck your mbuf levels in the dashboard are not climbing continually.
You could enable TSO and LRO since of all NICs Intel cards are most likely to use this usefully. However with your hardware I'm not sure you'd notice the difference in CPU usage. I'd leave it disabled unless you really need it.
Steve
-
Assuming you are running 2.0.1 you should leave the drivers as installed unless you have reason to do anything different. They are patched from the drivers that shipped with FreeBSD 8.1 on which 2.0.1 is built.
You should consider this page:
http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_CardsCheck your mbuf levels in the dashboard are not climbing continually.
You could enable TSO and LRO since of all NICs Intel cards are most likely to use this usefully. However with your hardware I'm not sure you'd notice the difference in CPU usage. I'd leave it disabled unless you really need it.
Steve
Thanks Steve for the answer
Yes I am using 2.0.1 amd64 ,I thought with Snort package and OpenVpn will be good idea to enable TSO and LRO to tune it more for throughputThanks
-
BTW if i got MBUF Usage 25600/25600 is it bad or ok?
Thanks -
That's bad, you are using all available mbufs. If you check the logs you will probably see errors relating to not having available memory.
You should implement the changes in the link I gave.As a reference my MBUF usage shows as 2694/16832. That's after many weeks of up time.
Steve
-
Thanks Steve for the answer
Yes I am using 2.0.1 amd64 ,I thought with Snort package and OpenVpn will be good idea to enable TSO and LRO to tune it more for throughputThanks
AFAIK, they help with traffic that originates from the box where the adapter is installed, you'd probably want them for SQUID but it shouldn't have an impact on regular NAT/ routing/ firewalling.
Snort documentation does state that using LRO may cause issues though. Something to do with the packet reassembly exceeding the snaplen size.
-
FYI: Here's a post on adjusting your MBUF values.
http://forum.pfsense.org/index.php/topic,37754.msg194854.html