I know hardware NAT / flow offloading is important for performance.
How do I see if it's enabled or not in openwrt?
On a DIR-882, it was located with LuCi,
Network > Firewall > General Settings > Routing/NAT Offloading
Software flow offloading
Hardware flow offloading
EDIT:
Clicking on Software flow offloading will then display the Hardware flow offloading option.
8 Likes
Thanks! This information helps me a lot.
Wow, this feature on my Netgear R7450, with the MediaTek MT7621 ver:1 eco:3 CPU has dramatically changed the performance of the router. I was maxing out at about 350mbps without the hardware offloading enabled, then I enabled it and have been seeing speeds in excess of 880mbps -- I do strongly recommend this !
when activated, keep an eye on occasional stalling requests, you may need to activate a further setting via config file:
I was having a number of TCP connections that seemed to time out regularly. However, I chalked that up to hitting the software NAT too hard in close timing to one another.
I am pushing connections very fast with a SolarFlare SFN7122F pair of fiber connections into a 10G switch south of the router. My assumption is that there's some kind of race comndition happening when TCP sessions are very close in time to one another - this needs a lot of validation though.
Also be aware that some chipsets , like older broadcom chipsets don't ever increment their error counters even when packets are dropped. So, look really closely when there is a packet drop issue you're seeing.
I can't quite figure out which one you're referring to in that thread. Which additional config option ?
in /etc/sysctl.conf add:
net.netfilter.nf_conntrack_tcp_no_window_check=1
1 Like
looks good. Just wanted to let you know this helped.
Try 23.05.0-rc2. (read release notes).
SSH or Telnet into your router. This example shows I have Software Flow Offloading enabled. You must enable it before enabling hardware flow offloading in LUCI, which will print two lines instead of one in the terminal. ONLY select devices actually support Hardware Flow Offloading such as MediaTek or Qualcomm.
root@OpenWrt:~# uci show | grep 'offloading'
firewall.@defaults[0].flow_offloading='1'
this is it:
-----------------------------------------------------
OpenWrt 23.05.0-rc2, r23228-cd17d8df2a
-----------------------------------------------------
root@OpenWrt:~# uci show | grep 'offloading'
firewall.@defaults[0].flow_offloading='1'
firewall.@defaults[0].flow_offloading_hw='1'
Also hardware:
r
oot@OpenWrt:~# uname -na
Linux OpenWrt 5.15.118 #0 SMP Mon Jun 26 11:20:39 2023 armv7l GNU/Linux
root@OpenWrt:~# cat /proc/cpuinfo
processor : 0
model name : ARMv7 Processor rev 0 (v7l)
BogoMIPS : 21.87
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32
CPU implementer : 0x51
CPU architecture: 7
CPU variant : 0x2
CPU part : 0x04d
CPU revision : 0
processor : 1
model name : ARMv7 Processor rev 0 (v7l)
BogoMIPS : 45.57
Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32
CPU implementer : 0x51
CPU architecture: 7
CPU variant : 0x2
CPU part : 0x04d
CPU revision : 0
Hardware : Generic DT based system
Revision : 0000
Serial : 0000000000000000
and this is a different chipset than the original chipset I posted about -- coming back around again for performance tuning this one:
[ 1.678072] Creating 8 MTD partitions on "qcom_nand.0":
[ 1.685175] 0x000000000000-0x000000c80000 : "qcadata"
[ 1.708376] 0x000000c80000-0x000001180000 : "APPSBL"
[ 1.716062] 0x000001180000-0x000001200000 : "APPSBLENV"
[ 1.717374] 0x000001200000-0x000001340000 : "art"
[ 1.722441] 0x000001340000-0x000001740000 : "kernel"
[ 1.731125] 0x000001740000-0x000002d40000 : "ubi"
[ 1.762600] 0x000002d40000-0x000003940000 : "netgear"
[ 1.780615] 0x000003940000-0x000008000000 : "reserve"
[ 1.902746] switch0: Atheros AR8337 rev. 2 switch registered on 37000000.mdio-mii
[ 2.716818] ar8327: qca,phy-rgmii-en is not specified
