Am 04.03.2015 um 16:17 schrieb Jim Thompson:
LRO works by aggregating multiple incoming packets from a single
stream into a larger buffer before they are passed higher up the
networking stack, thus reducing the number of packets that have to be
LRO should not be used on machines acting as routers, (and it is
quite likely that you’re using pfSense as a router or, equivalently,
a router), as it breaks the end-to-end principle and can
significantly impact performance.
TSO is similar, but for sending. It works by queuing up large
buffers and letting the network interface card (NIC) split them into
separate packets just before transmit.
Both LRO and TSO can help if you are an endpoint, *not a router*.
If you were using pfSense an an appliance (say, for DNS), they would
possibly help performance.
Now onto “hardware checksum offload”:
First, let’s briefly discuss where checksumming is used.
The Ethernet hardware calculates the Ethernet CRC32 checksum and the
receive engine validates this checksum. If the received checksum is
wrong pfSense won’t even see the packet, as the Ethernet hardware
internally throws away the packet. (There are exceptions, such as if
the interface is in promiscuous mode.)
Higher level checksums are “traditionally” calculated by the protocol
implementation and the completed packet is then handed over to the
hardware. Recent network hardware can perform the IP checksum
calculation, also known as checksum offloading. The network driver
won’t calculate the checksum itself but will simply hand over an
empty (zero or garbage filled) checksum field to the hardware.
Some cards will additionally process TCP and UDP checksums, as above,
this isn’t going to be of any value on a router.
It’s possible, if everything else is right, then IP checksum offload
can provide a modest performance improvement, but this is unlikely to
be more than “noticeable” at the speeds where most individuals run
pfSense. However, at 10Gbps (or above), these engines become quite
useful. Support for these is an important component of our “3.0”
In case it’s not clear by now, these settings are all *disabled* by
default in pfSense.
This good explanation should find a way into the wiki!
pfSense mailing list
Support the project with Gold! https://pfsense.org/gold