"DMA Mode for ATA/ATAPI Devices in Windows XP "
"Windows Hardware Error Architecture ACPI Table Specification "
"Windows Support for Hyper-Threading Technology "
Advances in Memory Management for Windows
An Introduction to COM for UMDF Developers
Analyze Driver Performance
Application Compatibility Test Rig (ACT-R)
Application Software Considerations for NUMA-Based Systems
Architecture of the Windows Driver Foundation
Archive: Driver Install Frameworks Tools v.2.01
Archive: DVD and Microsoft Operating Systems
Archive: Hardware IDs for HID Devices
Archive: HID Audio Controls and Windows
Archive: Key Support, Keyboard Scan Codes, and Windows
Archive: Network Infrastructure Device Implementer's Guide
Archive: Power Management of USB Host Controllers
Archive: Scan Code Mapper for Windows
Archive: Specification for Use of PCI IDs with Windows Operating Systems
Audio Device Performance: Driver Best Practices
Audio Driver Support for the WMA Pro-over-S/PDIF Format
Away Mode DDK for Windows Vista
Away Mode in Windows Vista
Benchmarking on Windows XP: Home Edition and Professional
BIOS Settings for Native-Mode-Capable ATA Controllers
Booting Windows from USB Storage Devices
Brightness Control in WDDM
Building a Dynamic Data Center
Building a Great Media Center PC
CardBus Controllers and Windows
CardBus I/O Resource Windows in Windows Vista
Catalog Criteria for Datacenter Servers
Changes for Vendor-provided Storage Drivers Loaded Using F6
Choosing a WAN Miniport Driver Model
Color Management and Windows: An Introduction: An Overview of Microsoft Image Color Management Technology
Color Management Concepts
Colorspace Interchange Using sRGB
Compatibility of Type 2 Pointing Devices with MS IntelliMouse
CPU Virtualization Extensions: Analysis of Rootkit Issues
Creating Windows INF Files
Debug Port Specification - ARCHIVE - Download
Debug Port Specification - ARCHIVE
Debugging Kernel-Mode Driver Framework Drivers
Design and Deploy a Great Media Center PC
Designing Multifunction Devices for Windows Operating Systems
Designing Video Capture Boards for Use with the Microsoft ActiveX Video Control
Device Driver INF Guidelines for Windows XP
Device Simulation Framework (DSF)
Digital Still Camera Support
Digital Video Camcorder Support in Windows
DirectX VA: Accelerating Video Codec Processing
Disk Subsystem Performance Analysis for Windows
DMA Support in KMDF Drivers
Driver Compatibility for Windows Vista
Driver Protection List for Windows XP and Windows Server 2003
Dump Switch Support for Windows
Enhanced Keyboards and Windows
Exposing Enhanced Functionality for Scanners
Extension Unit Plug-ins for USB Video Class Devices
External DSL Modems Design Guidelines
FAQ for PCI and PCIe Issues for “Designed for Windows” Logo
Fast System Startup for PCs Running Windows XP
Functional Specification for De-Interlacing and Frame Rate Conversion in DirectX VA
Getting Started with WDM Audio Drivers
GPD Creation for Unidrv 5
GPRS Auto-Configuration in Wireless Wide Area Networks
Guidelines for Bus and Device Specifications
Guidelines for Video-Capable Wireless Networking
Hardware Design for Surprise Removal
Hardware Management in Microsoft Windows Server 2003 "R2" Beta 2
HID Game Controllers and DirectInput
HID System Devices, DirectInput, and Windows
How to Build, Install, Test, and Debug KMDF Drivers
How to Install Windows Drivers with Software Applications
How to Update Printer Drivers Supported in Windows
How to Use an INF to Override the Monitor EDID
I/O Flow and Dispatching in WDF Drivers
I/O Ports Blocked from BIOS AML
IA-64 Systems and ACPI 2.0 64-bit Tables
IDs and Serial Numbers for ISA Plug and Play
IEEE 1394 and the Windows Platform
IEEE 802.11 Networks and Windows XP
Implementing Speakerphone-Quality Audio on Computers
INF Requirements for 64-bit Systems
Input Device Drivers and Windows
Installing and Configuring Away Mode
Installing Test Builds of Inbox Drivers on Windows Vista
Interrupt Architecture Enhancements in Windows
Introduction to Cable Architecture
Introduction to the WDF User-Mode Driver Framework
Introduction to the Windows Driver Foundation
Kernel Enhancements for Windows XP
Kernel-Mode Drivers: Fixing Common Driver Reliability Issues
Key Benefits of the I/O APIC
Low Pool Memory and Windows XP
Management of Hardware Resources
MBR System Disk Conversion for Itanium-Based Systems
