Re: [pfSense] NIC Offloading Setting Questions

2015-03-04 Thread Jens Tautenhahn
Am 04.03.2015 um 16:17 schrieb Jim Thompson:
 LRO works by aggregating multiple incoming packets from a single
 stream into a larger buffer before they are passed higher up the
 networking stack, thus reducing the number of packets that have to be
 LRO should not be used on machines acting as routers, (and it is
 quite likely that you’re using pfSense as a router or, equivalently,
 a router), as it breaks the end-to-end principle and can
 significantly impact performance.
 TSO is similar, but for sending.  It works by queuing up large
 buffers and letting the network interface card (NIC) split them into
 separate packets just before transmit.
 Both LRO and TSO can help if you are an endpoint, *not a router*.
 If you were using pfSense an an appliance (say, for DNS), they would
 possibly help performance.
 Now onto “hardware checksum offload”:
 First, let’s briefly discuss where checksumming is used.
 The Ethernet hardware calculates the Ethernet CRC32 checksum and the
 receive engine validates this checksum. If the received checksum is
 wrong pfSense won’t even see the packet, as the Ethernet hardware
 internally throws away the packet.  (There are exceptions, such as if
 the interface is in promiscuous mode.)
 Higher level checksums are “traditionally” calculated by the protocol
 implementation and the completed packet is then handed over to the
 hardware.  Recent network hardware can perform the IP checksum
 calculation, also known as checksum offloading. The network driver
 won’t calculate the checksum itself but will simply hand over an
 empty (zero or garbage filled) checksum field to the hardware.
 Some cards will additionally process TCP and UDP checksums, as above,
 this isn’t going to be of any value on a router.
 It’s possible, if everything else is right, then IP checksum offload
 can provide a modest performance improvement, but this is unlikely to
 be more than “noticeable” at the speeds where most individuals run
 pfSense.   However, at 10Gbps (or above), these engines become quite
 useful.   Support for these is an important component of our “3.0”
 In case it’s not clear by now, these settings are all *disabled* by
 default in pfSense.

This good explanation should find a way into the wiki!

pfSense mailing list
Support the project with Gold!

Re: [pfSense] Voipo

2014-12-22 Thread Jens Tautenhahn

Has anyone had success with Voipo and pfSense? I'm not sure if this is
a pf issue or their issue but out going calls work fine. Incoming are
very spotty and fail most of the time. I've port forwarded the ports
as marked here:

Have you tried siproxd? Siproxd sets port forwarding and firewall rules 
dynamically. With siproxd it is possible to use multiple SIP devices 
behind pfSense.

List mailing list