> On Mar 4, 2015, at 12:54 AM, Bryan D. <pfse...@derman.com> wrote: > > Today, having received a pair of SuperMicro AOC-SG-i2 NICs from the pfSense > store, I asked about the applicable pfSense "offloading" settings (via the > pfSense contact form). > > > Receiving an oblique (non-)response, I re-sent a query that included the > following text: > --- > [...] specifically, what should the pfSense settings be for: > - Hardware Checksum Offloading > - Hardware TCP Segmentation Offloading > - Hardware Large Receive Offloading > > I.E., can each of these be enabled when using AOC-SG-i2 NICs? > > With my current systems, segmentation and large receive offloads are > disabled. I don't remember what the default was (and it's not stated on the > configurator page) [...] > > Understand that the configurator page has warnings about these capabilities > being "... broken in some hardware drivers, ..." so, even though the NICs are > spec'd to support these capabilities, there's still the question whether the > drivers work properly [...] That's the reason for my query. > --- > > > To which I received the following response (an attitude that left me feeling > considerably less enthusiastic about trying to support the project): > --- > We do not provide pfSense support for these cards unless they are installed > in a system we sell. My suggestion is to search the forums for the tuning you > desire. > > I know this is not the answer you desire but that is our official response. > --- > > For the record, I don't really consider these questions to be "support" ... > just a clarification of the specs, which should be straightforward given that > it's a 1-product organization (and would be best stated on the store's > web-page).
Answering any question post-sale is “support”. You are using a free open source product. The only cost to you is to figure out how to make it work. If you are unable or unwilling, then we (and others) offer paid support options. There is also, as whomever from Netgate explained, support options including the forum and this list. > Does anyone know the answer to my questions about the various offloading > settings that should be used with these cards? LRO works by aggregating multiple incoming packets from a single stream into a larger buffer before they are passed higher up the networking stack, thus reducing the number of packets that have to be processed. LRO should not be used on machines acting as routers, (and it is quite likely that you’re using pfSense as a router or, equivalently, a router), as it breaks the end-to-end principle and can significantly impact performance. TSO is similar, but for sending. It works by queuing up large buffers and letting the network interface card (NIC) split them into separate packets just before transmit. Both LRO and TSO can help if you are an endpoint, *not a router*. If you were using pfSense an an appliance (say, for DNS), they would possibly help performance. Now onto “hardware checksum offload”: First, let’s briefly discuss where checksumming is used. The Ethernet hardware calculates the Ethernet CRC32 checksum and the receive engine validates this checksum. If the received checksum is wrong pfSense won’t even see the packet, as the Ethernet hardware internally throws away the packet. (There are exceptions, such as if the interface is in promiscuous mode.) Higher level checksums are “traditionally” calculated by the protocol implementation and the completed packet is then handed over to the hardware. Recent network hardware can perform the IP checksum calculation, also known as checksum offloading. The network driver won’t calculate the checksum itself but will simply hand over an empty (zero or garbage filled) checksum field to the hardware. Some cards will additionally process TCP and UDP checksums, as above, this isn’t going to be of any value on a router. It’s possible, if everything else is right, then IP checksum offload can provide a modest performance improvement, but this is unlikely to be more than “noticeable” at the speeds where most individuals run pfSense. However, at 10Gbps (or above), these engines become quite useful. Support for these is an important component of our “3.0” effort. In case it’s not clear by now, these settings are all *disabled* by default in pfSense. Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold