Hardware NAT For LEDE

You are right. I had done the test in an image with Qualcom Fast Path, right now I am using Flow Offload in a new compilation and SQM works fine. Downloading several files and at the same time doing streaming on YouTube.

Thank you.

Thanks for testing. I just pushed a change that enables offloading in the default configuration, so upcoming snapshot builds will have it included.
It still needs to be enabled manually in /etc/config/firewall though.


Does offloading work on every device or is this hw specific?
SFE hack did work on all my devices...

I had seen the last commit on nbd´s tree which enable hw nat for mt7621...
What does this mean? How can i implement this for my mt7620a device? Where can we get documantation for mt7620 hw nat?

How can i check which connections are offloaded?
With fast_classifier i could look into /sys/class/fast_classifier/debug_info...

The current version in the master branch is a software offloading solution and will work on all devices, regardless of chipset used. Flow-offload also allows for hardware specific offloading which will be even faster, but needs to be implemented for specific hardware.

@nbd and John Crispin are currently developing this for MT7621 in @nbd 's staging tree. I haven't tested it yet, so I have no idea if (and what) already works and how well. I would recommend sticking to the master branch and using the software version for now. But you are always free to try out the bleeding edge from the staging tree :slight_smile:

Great news, thanks.
The hw offloading sounds very interesting :slight_smile:

Thank you @nbd for backporting such great features.

I will do some test with iperf...

I will get almost the same speed as with sfe on my mt7620a router.

Now i´m waiting for linux 4.14 on ar71xx plattform... :slight_smile:

Offloaded connections will show [OFFLOAD] in /proc/net/nf_conntrack
The mt7621 hw offload driver in my staging tree seems work well for IPv4, we intend to push it to master soon. IPv6 is not integrated yet, but is currently being worked on.
We plan on having MT7620 support as well eventually.


This is awesome news, thank you @nbd!
I just ordered a Xiaomi MI3G, looking forward to testing HW offload.

Is IPv6 integrated in the software flow offload? You're doing an amazing work with the flow offload stuff by the way. Really exciting stuff to see being integrated into Lede! :slight_smile: Thank you very much for your hard work

Yes, software flow offload should be able to handle IPv6, but it hasn't been tested thoroughly yet

1 Like

Great news, thanks for hard work @nbd

@nbd I built an image from your staging branch to my Xiaomi MIR3G and offloading seems to work great, thank you!
I noticed one thing which is a bit bugging me. Offloaded connections don't seem to register in ifconfig's RX/TX bytes on the WAN and LAN interfaces, so Luci's traffic graphs, vnstat and collectd can't measure the amount of traffic.
Is this an expected side-effect of offloading? Can this be fixed somehow?

Has flowoffload hit the snapshot build for Archer C7 v2? Also do you just run the command

iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD

in SSH and that's it?

ar71xx is still on kernel 4.9, while you require kernel >= 4.14 (4.16 in mainline) for flowoffload support. (ar71xx will probably remain on kernel 4.9, until ath79 takes over).


Hi @nbd

On Octeon soc, does flow offload can accel to normal routing (LAN-LAN routing, not NAT routing) ? or just accel to NAT routing ?

Flow offload handles normal routing as well.
By the way, there is no need to manually mess with iptables rules anymore.
Just set option flow_offloading 1 in defaults in /etc/config/firewall
On MT7621 you can additionally set option flow_offloading_hw 1 to enable hardware offloading. This will not work with SQM though.


Once more question.
If i'm enable flow offload & sqm same time, what things is affected ? ex: sqm performance will decrease, flow-offload perf decrease ? ..etc..

1 Like

As far as I know, sqm doesn't work AT ALL with flow offload. The packets don't go through the linux qdiscs etc it just sidesteps everything. Someone please correct me if I'm wrong.

Software offload does not bypass linux qdisc. It only bypasses the CPU intensive iptables rule processing.

Also with QoS scripts?
Many thanks

SQM and QoS does work with flow offloading but not with hw flow offloading!

hw flow offloading is currently only supported for mt7621.

1 Like