ipfw kernel NAT performance much worse in 11-Stable than 10-Stable [SOLVED]
Graham Menhennitt
graham at menhennitt.com.au
Sat Sep 2 00:09:29 UTC 2017
On 31/08/2017 22:27, Andrey V. Elsukov wrote:
> On 31.08.2017 15:10, Graham Menhennitt wrote:
>> On 10-Stable, the interface is re1. The output of 'ifconfig re1 | grep
>> options' is:
>> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
>>
>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>
>> On 11-Stable (the one with the problems), it's igb1 and the output of
>> 'ifconfig igb1 | grep options' is:
>> options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
>>
>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>
> You need to disable TSO on your interface, ipfw nat is not compatible
> with TCP segmentation offloading (this is noted in ipfw(8) BUGS section).
>
> Try to use:
> ifconfig igb1 -vlanhwtso -tso4
>
> You can add these option to "ifconfig_igb1" variable in rc.conf.
>
Thanks very much for that Andrey (and Ian). It fixes the performance
problem. I did look an the man page for both igb and ipfw but must have
missed this. I agree, Ian, it would be good if there was some kind of
warning at runtime.
So, that fixes the performance problems. I have another problem that
I'll send a separate email about.
Thanks again,
Graham
More information about the freebsd-ipfw
mailing list