Confusing options for turning off the disablement of LRO and TSO
In pfSense 2.2.2 under System | Advanced | Networking | Networking Interfaces, there are three options:
- Disable hardware checksum offload
- Disable hardware TCP segmentation offload
- Disable hardware large receive offload
All three have similar descriptions to the point of some NICs don't handle the offloading well and it might be useful to turn it off in that case.
I found that in my install, by default, checksum was not disabled and the other two were disabled.
I went searching to see if they needed to be disabled for my particular NIC. DeeJayTwo on IRC pointed me at the following link:
Note that these tech docs explicitly state that LRO and TSO should always be disabled for routing applications, and not doing so can lead to bad behavior and potentially kernel panics.
If that is the case, why are LRO and TSO even displayed as options that could be flipped? At the very least, shouldn't they be further hidden under the System | Advanced | System Tunables page where less informed users might happen upon them and decide since checksum offloading is working fine, maybe I should try out the other two as well?
LRO and TSO can also not play well with traffic shaping, possibly allowing the NIC to send offloaded data at line rate. I'm not sure if this applies to FreeBSD, but I know it's an issue in general across many platforms.
Funny that you linked to their doc and not ours, which explains it all and why the options are there. :-)
Well. That is certainly perfectly acceptable documentation on the matter and don't it make me look like a fool. :)
I certainly thought I had looked at that doc page. I'm sorry for the waste of time.
Old thread, but I was just reading through the pfSense Book and ran across the warnings in there about un-checking those (LRO & TSO) options ("Do not uncheck this option unless directed to do so by a support representative"). I did some searching for more information and found the referenced web pages and this thread. It would probably be nice if the blurbs in pfSense, itself, under those options included that warning instead of just mentioning possible issues with hardware drivers and NICs. Since I'm on an SG-4860 with its Intel NICs, I assumed I could turn all those "Disable Hardware" options off and did so. Only now that I'm reading the book do I see I was wrong.
If that is the case, why are LRO and TSO even displayed as options that could be flipped?
They (the developers) don´t know what hardware will be in the game including the NICs and there fore it might be
better to turn it off by default but able to enable it if needed matching to the right hardware, case or situations.
Do not uncheck this option unless directed to do so by a support representative
That only means that it would help perhaps in some rarely cases and this should be only set or turned around if
a supporter is telling a customer to do it.
Since I'm on an SG-4860 with its Intel NICs, I assumed I could turn all those "Disable Hardware" options off and did so. Only now that I'm reading the book do I see I was wrong.
Then you should not do anything like this, because this SG units from the pfSense shop came with a pre-tuned pfSense
system and they (the developers) know this hardware to 100% and what is going on with its tunings.