OPNSense, Jumbo Frames and IPv6

Started by bamf, February 25, 2025, 07:49:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 25, 2025, 07:49:09 PM
Hi,

I recently set up an OPNsense installation on x86/64 hardware (with an Intel Atom C3808), which handles the PPPoE dial-in for my VDSL connection and will later manage the Telekom fiber connection.

It is connected to my switch via a 10G DAC. One of the 2.5G ports is configured as a failover, meaning it has no active link during normal operation.

Since the processor was struggling with packet processing, I started experimenting with an MTU of 9000 (Jumbo Frames).

So far, this works well. Outbound (into the LAN), the device now achieves >8 Gbit/s, whereas previously, it was limited to ~3 Gbit/s.

I have manually configured the MTU on most devices. The remaining ones (printer, TV, IP Phone, etc.) seem to handle Path MTU Discovery just fine.

Additionally, I am advertising MTU 9000 via DHCP (v4|v6) (Option 26) and in the Router Advertisements using AdvLinkMTU.

However, I'm unsure if this works correctly for IPv6. When I send packets with an MTU >1500 to the OPNsense, they appear to be fragmented there:

Code Select
19:21:00.689884 IP6 (flowlabel 0x64674, hlim 64, next-header ICMPv6 (58) payload length: 3008) fda6::3221:21ff:fe00:99e > OPNSense.home.arpa: [icmp6 sum ok] ICMP6, echo request, id 62758, seq 1
19:21:00.690083 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x6ad09c21:0|1440) ICMP6, echo reply, id 62758, seq 1
19:21:00.690091 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x6ad09c21:1440|1440)
19:21:00.690126 IP6 (hlim 64, next-header Fragment (44) payload length: 136) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x6ad09c21:2880|128)
19:21:01.723259 IP6 (flowlabel 0x64674, hlim 64, next-header ICMPv6 (58) payload length: 3008) fda6::3221:21ff:fe00:99e > OPNSense.home.arpa: [icmp6 sum ok] ICMP6, echo request, id 62758, seq 2
19:21:01.723484 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x12234b6d:0|1440) ICMP6, echo reply, id 62758, seq 2
19:21:01.723518 IP6 (hlim 64, next-header Fragment (44) payload length: 1448) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x12234b6d:1440|1440)
19:21:01.723525 IP6 (hlim 64, next-header Fragment (44) payload length: 136) OPNSense.home.arpa > fda6::3221:21ff:fe00:99e: frag (0x12234b6d:2880|128)

I have already disabled all hardware offloading functions (CRC, TSO, LRO) for testing, but this made no difference.

Is this behavior expected, or do I need to configure anything else for IPv6 specifically?
Print
Go Up Pages1
User actions