Differences

This shows you the differences between two versions of the page.

--- pfsense:buffer_bloat [2020/03/14 16:52] – peter
+++ pfsense:buffer_bloat [2023/05/21 11:20] (current) – peter
@@ Line 4: / Line 4: @@
 Ideally you want to see A to A+'s for bufferbloat.
+Test result showing a letter grade worse than a B, probably indicate you have bufferbloat.
+That means the device at your bottleneck link (most likely your router) is letting bulk traffic (uploads/downloads) interfere with (and slow down) your time-sensitive traffic (gaming, Skype, Facetime, etc.)
 If not then tune.
+{{:pfsense:bufferbloat_-_results.png?800|}}
 ----
-===== Change the Q size =====
+===== Test for Bufferbloat =====
+The [[http://dslreports.com/speedtest|DSL Reports Speed Test]] makes accurate measurements of the download and upload speeds along with the latency during the test.
+. Start a ping to google.com. You’ll see a series of lines, one per ping, typically with times in the 20-100 msec range.
+. Run a speed test simultaneously. To do this, start one of the speed test services below:
+  * http://fast.com - (fast.com now tests for latency under load but we’d like more folk to check their results against our quick test)
+  * http://speedtest.net
+  * http://testmy.net
+  * http://speedof.me
+. Watch the ping times while the speed test is running.  If the times jump up when uploading or downloading, then your router is probably bloated.
+----
+===== Change the Q size =====
 <WRAP important>
@@ Line 31: / Line 54: @@
 Someday your connection might receive a speed upgrade and you may forgot to adjust the limiter to make use of it!
 </WRAP>
+----
+===== Instructions =====
+==== Create Limiters ====
+Navigate to **Firewall -> Traffic Shaper -> Limiters**.
+=== Create "Out" limiter ===
+  * Tick "Enable"
+  * Name: FQ_CODEL_OUT
+  * Bandwidth: 96907 Kbit/s
+  * Mask: None
+  * Queue Management Algorithm: Tail Drop
+  * Scheduler: FQ_CODEL
+    * target: 5
+    * interval: 100
+    * quantum: 300
+    * limit: 10240
+    * flows: 20480
+  * Click Save/Apply Changes
+----
+=== Add "Out" queue ===
+  * Tick "Enable"
+  * Name: fq_codel_out_q
+  * Mask: None
+  * Queue Management Algorithm: Tail Drop
+  * Click Save/Apply Changes
+----
+=== Create "In" limiter ===
+  * Tick "Enable"
+  * Name: FQ_CODEL_IN
+  * Bandwidth: 83886 Kbit/s
+  * Mask: None
+  * Queue Management Algorithm: Tail Drop
+  * Scheduler: FQ_CODEL
+     * target: 5
+     * interval: 100
+     * quantum: 300
+     * limit: 10240
+     * flows: 20480
+  * Click Save/Apply Changes
+----
+=== Add "In" queue ===
+  * Tick "Enable"
+  * Name: fq_codel_in_q
+  * Mask: None
+  * Queue Management Algorithm: Tail Drop
+  * Click Save/Apply Changes
+----
+==== Create Floating Rules ====
+=== Add quick pass floating rule to handle ICMP traceroute ===
+This rule matches ICMP traceroute packets so that they are not matched by the WAN-Out limiter rule that utilizes policy routing.
+Policy routing breaks traceroute.
+  * Action: Pass
+  * Quick: Tick Apply the action immediately on match.
+  * Interface: WAN
+  * Direction: out
+  * Address Family: IPv4
+  * Protocol: ICMP
+  * ICMP subtypes: Traceroute
+  * Source: any
+  * Destination: any
+  * Description: policy routing traceroute workaround
+  * Click Save
+----
+=== Add quick pass floating rule to handle ICMP echo-request and echo-reply ===
+This rule matches ping packets so that they are not matched by the limiter rules.
+See [[https://redmine.pfsense.org/issues/9024|bug 9024]] for more info.
+  * Action: Pass
+  * Quick: Tick Apply the action immediately on match.
+  * Interface: WAN
+  * Direction: any
+  * Address Family: IPv4
+  * Protocol: ICMP
+  * ICMP subtypes: Echo reply, Echo Request
+  * Source: any
+  * Destination: any
+  * Description: limiter drop echo-reply under load workaround
+  * Click Save
+----
+=== Add a match rule for incoming state flows so that they're placed into the FQ-CoDel in/out queues ===
+  * Action: Match
+  * Interface: WAN
+  * Direction: in
+  * Address Family: IPv4
+  * Protocol: Any
+  * Source: any
+  * Destination: any
+  * Description: WAN-In FQ-CoDel queue
+  * Gateway: Default
+  * In / Out pipe: fq_codel_in_q / fq_codel_out_q
+  * Click Save
+----
+=== Add a match rule for outgoing state flows so that they're placed into the FQ-CoDel out/in queues ===
+  * Action: Match
+  * Interface: WAN
+  * Direction: out
+  * Address Family: IPv4
+  * Protocol: Any
+  * Source: any
+  * Destination: any
+  * Description: WAN-Out FQ-CoDel queue
+  * Gateway: WAN_DHCP
+  * In / Out pipe: fq_codel_out_q / fq_codel_in_q
+  * Click Save/Apply Changes
+----
+===== Troubleshooting =====
+https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/896
+https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/815
+https://www.dslreports.com/forum/r32261369-Internet-Optimizing-speeds-on-pfSense-with-limiters
 ----
@@ Line 36: / Line 205: @@
 ===== References =====
+https://www.youtube.com/watch?v=o8nL81DzTlU&t=380
 http://www.dslreports.com/speedtest
@@ Line 41: / Line 211: @@
 https://community.flexradio.com/flexradio/topics/pfsense-router-tuning-v2-4-4
+https://www.bufferbloat.net/projects/bloat/wiki/Tests_for_Bufferbloat/
+https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/815
+https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/856
+https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4