Flow offloading
Intro
The Flow offload may significantly increases throughput of device with slow CPU.
Some facts:
Technically, the software flow offload is just a firewall rule.
Neither flow forwarding offload is directly related to network adapter offload functions controlled by ethtool -k/-K.
Flow offloading applies to forwarded connections, including those to containers like
LXC or
podman, but not locally running web-server.
Hardware offload bypasses
QoS traffic controls at high priority making former ineffective.
Hardware offload can handle very limited number of connections at once, e.g. 64, thus will not significantly help p2p, returning surplus connections to software offload pool.
Software offload typically increases forwarding bandwidth 2-3x over firewall filtering each packet, sometimes that relieves fully loaded CPU and improves overall latency/jitter.
Abbreviations:
HFO — hardware flow offloading.
WED — wireless offloading, wireless Ethernet dispatch.
PPE — kernel interface for hardware flow offload, monitored via
/sys/kernel/debug/ppe0/entries special file.
How to enable
LuCI web UI
Using LuCI web UI: Network → Firewall and select “Software flow offloading” or “Hardware flow offloading”, then hit “Save & Apply”.
UCI
CLI with UCI (choose the one option you want):
uci set 'firewall.@defaults[0].flow_offloading=1'
uci set 'firewall.@defaults[0].flow_offloading_hw=1'
uci commit
/etc/init.d/firewall restart
CLI
CLI: edit /etc/config/firewall and insert the following under the config defaults section (choose the one option you want):
config defaults
…
option flow_offloading '1'
option flow_offloading_hw '1'
Then restart the firewall:
/etc/init.d/firewall restart
Hardware implementation
The main page about MediaTek chipsets: soc.mediatek.
Hardware offloading is supported on mt76 platforms starting from SoC mt7621.
WED enablement (i.e hardware offloading for Wi-Fi): TODO.
Known issues
Links