-
-
Save jorisvervuurt/8ce01bb19de242484e2ec7f5c785e46b to your computer and use it in GitHub Desktop.
| <item> | |
| <tunable>net.inet.icmp.drop_redirect</tunable> | |
| <value>1</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.isr.bindthreads</tunable> | |
| <value>1</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.isr.maxthreads</tunable> | |
| <value>-1</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.inet.rss.bits</tunable> | |
| <value>2</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.inet.rss.enabled</tunable> | |
| <value>1</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>kern.ipc.nmbclusters</tunable> | |
| <value>1000000</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>kern.ipc.nmbjumbop</tunable> | |
| <value>524288</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>hw.intr_storm_threshold</tunable> | |
| <value>10000</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.inet.ip.intr_queue_maxlen</tunable> | |
| <value>3000</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.inet6.ip6.intr_queue_maxlen</tunable> | |
| <value>3000</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>hw.ix.flow_control</tunable> | |
| <value>0</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>dev.igc.0.fc</tunable> | |
| <value>0</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>dev.igc.1.fc</tunable> | |
| <value>0</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>dev.igc.2.fc</tunable> | |
| <value>0</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>dev.igc.3.fc</tunable> | |
| <value>0</value> | |
| <descr/> | |
| </item> | |
| <item> | |
| <tunable>net.isr.dispatch</tunable> | |
| <value>deferred</value> | |
| <descr/> | |
| </item> |
Thanks for these. Commenting here since your gitlab is private.
I have a HUNSN N100 Opnsense box with 4x i226v
Disabling hardware CRC actually caused iperf speeds to drop to 300mbit vs. 2.1Gbits/sec, ouch..
I'm going to experiment with rest of the settings tho. Did you perform any tests or can share how you dialed in each parameter?
Hi @dezza. That's weird. Do you perhaps run IDS/IPS? I don't but even with the hardware offloading disabled, I get full line-rate (I use these same tunabels on a 6x i226 N100 unit from Topton). I determined these tunables using the documentation of both OPNsense and pfSense, but also some other sources. Unfortunately I did not wrote down those sources.
https://docs.opnsense.org/troubleshooting/performance.html
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
Hi @jorisvervuurt . Thank you for the tips.
Could you please give more instruction on the Interface configuration part ?
Sorry for the newbie question, but can you share how to create a WAN_RAW and a WAN_INTERNET as the same time?
Hey @vhuy036. Do you also use KPN as ISP? KPN supports an MTU of 1512 on WAN and has internet on a separate VLAN. So basically, WAN_RAW is the physical interface with an MTU of 1512 (both IPv4 and IPv6 configuration types set to None). Next create a new VLAN (tag 6) on that physical interface. This will be WAN_INTERNET; open the edit page of that newly created interface and set IPv4 Configuration Type to PPPoE and set the MTU to 1508. Username and password both 'internet'.
@jorisvervuurt
Thank you for the detail instructions.
Unfortunately, I just found out the problem is that my ISP using PPPOE for IPv4 and IPOE for IPv6, which seems not to be supported on OPNSense @@
IMPORTANT NOTICE
This gist has been moved to GitLab and it will no longer be updated here on GitHub.