[ 2.717756] ipq806x-gmac-dwmac 37200000.ethernet: IRQ eth_wake_irq not found
[ 2.720958] ipq806x-gmac-dwmac 37200000.ethernet: IRQ eth_lpi not found
[ 2.728733] ipq806x-gmac-dwmac 37200000.ethernet: PTP uses main clock
[ 2.735054] ipq806x-gmac-dwmac 37200000.ethernet: User ID: 0x10, Synopsys ID: 0x37
[ 2.740973] ipq806x-gmac-dwmac 37200000.ethernet: DWMAC1000
[ 2.748369] ipq806x-gmac-dwmac 37200000.ethernet: DMA HW capability register supported
[ 2.754242] ipq806x-gmac-dwmac 37200000.ethernet: RX Checksum Offload Engine supported
[ 2.761986] ipq806x-gmac-dwmac 37200000.ethernet: COE Type 2
[ 2.769808] ipq806x-gmac-dwmac 37200000.ethernet: TX Checksum insertion supported
[ 2.775700] ipq806x-gmac-dwmac 37200000.ethernet: Wake-Up On Lan supported
[ 2.783082] ipq806x-gmac-dwmac 37200000.ethernet: Enhanced/Alternate descriptors
[ 2.789775] ipq806x-gmac-dwmac 37200000.ethernet: Enabled extended descriptors
[ 2.797413] ipq806x-gmac-dwmac 37200000.ethernet: Ring mode enabled
[ 2.804411] ipq806x-gmac-dwmac 37200000.ethernet: Enable RX Mitigation via HW Watchdog Timer
[ 2.812331] ipq806x-gmac-dwmac 37400000.ethernet: IRQ eth_wake_irq not found
[ 2.819204] ipq806x-gmac-dwmac 37400000.ethernet: IRQ eth_lpi not found
[ 2.826531] ipq806x-gmac-dwmac 37400000.ethernet: PTP uses main clock
[ 2.833046] ipq806x-gmac-dwmac 37400000.ethernet: User ID: 0x10, Synopsys ID: 0x37
[ 2.839171] ipq806x-gmac-dwmac 37400000.ethernet: DWMAC1000
[ 2.846730] ipq806x-gmac-dwmac 37400000.ethernet: DMA HW capability register supported
[ 2.852532] ipq806x-gmac-dwmac 37400000.ethernet: RX Checksum Offload Engine supported
[ 2.860176] ipq806x-gmac-dwmac 37400000.ethernet: COE Type 2
[ 2.868147] ipq806x-gmac-dwmac 37400000.ethernet: TX Checksum insertion supported
[ 2.873952] ipq806x-gmac-dwmac 37400000.ethernet: Wake-Up On Lan supported
[ 2.881323] ipq806x-gmac-dwmac 37400000.ethernet: Enhanced/Alternate descriptors
[ 2.888039] ipq806x-gmac-dwmac 37400000.ethernet: Enabled extended descriptors
[ 2.895661] ipq806x-gmac-dwmac 37400000.ethernet: Ring mode enabled
[ 2.902699] ipq806x-gmac-dwmac 37400000.ethernet: Enable RX Mitigation via HW Watchdog Timer
I can't get it to do NAT faster than about 500mbps ... ( client iperf <--1gbps ethernet-> router (NAT) <-1gbps ethernet-> server iperf ...
further reading:http://www.bitswrt.com/IPQ8064.html
Is there a way to see if it's being used / active ? I'd like to take a long at the ring buffer depth during a test, or something like a packet counter.
ipq806x does not have hardware flow-offloading support, while the hardware supports offloading to dedicated NSS cores, this is not supported by OpenWrt.
2 Likes
Is there any list or something similar to check OpenWRT devices supported with hardware flow-offloading?
Luci in OpenWrt 23.05.0-rc2 states:
Hardware flow offloading
Requires hardware NAT support. Implemented at least for mt7621
1 Like
Thanks @odrt for your help.
But "at least for mt7621" makes me wonder if there are other chipset's supporting hardware NAT in OpenWRT. Do you know if there is some place to check it?
1 Like
Yes and no: https://openwrt.org/tag/mt7621?do=showtag&tag=MT7621
As written before: ipq806x has experimental NSS hardware acceleration support, so does ipq807x.
I would not look for hardware flow offload in particular, instead I would look for a well supported device that fits your use case.
And keep in mind that hardware flow offload does not work together with SQM.
2 Likes
That is not correct, as written the term would imply that NSS support would be available in OpenWrt/master, it's not (and is very, very unlikely to 'ever' get merged). Apart from that NSS is implemented differently to hardware flow-offloading, luci/fw4 can't enable it that way (as it does for hardware flow-offloading on Mediatek hardware).
2 Likes
Ok, there is third party experimental NSS support, it’s not stable and not merged in OpenWrt main branch:
Same for ipq807x from what I read.