Hi all
I understand that enabling hardware acceleration will bypass some of the useful software functions on the Flint 2, but I can't find a definitive answer as to whether enabling software acceleration has any downsides. The only documentation I could find states that it is designed to be used for cellular connections, but does anybody know please if there are benefits to using it for wired connections that won't break Adguard/SQM, etc?
Just disregard, thanks
Basically the reason why it is recommended to turn it off for these functions is because of this:
Many routers get shipped with a certain offloading chip, this means when hardware accerelation is enabled it offloads it to this chip rather than directly on the cpu.
This means there is more headroom for the cpu and speeds are faster.
But now this does sound exceptional good, it isn't always good.
There are situations where the overloading chip is too over consumed, but because it does not go over the cpu, the packets can be dropped and in some cases can even trigger false STP problems, or even packet corruption.
I won't say this is the case with these functions, but the case is rather that the switch part listens on the cpu and not on the offload chip, the firewall also listens on the cpu but not the offload chip the offload chip bypasses the cpu.
So when a situation happen that packets become lost in transit between the offload chip and cpu, you will notice very unexpected results.
This is why for some things like SQM it is recommended to turn it off, because it requires a very fixed way of ordering execution directly on the cpu, which with a offloading chip will not follow that principe and even can drop packets.
The same can happen with DPI too, it could lose track of some packets and maybe some detections even can passthrough.
For such systems which carefully listen to the firewall with alot of calls, there is no awareness between the offload chip and cpu, and that concept can fail when packets get lost.
It is not that the firewall skips packets or you leak open access to wan, but packets can drop lost in transit or cause some layer 2 problem which actually is corrupt.
Understood. Thanks for the reply. But are these shortcomings also a side effect of software acceleration?
Not directly, it is actually on alot of routers standard on, to reach the advertised speeds.
The only shortcomings are when the offloading chip is overloaded and the router locks itself up with the warning:
device x is sending source adress as the router it could be a wrong switch but it can also be due to offloading, but it is a extreme example which often doesn't happen unless you have a very big network with 40+ devices and multiple vlans.
Edit:
I misread my excuse, with software offloading there will be still a issue because it simulates what otherwise a chip would do, such implementations can still confuse the firewall order of tracking but less than with hardware offloading, I would say for things like SQM it won't work, DPI maybe.