Reply
New Member
Posts: 2
Registered: a week ago
Accepted Solution

Can't enable hardware offload on EdgeRouter Lite

Hello,

 

Recently, I noticed that I was not getting full internet speeds at my home, which has 1GB internet connection, going through an EdgeRouter Lite. A couple of months ago when I signed up for the service, I would generally hit speeds around 750-900mbps speed testing from my windows desktop and my linux file server after I had enabled hardware offload on the router. Now, however, I am only reaching speeds in and around 140mbps or so on the download.

 

This EdgeRouter Lite is now running the latest available firmware v.1.10.8 that I had upgraded yesterday after I discovered this issue about a week ago. Prior to that, it had been running the last latest firmware. I have UNMS installed and update the firmware generally as it becomes available.

 

-----------------------------------------------------------

Version: v1.10.8
Build ID: 5142440
Build on: 11/20/18 16:45
Copyright: 2012-2018 Ubiquiti Networks, Inc.
HW model: EdgeRouter Lite 3-Port

------------------------------------------------------------

 

A second router, an EdgeRouter X, is running its latest firmware version and is not experiencing the same issue. It does have hwnat enabled.

 

The output from each router showing offload.

------------------------------------------------------------

EdgeRouter Lite -

Gateway1:~$ show ubnt offload

IP offload module : loaded
IPv4
forwarding: disabled
vlan : disabled
pppoe : disabled
gre : disabled
IPv6
forwarding: enabled
vlan : disabled
pppoe : disabled

IPSec offload module: loaded

Traffic Analysis :
export : enabled
dpi : enabled
version : 1.422

 

EdgeRouter X -

gateway2:~$ show ubnt offload
IPSec offload module: not loaded

HWNAT offload module: loaded

Traffic Analysis :
export : enabled
dpi : enabled
version : 1.422

------------------------------------------------------------

 

I have read numerous posts on these forums that indicate there may be another setting on the EdgeRouter Lite that may prevent hardware offload from being enabled but I cannot find what that may be in my config.

 

Here's a somewhat sanitized version of the configuration from the EdgeRouter Lite. 

 

------------------------------------------------------------

 

Spoiler
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name dns_block {
default-action accept
description ""
rule 1 {
action drop
description dns1
destination {
address x.x.x.x
}
log disable
protocol all
}
rule 2 {
action drop
description dns2
destination {
address x.x.x.x
}
log disable
protocol all
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
}
local {
name WAN_LOCAL
}
out {
}
}
speed auto
}
ethernet eth1 {
address x.x.x.x
description Local
duplex auto
firewall {
in {
name xxxx
}
}
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description "Local 2"
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
rule 1 {
description ssh
forward-to {
address x.x.x.x
port 22
}
original-port 22
protocol tcp
}
rule 2 {
description plex
forward-to {
address x.x.x.x
port 34200
}
original-port 34200
protocol tcp
}
rule 3 {
description torrent
forward-to {
address x.x.x.x
port 51413
}
original-port 51413
protocol tcp
}
rule 4 {
description nextcloud
forward-to {
address x.x.x.x
port 443
}
original-port 443
protocol tcp
}
rule 5 {
description openvpn
forward-to {
address x.x.x.x
port 1194
}
original-port 1194
protocol udp
}
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name Local {
authoritative disable
subnet x.x.x.x {
default-router x.x.x.x
dns-server x.x.x.x
dns-server x.x.x.x
domain-name x.x.x.x
lease 604800
start x.x.x.x {
stop x.x.x.x
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on eth1
}
}
gui {
http-port 80
https-port 443
listen-address x.x.x.x
older-ciphers disable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
snmp {
community public {
authorization ro
}
contact "x.x.x.x"
location x.x.x.x
}
ssh {
listen-address x.x.x.x
port 22
protocol-version v2
}
unms {
connection wss://x.x.x.x
}
upnp2 {
listen-on eth1
nat-pmp enable
secure-mode enable
wan eth0
}
}
system {
domain-name ubnt
flow-accounting {
disable-memory-table
ingress-capture post-dnat
interface eth1
netflow {
enable-egress {
engine-id 1
}
engine-id 0
server x.x.x.x {
port 2055
}
timeout {
expiry-interval 60
flow-generic 60
icmp 60
max-active-life 60
tcp-fin 10
tcp-generic 60
tcp-rst 10
udp 60
}
version 9
}
syslog-facility daemon
}
host-name Gateway1
login {
user x.x.x.x {
authentication {
encrypted-password x.x.x.x
plaintext-password x.x.x.x
}
full-name "x.x.x.x"
level admin
}
}
name-server 1.1.1.1
name-server 1.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec disable
ipv4 {
forwarding enable
gre disable
pppoe disable
vlan disable
}
ipv6 {
forwarding disable
pppoe disable
vlan disable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Vancouver
traffic-analysis {
custom-category DNS {
name DNS
}
custom-category ssh {
name "Secure Shell (SSH)"
}
dpi enable
export enable
}
}

 ------------------------------------------------------------

 

I've noticed that 'hwnat disable' is what comes up, whereas on the EdgeRouter X, it shows as "hwnat enable".

 

In the interest of troubleshooting, I have disabled the connection to the unms, disabled syslog, turned off snmp, and deleted any firewall rules I had added manually. None of these things changed the state of the hardware offload.

 

Essentially, I'm hoping someone sees a rule or config that I missed that may prevent hardware offload from being enabled or be able to provide in any insight on why offloading cannot be enabled on this device.

 

Any assistance would be appreciated.

 

Thank you.


Accepted Solutions
Regular Member
Posts: 303
Registered: ‎02-12-2013
Kudos: 82
Solutions: 23

Re: Can't enable hardware offload on EdgeRouter Lite

Hi @jmarkel
When Netflow is enabled (probably via UNMS), then it deactivates the offloading. Not sure if this will change in future firmware version, if possible.

View solution in original post


All Replies
Regular Member
Posts: 303
Registered: ‎02-12-2013
Kudos: 82
Solutions: 23

Re: Can't enable hardware offload on EdgeRouter Lite

Hi @jmarkel
When Netflow is enabled (probably via UNMS), then it deactivates the offloading. Not sure if this will change in future firmware version, if possible.
Highlighted
New Member
Posts: 2
Registered: a week ago

Re: Can't enable hardware offload on EdgeRouter Lite

Hi,

Thanks for the response. You nailed it. I thought that merely disabling the connection to the unms was adequate but that was wrong. I disabled netflow on the CLI and that picked right up.

configure
delete system flow-accounting
commit
save

Gateway1:~$ show ubnt offload

IP offload module : loaded
IPv4
forwarding: enabled
vlan : enabled
pppoe : enabled
gre : enabled
IPv6
forwarding: enabled
vlan : disabled
pppoe : disabled

IPSec offload module: loaded

Thank you for the solution.
Reply