Pfsense server hardware settings



  • Hello All,

    I have just installed new PFsense  based on following hardware blow , and would like to get some help on settings
    as my network card is Intel® Gigabit ET Quad Port Server Adapter would it be good idea to uncheck with such type of adapter following options
    Disable hardware TCP segmentation offload and Disable hardware large receive offload?
    Second question would it be good idea to update driver from Intel  or leave it by default installed?
    Please advice
    Thanks

    Servers chassis:
    Server Intel chaises based  R1304BTL
    Xeon(R) CPU E31230
    8GB DDR3 FBUF
    2X500GB SATA 3
    Additional Network Intel® Gigabit ET Quad Port Server Adapter


  • Netgate Administrator

    Assuming you are running 2.0.1 you should leave the drivers as installed unless you have reason to do anything different. They are patched from the drivers that shipped with FreeBSD 8.1 on which 2.0.1 is built.
    You should consider this page:
    http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

    Check your mbuf levels in the dashboard are not climbing continually.

    You could enable TSO and LRO since of all NICs Intel cards are most likely to use this usefully. However with your hardware I'm not sure you'd notice the difference in CPU usage. I'd leave it disabled unless you really need it.

    Steve



  • @stephenw10:

    Assuming you are running 2.0.1 you should leave the drivers as installed unless you have reason to do anything different. They are patched from the drivers that shipped with FreeBSD 8.1 on which 2.0.1 is built.
    You should consider this page:
    http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

    Check your mbuf levels in the dashboard are not climbing continually.

    You could enable TSO and LRO since of all NICs Intel cards are most likely to use this usefully. However with your hardware I'm not sure you'd notice the difference in CPU usage. I'd leave it disabled unless you really need it.

    Steve

    Thanks Steve for the answer
    Yes I am using 2.0.1 amd64 ,I thought  with Snort package and OpenVpn will be good idea to enable TSO and LRO to tune it more for throughput

    Thanks



  • BTW if i got MBUF Usage 25600/25600 is it bad or ok?
    Thanks


  • Netgate Administrator

    That's bad, you are using all available mbufs. If you check the logs you will probably see errors relating to not having available memory.
    You should implement the changes in the link I gave.

    As a reference my MBUF usage shows as 2694/16832. That's after many weeks of up time.

    Steve



  • @tbaror:

    Thanks Steve for the answer
    Yes I am using 2.0.1 amd64 ,I thought  with Snort package and OpenVpn will be good idea to enable TSO and LRO to tune it more for throughput

    Thanks

    AFAIK, they help with traffic that originates from the box where the adapter is installed, you'd probably want them for SQUID but it shouldn't have an impact on regular NAT/ routing/ firewalling.

    Snort documentation does state that using LRO may cause issues though.  Something to do with the packet reassembly exceeding the snaplen size.



  • FYI:  Here's a post on adjusting your MBUF values.

    http://forum.pfsense.org/index.php/topic,37754.msg194854.html


Log in to reply