MCA Implementation Guide for 64-bit Windows XP and Windows Server 2003
MCA Support in 64-bit Windows XP and Windows Server 2003
Microsoft TV Technologies
Migrating TWAIN drivers to WIA
Mobile PC Hardware Button Recommendations
Mobile System Displays and Windows: Version 1.2c
Monolithic Storage Drivers and Windows
Multifunction Printer Design Recommendations
MultiMonitor Support and Windows Vista
NDIS 5.0 and ATM Support in Windows
NDIS 5.1 Support and Windows
NDIS Driver Debugging Guidelines
NDIS Driver Tips and Guidelines
Network Driver Compatibility with the Header-Data Split Feature
Network Driver Interface Specification - NDIS 5.0 Overview
Network Drivers and Windows
Network Explorer Extensibility
Networking over IrDA in Windows XP
Non-PCM Wave Formats and WDM Audio Drivers
Output Content Protection and Windows Vista
Partial Address Decoding and I/O Space in Windows Operating Systems
PC Card and CardBus Multifunction Devices and Windows Compatibility
PC Storage Directions: The evolution of hard disk and optical solutions
PCI Express FAQ for Graphics
PCI IRQ Routing on a Multiprocessor ACPI System
PCI Multi-Level Rebalance in Windows Vista
PCI Power Management and Device Drivers
PCI Subsystem IDs and PCI-to-PCI Bridge Devices
PCMCIA IRQ Routing on Windows XP
Pen and Touch Digitizer Drivers for Windows Vista
Personalized Icons for Devices on Windows XP
Platform Compatibility for USB Boot Devices
Plug and Play for Windows 2000 and Windows XP
PnP X Out-of-Band Association
Pointer Ballistics for Windows XP
Power Management for Network Devices
PREfast with Driver-Specific Rules
QoS: Assigning Priority in IEEE 802-style Networks
Quality Windows Audio-Video Experience - qWave
Recommendations for IEEE 802.11 Access Points
Registry Reflection in Windows
Removable Storage Management and Windows
Required Commands for Writable CD/DVD Devices
Sample Drivers for the Kernel Mode Driver Framework
Security-related Best Practices for WIA Drivers
Specifications: Hardware and Firmware Standards
sRGB Color Management Case Studies
Standard Modem Command Sets and INFs
Still Image Connectivity for Windows
System Area Networks (SAN)
System State-to-Device State Mappings (SxD)
Temporal Rate Conversion: Dave Marsh. Microsoft Technical Evangelist, TV and Video
The Importance of Implementing APIC-Based Interrupt Subsystems on Uniprocessor PCs
Timeout Detection and Recovery of GPUs through WDDM
Transient Multimon Manager (TMM)
Troubleshooting Device Installation with the SetupAPI Log File
TV and Broadcast Driver Architecture
Universal Accelerated Graphics Port (UAGP)
USB 2.0 and Windows Operating Systems
USB and Game Devices - ARCHIVE
USB Handset Peripherals and Windows
USB Printers - Architecture and Driver Support
USB Printing Solutions for Windows
User-Mode Driver Framework FAQ
Versioning in the Windows Driver Foundation
Virtual Address Space Usage in Windows Game Development
WDM Human Interface Device Class Support
WDM USB Driver Interface - ARCHIVE
What's New for Plug and Play in the Windows XP DDK
Where’s the Add Hardware Wizard?
WiFi Protected Access Overview
WinColorKit: Windows Color Quality Test Kit for Device OEMs
Windows and the 5-Button Wheel Mouse
Windows Connect Now FAQ
Windows Driver Model (WDM): Compatible drivers for Microsoft Windows operating systems
Windows File Protection and Windows
Windows Hardware Error Architecture
Windows Instrumentation: WMI and ACPI
Windows Logo Program Requirement Updates - Archives
Windows Logo Requirement Updates
Windows Media Connect Device Design Considerations
Windows Native Processor Performance Control
Windows Network Task Offload
Windows Power Management: Instant PC availability and energy savings
Windows Scalable Networking Initiative
Windows Server 2003, Datacenter Edition Driver Program Overview
Windows Setup and Device Installation Logging
Windows Vista Driver Development
Windows Vista Feature Pack for Wireless
Windows XP - Guidelines for Applications
Winsock Direct and Protocol Offload on SANs
Wireless Communications and Windows
Wireless Provisioning Services (entry/EULA)
WMI and CIM Concepts and Terminology
WMI Support for SMART Drives
Write-Combining Memory in Video Miniport Drivers
Writing Drivers for Reliability, Robustness and Fault Tolerant Systems
Writing WIA Drivers for Windows 64-bit Edition for Extended Processors
Expand Minimize
0 out of 1 rated this helpful - Rate this topic

Windows Network Task Offload

Updated: December 4, 2001


Network Driver Interface Specification (NDIS) task offload capabilities are documented in the Microsoft Windows DDK. This article provides information about task offload in NDIS 5.

On This Page

TCP/IP Task Offload in NDIS 5   TCP/IP Task Offload in NDIS 5
Checksum Offload  Checksum Offload
TCP Segmentation Offload  TCP Segmentation Offload
IPSec Offload  IPSec Offload
Notes on TCP/IP Offload Tasks  Notes on TCP/IP Offload Tasks


TCP/IP Task Offload in NDIS 5

Network adapters with appropriate NDIS 5 (and later) miniport drivers can increase the system performance by supporting hardware offload of Transmission Control Protocol/Internet Protocol (TCP/IP) CPU-intensive tasks. For example, with TCP/IP checksum offload alone, up to 30 percent performance gain in CPU utilization has been seen in testing at Microsoft. The NDIS interface and the TCP/IP transport have been enhanced to allow miniport drivers to indicate hardware support for performing:

  • TCP/IP checksum calculation.

  • TCP/IP segmentation.

  • Internet Protocol Security (IPSec) Encryption Ciphers and Message Digests.

During initialization or when an interface appears as a Plug and Play event, the TCP/IP driver will query the miniport through the NdisRequest() mechanism with an object ID (OID) of OID_TCP_TASK_OFFLOAD in order to find out which offload capabilities the network adapter supports.

For each task the network adapter can offload, it will return an NDIS_TASK_OFFLOAD structure that contains an indication of the task supported and parameters specific to that task. The protocol then enables the appropriate tasks by submitting a set request containing the NDIS_TASK_OFFLOAD structures for those tasks. At this point, these tasks are enabled for offload. The network adapter will receive information specific to the task on a per-packet basis, along with each packet.

Checksum Offload

On the send side, the network adapter that supports this offload will calculate checksums that are needed and for which it has indicated the capability of performing. For the TCP checksum, the Microsoft transport will calculate the TCP pseudo header checksum and place this value in the checksum field, so that the network adapter can calculate the correct TCP checksum without touching the IP header.

On the receive side, the network adapter will fill in a NDIS_TCP_IP_CHECKSUM_PACKET_INFO structure and set the appropriate bits. If for any reason the network adapter cannot perform the checksum, it will not set any bits and indicate the packet. TCP/IP will then look at this and calculate the appropriate checksum itself.

TCP Segmentation Offload

With Segmentation Offload, or TCP Large Send, TCP can pass a buffer to be transmitted that is bigger than the maximum transmission unit (MTU) supported by the medium. Intelligent adapters implement large sends by using the prototype TCP and IP headers of the incoming send buffer to carve out segments of required size. Copying the prototype header and options, then calculating the sequence number and checksum fields creates TCP segment headers. All other information, such as options and flag values, are preserved except where noted.

Sequence number for successive segments is handled by accounting for segment size. As in the checksum offload task, the Microsoft transport will calculate the pseudo header checksum and place the results in the TCP header so that the network adapter can calculate the correct TCP checksum without touching the IP header. The variable component of the TCP checksum for large send must be supplied by the network adapter for each segment it carves out of the larger packet.

The IP total length of the prototype header holds the data size, which includes: TCP payload of the first segmented frame expected to be transmitted by the network adapter + the TCP header size + options length + IP header size and options length. The TCP Sequence number holds the sequence number of the first byte in the TCP payload.

Similarly, IP ID for each frame is incremented and checksum is computed. Adapters can support Large Send Offload without supporting checksum as a separate offload, even though it should be able to calculate checksums to implement Large Send Offload correctly. In addition, adapters can implement Large Send Offload with or without TCP or IP options.

Assumptions:

  • TCP/IP stack will offload up to {available TCP window} of data. The adapter does not need and must not implement TCP flow control.

  • Network adapters must indicate all received ACKs (coalescing is not allowed) for TCP/IP stack to work properly and handle retransmits.

  • Prototype IP header will not have MF bit set and offset will be zero.

  • Prototype TCP header will not have the URG, RST, and SYN flags set and the urgent pointer will be zero.

  • If FIN bit is set, the TCP header in the last segment sent will have the FIN bit set.

  • If PUSH bit is set, the TCP header in the last segment sent will have the bit set.

  • Network adapter sends the packets in the order they are sent. There can be large sends interleaving small sends (regular sends).

  • Network adapter that supports IpOptions, TcpOptions, or both will not alter their value from the value found in the Prototype TCP. Specifically, it will not increment the time stamp in a Time Stamp option.

NOTE: TCP Segmentation Offload is in Windows 2000, but it is disabled by default in the registry. Microsoft recommends that hardware vendors use Windows 2000 as a development platform for TCP Segmentation Offload adapters, enabling it in registry. At this time, Microsoft does not recommend using TCP Segmentation Offload in end-user environments except for Beta testing of hardware and drivers.

IPSec Offload

IPSec is an extension to IPv4 that provides encryption of IP traffic per packet (data integrity and source authentication per packet) using the Internet Key Exchange (IKE; formerly ISAKMP/Oakley) protocol for security negotiation and cryptographic key management. Windows IPSec enables network administrators to secure traffic on corporate networks, transparent to existing applications. Centralized configuration of IPSec is provided by the Windows Active Directory and Group Policy features.

IPSec has two modes: transport mode for end-to-end security, and tunnel mode for router-to-router security. The transport mode can be used to provide end-to-end security in communication between any two hosts (clients and servers), or between a client and a tunnel server--for example, and L2TP tunnel secured by IPSec transport mode (L2TP/IPSec). IPSec tunnel mode is recommended for gateway-to-gateway VPN scenarios only where L2TP/IPSec is not available.

IPSec policy controls the configuration of the IPSec driver and IKE service. Security associations (SA) must be established by IKE between computers before application data can be sent or received securely. IKE generates the shared secret key material using the Diffie Hellman technique and performs mutual authentication using any of three methods: Kerberos version 5.0, Public/Private key signatures with certificates, and pre-shared authentication key.

IKE then negotiates which encryption algorithms to use to protect the application data and derives bulk encryption keys for per-packet data encryption and hashing operations. If the encryption algorithms agreed upon can be performed by the sending network adapter, then the IPSec driver adds the security association along with the agreed-upon parameters and keys to the network adapter.

TCP/IP will frame the IP packet, and then pass it to the IPSec driver to determine whether the packet matches a security association. The IPSec driver will match the packet against all IPSec filters. If there is a filter match, and there exists a security association and this SA has been offloaded to the network adapter, then the packet is given directly to the network adapter with an SA context, so that the adapter can perform the cryptographic operations for that packet.

The IPSec offload capability will enable the network adapter to perform the following transforms and algorithms:

  • Both transport and tunnel modes can be offloaded

  • Use of transport mode through one tunnel can be offloaded

  • IPSec Encapsulating Security Payload (ESP) transform algorithms

  • 56bitDES or 3DES or "null" encryption with MD5 or SHA1 integrity

  • IPSec Authentication Header (AH) transform algorithms: MD5 and SHA-1

  • The combined AH + ESP transform for complete packet integrity and privacy

Notes on TCP/IP Offload Tasks

Although the same network adapter can offload several of these tasks, when an IPSec policy is assigned, the checksum and TCP large send offloads are disabled.

NOTE: IPSec and related services in Windows were jointly developed by Microsoft and Cisco Systems, Inc.

Call to action for NDIS task offload:

  • Build client IPSec offload adapters capable of 100 or more IPSec transport security associations for PCMCIA and PCI 10/100 Mbit Ethernet adapters.

  • Build server IPSec offload adapters capable of offloading 5000 or more IPSec transport and tunnel mode security associations for both 100Mbit and Gigabit Ethernet adapters.

  • Build Checksum Offload adapters, and prototype TCP Segmentation Offload adapters.

  • Work with the Microsoft Networking development team to test task offload prototypes.

  • Plan to conduct both throughput and scalability stress tests using the NDIS driver verifier, in addition to normal protocol functional tests.

For more information about NDIS task offload, please send e-mail to ndisfb@microsoft.com with NDIS Task Offload in the Subject line. Please be sure to include your name, title, company name, company type (IHV or OEM), and phone and fax numbers.

For IETF standard protocol specifications, see the RFCs at: http://www.ietf.org/html.charters/OLD/ipsec-charter.html This link leaves the Microsoft.com site

The following information is available on the web about Microsoft IPSec and related VPN issues:

© 2013 Microsoft. All rights reserved.