--- Comment #3 from Mark Peek <m...@freebsd.org> ---
From my testing this is not a bug and everything is working as designed. I am
seeing a large decrease in performance when LRO is turned on and using pfSense
as a gateway. This is due to the originating packets having the IP DF (don’t
fragment) flag set which then gets combined into larger packets via LRO. When
this (larger) packet needs to be fragmented to match the other NIC the FreeBSD
kernel sees the DF flag, drops the packet, and then sends back an ICMP
“unreachable - need to frag” message to the sender. The reason it works at all
is due to other traffic which disallows the LRO to occur and some packets get
One test I did was turning LRO on and using scp to put a file onto the pfSense
appliance which resulted in good performance (not seeing the same drop in
performance). I would be interested if you 1) see good performance with LRO
turned on and scp a large file to the appliance and 2) see ICMP "need to frag"
with LRO turned on and scp to a machine on the remote side.
Since the pfSense appliance is being used as a gateway you should leave LRO
You are receiving this mail because:
You are the assignee for the bug.
email@example.com mailing list
To unsubscribe, send any mail to