OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Hardware and Performance »
  • NIC's and Hardware Acceleration
« previous next »
  • Print
Pages: [1]

Author Topic: NIC's and Hardware Acceleration  (Read 1279 times)

mattlach

  • Newbie
  • *
  • Posts: 32
  • Karma: 0
    • View Profile
NIC's and Hardware Acceleration
« on: August 01, 2024, 10:03:44 pm »
Hey everyone,

So I have read this page in the docs, and have been considered trying to enable hardware offloading to see if it helps with some of my high CPU usage.

The goal here is to reduce some of the high CPU usage I have seen during high bandwidth (~gigabit) use over WireGuard.   I am not sure how much of that load is encryption vs. packet handling / interrupts and how much potential there is to help things by enabling NIC hardware offload.



Any hints, tips and tricks before I do?

The docs seem to warn of misbehaving hardware.  Is there a list anywhere of which hardware people have used with hardware offload successfully?

I use an Intel i210 for WAN, and an Intel x520 for LAN.    I understand older enterprise grade Intel NIC's are some of the most well behaved in Unix and Linux, but should these not be a good fit I have a drawer full of disused NIC's I could experiment with.

Just want to make sure there isn't any helpful info I am missing before I start spending a ton of time experimenting.

It looks like the biggest candidates for useful improvement are hardware CRC and Hardware TSO.

Hardware LRO maybe be helpful to CPU load, but the impacts to latency due to buffer bloat may be undesirable, so I wasnt planning on trying that one.

I do use VLAN's so Hardware VLAN filtering may help (if it works and is reliable)

ARP handling is more ambiguous to me.   Not sure what there is to gain here and what the implications are.

Anyway, I'd appreciate any tips, tricks, suggestions, references for further reading, or any other input anyone might provide.

Thanks,
Matt

Logged
OPNSense running as a VM in KVM under Proxmox:
- Rocket Lake Xeon E2314 in a Supermicro X12STL-F.  
- IOMMU forwarded i210 Ethernet for WAN and x520 for LAN.
- Pi-hole running as separate LXC Container on same server. 
- Lots of VLAN's and tricky firewall rules.

meyergru

  • Hero Member
  • *****
  • Posts: 1680
  • Karma: 165
  • IT Aficionado
    • View Profile
    • congenio
Re: NIC's and Hardware Acceleration
« Reply #1 on: August 01, 2024, 10:29:40 pm »
Quote from: mattlach on August 01, 2024, 10:03:44 pm
The goal here is to reduce some of the high CPU usage I have seen during high bandwidth (~gigabit) use over WireGuard.   I am not sure how much of that load is encryption vs. packet handling / interrupts and how much potential there is to help things by enabling NIC hardware offload.

Then why did you not try to find out by measuring without Wireguard? If the CPU load drops much and/or the speed goes up, it is highly likely that Wireguard is the culprit.

Given your CPU, I doubt that network load is much of a concern, however, you still have a third potential problem, namely that you run on Proxmox (albeit via IOMMU).

If I should guess, high CPU load can be credited to Wireguard, because the native FreeBSD implementation is not optimized for AMD64 instruction sets.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Hardware and Performance »
  • NIC's and Hardware Acceleration
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2