Just had no end of trouble getting a newly commissioned system to communicate properly over ixl(4) interfaces. The problem turned out to be that LRO is enabled by default, and interferes seriously with anything involving packet forwarding. I'm not going to be the only one bitten by this so I propose that the default should be -lro.
Observed on 12.2-R but almost certainly applies to other versions and probably to other interfaces as well.
To confirm I experienced this issue with LRO on a host causing problems on two VirtualBox virtual machines. One a gateway and one a VPN. In both cases the virtual machines were rendered unusable due to the forwarding elements being restricted.
The effect was observable with any client connected to the VPN or using the gateway getting very low transfer speeds of 20kbytes/second or so when going through a tunnel or gateway.
The resolution was to restart the networking on the host with the -lro flag (as an aside vboxnet also needed be restarted in order to ensure the host could directly network with the VMs)
Also note the information on the intel driver for the interface
LRO (Large Receive Offload) may provide Rx performance improvement. However, it
is incompatible with packet-forwarding workloads. You should carefully evaluate
the environment and enable LRO when possible.
# ifconfig ixlX lro
It can be disabled by using:
# ifconfig ixlX -lro