"
Hi all,
Running Opnsense on a Supermicro A2SDi-2C-HLN4F ....the NIC's on this are described as "Quad LAN with IntelĀ® C3000 SoC". 8GB DDR4 ECC RAM, 40GB Intel SSD i had lying around.
Using this as my main FW/Router as these seem quite capable.
I'm running Suricata and Unbound DNS.
Sensei is enabled on the LAN, OPT1 and OPT2 using MongoDB to back it.
The WAN should be 320 down.
I was getting 180-190 down.
Ran top -P, nothing much going on there at all so its not load/resourcing. then unchecked "Disable hardware checksum offload".
I now get 310 (280-310) down, so basically expected throughput on the WAN.
I'm going to run some more tests between LAN and OPT interfaaces to see if they reach 1GB, but just wanted advice on options.
The other two options under the same section as the checksum offload are:
Disable hardware TCP segmentation offload
Disable hardware large receive offload
These appear to be ticked by default.
I'd like to understand how these two options interact with what Opnsense (and the plugins i have installed) are trying to do. Obviously having some processes done in hardware will be quicker, but i don't really want to enable anything unneccessary or that will cause more of a problem if it is better dealt with in the software.
Its clear that the default setiings are not ideal in my case, so i'm just looking for other optimisations and advice.
Any tunables that may help or specific settings for Suricata/Sensei etc.
Thanks in advance.
Running Opnsense on a Supermicro A2SDi-2C-HLN4F ....the NIC's on this are described as "Quad LAN with IntelĀ® C3000 SoC". 8GB DDR4 ECC RAM, 40GB Intel SSD i had lying around.
Using this as my main FW/Router as these seem quite capable.
I'm running Suricata and Unbound DNS.
Sensei is enabled on the LAN, OPT1 and OPT2 using MongoDB to back it.
The WAN should be 320 down.
I was getting 180-190 down.
Ran top -P, nothing much going on there at all so its not load/resourcing. then unchecked "Disable hardware checksum offload".
I now get 310 (280-310) down, so basically expected throughput on the WAN.
I'm going to run some more tests between LAN and OPT interfaaces to see if they reach 1GB, but just wanted advice on options.
The other two options under the same section as the checksum offload are:
Disable hardware TCP segmentation offload
Disable hardware large receive offload
These appear to be ticked by default.
I'd like to understand how these two options interact with what Opnsense (and the plugins i have installed) are trying to do. Obviously having some processes done in hardware will be quicker, but i don't really want to enable anything unneccessary or that will cause more of a problem if it is better dealt with in the software.
Its clear that the default setiings are not ideal in my case, so i'm just looking for other optimisations and advice.
Any tunables that may help or specific settings for Suricata/Sensei etc.
Thanks in advance.
