Skip to content

Instantly share code, notes, and snippets.

@jorisvervuurt

jorisvervuurt/opnsense-i226-nic-tunables.txt

Last active April 25, 2024 05:27
Show Gist options
  • Star 15 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save jorisvervuurt/8ce01bb19de242484e2ec7f5c785e46b to your computer and use it in GitHub Desktop.
Save jorisvervuurt/8ce01bb19de242484e2ec7f5c785e46b to your computer and use it in GitHub Desktop.
Download ZIP
OPNsense - Intel i226 NIC tunables
Raw
opnsense-i226-nic-tunables.txt
<item>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>1</value>
<descr/>
</item>
<item>
<tunable>net.isr.bindthreads</tunable>
<value>1</value>
<descr/>
</item>
<item>
<tunable>net.isr.maxthreads</tunable>
<value>-1</value>
<descr/>
</item>
<item>
<tunable>net.inet.rss.bits</tunable>
<value>2</value>
<descr/>
</item>
<item>
<tunable>net.inet.rss.enabled</tunable>
<value>1</value>
<descr/>
</item>
<item>
<tunable>kern.ipc.nmbclusters</tunable>
<value>1000000</value>
<descr/>
</item>
<item>
<tunable>kern.ipc.nmbjumbop</tunable>
<value>524288</value>
<descr/>
</item>
<item>
<tunable>hw.intr_storm_threshold</tunable>
<value>10000</value>
<descr/>
</item>
<item>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>3000</value>
<descr/>
</item>
<item>
<tunable>net.inet6.ip6.intr_queue_maxlen</tunable>
<value>3000</value>
<descr/>
</item>
<item>
<tunable>hw.ix.flow_control</tunable>
<value>0</value>
<descr/>
</item>
<item>
<tunable>dev.igc.0.fc</tunable>
<value>0</value>
<descr/>
</item>
<item>
<tunable>dev.igc.1.fc</tunable>
<value>0</value>
<descr/>
</item>
<item>
<tunable>dev.igc.2.fc</tunable>
<value>0</value>
<descr/>
</item>
<item>
<tunable>dev.igc.3.fc</tunable>
<value>0</value>
<descr/>
</item>
<item>
<tunable>net.isr.dispatch</tunable>
<value>deferred</value>
<descr/>
</item>
@jorisvervuurt
Copy link
Author

jorisvervuurt commented Jul 18, 2023
edited

Above are the custom tunables I set for an Intel N6005 mini PC that has four Intel i226 NICs and is running OPNsense 23.1.11. I've copied them from a configuration export (these weren't all items inside the <sysctl> block), but you can manually set them via the System -> Settings -> Tunables section.

Some more settings:

  • In the Interfaces -> Settings section, I have disabled Hardware CRC, Hardware TSO and Hardware LRO. VLAN Hardware Filtering is disabled too. Enabling these options resulted in weird issues, so I'd advise against enabling them (OPNsense / pfSense docs actually also advise disabling them).
  • In the Firewall -> Settings -> Advanced section, I have set Firewall Optimization to conservative.

Interface configuration (depends on your ISP; I'm using KPN fiber in The Netherlands):

  • I have created WAN_RAW interface with an MTU of 1512.
  • I have created a WAN_INTERNET PPPoE interface with an MTU of 1508 (this results in a PPP MTU of 1500).
  • I have created a LAN interface with the default MTU (1500).

I have absolutely no issues getting around 940/940 Mbps through the PPPoE interface (to the outside world), which is the limit because the fiber NTU only has a Gigabit Ethernet port.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment