Advanced Networking Options in pfSense

This article covers advanced networking options in pfSense, which can be altered by navigating to System -> Advanced Options and clicking on the “Networking” tab.

Advanced Networking Options: IPv6

Advanced networking

Advanced networking options in pfSense.

Under the “IPv6 Options” heading, the first option is the “Allow IPv6” check box. Checking this box allows pfSense to use Internet Protocol version 6, the latest revision of the Internet Protocol, which uses a 128-bit address and thus solves the problem of IPv4 (32-bit) address exhaustion. [IPv6 also adds a number of features not present in IPv4, such as stateless address autoconfiguration, network renumbering, and router announcements when changing network connectivity providers.] Next is the “Enable IPv4 NAT encapsulation of IPv6 packets” check box. Checking this box provides an RFC 2893 compatibility mechanism that can be used to tunneling IPv6 packets over IPv4 infrastructures. If enabled, you need to add a firewall rule to permit IPv6 packets.

Advanced Networking Options: Network Interfaces

Under the “Network Interfaces” heading, the first check box is “Enable device polling“. Device polling lets the system poll network devices for new devices instead of relying on interrupts, which prevents services from becoming inaccessible due to interrupt floods. However, not all network cards support polling, so if you check this box, make sure that your hardware supports device polling.

Next is the “Disable hardware checksum offload“. Checksums are used to ensure the integrity of data portions when frames are transmitted. A network card that receives a frame will calculate the checksum and compare it to the checksum received. If the checksums do not match, a transmission error has occurred and the frame will be re-sent. Checksum offloading, however, is broken with some cards, particularly Realtek ones. Check this box if checksum offloading is a problem. The next check box is “Disable hardware TCP segmentation offload“. The TVP offload engine is a technology used in some network cards to offload processing of the entire TCP/IP stack to the network controlling, thus freeing up the CPU and potentially reducing traffic on whatever interface the network card is on (e.g. PCI or PCI-express). As with checksum offloading, TCP segmentation is broken in some hardware drivers, so checking this box may solve problems with such hardware. The next option is the “Disable hardware receive offload” check box. Large receive offload (LRO) is a technique for increasing inbound throughput of high-bandwidth network connections by aggregating multiple incoming packets into a large buffer before these packets are passed up the networking stack. This has the effect of reducing the number of packets that have to be processed and thus it reduces CPU overhead. Again, LRO is broken in some hardware drivers and checking this option may solve problems with these drivers.

The last of the advanced networking options is “Suppress ARP messages“. This option was discussed in my article on ARP configuration in pfSense. In some cases you may have two network cards on the same physical network, but on different subnets. Everything works, but you get a whole bunch of error messages in the system log whenever a node replies to an ARP request from an interface on the same broadcast domain but a different subnet. These error messages may hide some of the more important error messages. In such cases, you may want to check this option and suppress these ARP log messages.

Other articles in this series:

webConfigurator options in pfSense

Admin Access Options in pfSense

Firewall Advanced Options in pfSense

NAT and Firewall Options in pfSense

External Links:

IPv6 at Wikipedia


TCP offload engine at Wikipedia

Large receiver offload at Wikipedia

Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy