[Oisf-users] Disable offloading on bond interface

unite unite at openmailbox.org
Wed Jan 28 09:30:43 UTC 2015


I've tried disabling offloading on my test machine in three scenarios:

1) on physical interfaces (eth0 eth1)

In this case "ethtool -k" for eth0/eth1 shows that offloading features 
are disabled, but "ethtool -k bond0"  still shows some of them enabled.

2) on bonding interface

In this case "ethtool -k" for bond0 shows this features disabled 
(however, when disabling various offloading features it says that some 
of this features are not supported on the interface). "ethtool -k" for 
physical ones still shows offloading features enabled

3) on both physical and bonding

As a result shows these features disabled on both (so probably it's what 
we need), however I'm just afraid for them not to overlap in some way 
and not to mess up something. Also as you've written bond0 is a virtual 
device and I'm not sure should I make some changes on it with ethtool or 
it is completely useless and can only harm something.

I've searched through the net about offloading features on bonding 
interfaces and couldn't find clear answer. Actually the only useful 
answer was that using ethtool you can do not much with bonding - just to 
view state of bonded interfaces and so on. However, this info might be 
rather outdated (year 2011) so I'm not sure it is valid at the moment.

On 2015-01-27 20:14, Cooper F. Nelson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The offloading happens in hardware on the physical network interface, 
> so
> it should be disable there.  As far as I know the bonded interface is a
> virtual device and those settings shouldn't even be available.
> 
> On 1/26/2015 5:41 AM, unite wrote:
>> Hi guys!
>> 
>> I've read that to achieve the best results using suricata, I need to
>> disable offloading on my interfaces. The problem is that I have two
>> interfaces bonded for redundancy and so, should I just disable
>> offloading separately on physical interfaces (eth0/eth1) or only on 
>> bond
>> interface or on both?
>> 
>> Thanks in advance.
>> 
> 
> 
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> 
> iQEcBAEBAgAGBQJUx9WhAAoJEKIFRYQsa8FWTKgIALL0I8ombJzcOvWZZwz9EVJR
> UyUMnqnJ9J+Wqx8VGZjlBb2ZL5PjI/pghqeuEngMkF6gqQivZCIWBj9P/4JmjV75
> JPvwtcQqFG74Wxj/zOnnrXqOxrwx9HGQ8Mj1J7+xBEiCmDI2VHpjPEciX+flu8Y/
> DFJ1mvmx9MChag3us4e8Ue2PUx4GAw0qawdDFgFHtD2VsFokQ6NOFq7xqX9i7D0v
> gSdanJaqe6VonZIucQf2581FIsbDiYSHcUdXsJ+aiUKgUhH/O5Nh0HEtSwKnC4Kk
> 3ytqXjBcs7nlHelnjVHkwpHXpUnYHiTPswCXfPsMfZvGzZDoZA4XXQDN7EsSas8=
> =b0Gm
> -----END PGP SIGNATURE-----

-- 
With kind regards,
Alex



More information about the Oisf-users mailing list