Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Nov 2008 01:31:41 -0800
From:      Jeremy Chadwick <koitsu@FreeBSD.org>
To:        Peter Maxwell <peter@allicient.co.uk>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Blocking udp flood trafiic using pf, hints welcome
Message-ID:  <20081110093141.GA63259@icarus.home.lan>
In-Reply-To: <7731938b0811090947j4796680cj7344ca3333c05779@mail.gmail.com>
References:  <1814bfe70811090137v39cd6434l49b545eb3b6eb88c@mail.gmail.com> <20081109112125.GA36707@icarus.home.lan> <1814bfe70811090544o28c29c5u185e3c0f2b8e85b4@mail.gmail.com> <7731938b0811090947j4796680cj7344ca3333c05779@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Nov 09, 2008 at 05:47:54PM +0000, Peter Maxwell wrote:
> ii) Ensure you're using a good NIC, the CPU offload abilities in Intel
> (and I think Broadcom) cards can reduce the impact on CPU generally.

I think (hope) what you're referring to are TSO, LRO, and TX/RX checksum
offloading.

Assuming you are, you should be aware of the following:

* These features do not greatly reduce CPU usage; the impact is minimal.

* Both TSO and TX/RX checksums are known to be buggy on many NICs,
including some developed within the past year.  I can refer you to many
threads on -hardware, -current, and -stable discussing this fact,
specifically from the driver authors themselves.  Sometimes it's just
rxcsum which is buggy, or just txcsum.  I do not believe Broadcom or
Intel NICs are affected by such issues, but regardless it's important
users understand these features *can* lead to packet corruption on some
NICs.

* TX/RX checksum offloading often confuse users who use tcpdump or
Wireshark -- "why are all of my packets showing checksum errors??!"
being a common question even today.  It often leads users on a wild
goose chase, thinking those messages indicate the source of their
problems

If you weren't referring to these features, what were you referring to?
I'm curious to know.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081110093141.GA63259>