8860 hardware offload
Just got a new 8860-1U from Netgate and in Advanced Networking, I notice the following two options are checked:
Hardware TCP Segmentation Offloading Disable hardware TCP segmentation offload
Checking this option will disable hardware TCP segmentation offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs. This will take effect after a machine reboot or re-configure of each interface.
Hardware Large Receive Offloading Disable hardware large receive offload
Checking this option will disable hardware large receive offloading (LRO). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs. This will take effect after a machine reboot or re-configure of each interface.
Checked of course meaning that the hardware offloading is disabled. Should they be disabled/checked? Does the official 8860-1U hardware not support these?
Hardware Large Receive Offloading (LRO)
LRO works by aggregating multiple incoming packets from a single stream into a larger buffer before they are passed higher up the networking stack, thus reducing the number of packets to be processed. LRO should not be used on machines acting as routers as it breaks the end-to-end principle and can significantly impact performance. pfSense is most frequently used as a router or an equivalent.
Hardware TCP Segmentation Offloading (TSO)
TSO is similar to LRO, but for sending. It works by queuing large buffers and letting the network interface card (NIC) split them into separate packets just before transmit.
Both LRO and TSO can help when pfSense is an endpoint and not a router. If pfSense is being used as an appliance (e.g. for DNS), it is possible the options could enhance performance.
Hardware Checksum Offloading
The Ethernet hardware calculates the Ethernet CRC32 checksum and the receive engine validates this checksum. If the received checksum is wrong pfSense normally won't even see the packet, as the Ethernet hardware internally throws away the packet (though there are exceptions, such as when the interface is in promiscuous mode).
Higher-level checksums are "traditionally" calculated by the protocol implementation and the completed packet is then handed over to the hardware. Recent network hardware can perform the IP checksum calculation, also known as checksum offloading. The network driver won't calculate the checksum itself but will simply hand over an empty (zero or garbage-filled) checksum field to the hardware.
Some cards will additionally process TCP and UDP checksums, as above, but this isn't of value on a router.
It's possible, when everything else is right, that IP checksum offloading can provide a modest performance improvement, but this is unlikely to be more than "noticeable" with the traffic processed by most pfSense installations. However, at 10Gbps or above, such offloading can become quite useful. Support for these is an important component of the pfSense "3.0" effort.
pfSense 2.x defaults both the LRO and TSO settings to disabled and the Hardware Checksum Offloading settings to enabled.
Got it. Good info to have. I was unaware on several of these items. Thank you!