How To Fix Bufferbloat in pfSense For Better Network Performance

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video I'm going to explain how to test and fix buffer bloat in pfSense to better understand the issue though let's start with an analogy increasing number of lanes on a highway like adding more bandw to your internet might seem like a solution to traffic congestion however it doesn't address the route cause of the problem imagine a busy intersection with well functioning traffic lights cars move through efficiently because the lights provide a clear order now imagine that same intersection with malfunctioning lights even though the road itself can handle the same amount of traffic the lack of organization leads to chaos and then gridlock now buffer bloat is really just that it is a gridlock because all the packets on your network can get to the router very fast but if they're not managed once they get there to match the speed and match the bandwidth you have well you can have buffer bloat where things are just kind of chaotically hitting the cues and not being queued really in any proper order and that's what we're going to solve today is how to set up the limiters inside a PF sense to solve your buffer bolt problem but we'll touch on traffic shaping as well so let's get [Music] started now before we get into how set up and fix the buffer bloat problem I want to talk about the bigger picture of how this works and what about the other functionality including the wizard that's in pfSense and if you want to dive deep into the science behind how these cues work and some of the challenges that can come with them there's a video that Mark I believe his last name is Ferno has done you'll find that link in the description below this video is about 40 minutes of explaining the science behind different types of traffic cues traffic shaping priorization and a really good deep understanding of how it all works if you want to go deeper that video as I said is in the description below the version of pfSense he references later in the video is going to be a little dated but the information as far as how the cues work is still quite relevant in terms of understanding the functional parts of it and there is a wizard within pfSense if you want to go and do the fine-tuning of very specific types of traffic and set the prioritization based on the way it identifies the traffic this is something that is not as needed here in 2024 on most networks that have high bandwidth this was something that was much more popular when we had a very finite sometimes our ISDN lines and those earlier days were only so many kilobytes and now we measure hundreds of megabytes of data so it doesn't matter as much cuz it's not that we're out of bandwidth it's that the packets are not queed properly and routed efficiently so the way you solve that is you could do this or the simpler way that we're going to take today is just setting up limiters and setting these limiters up to do the queuing in a more organized fashion and we're going to solve this with the write up we have right here in the neet documentation configuring how limiters for buffer bloat they've got it well documented and they also give you a link to a buffer bloat test site and that's actually where I want to start just talk about what is the status before I add these limiters and you can see my buffer bloat grade of C that's not ideal especially when you think about 123 milliseconds can be bad for gaming or any type of latency sensitive application such as voice so we have a download of 600 and an upload of 80 so we know what my bandwidth is and we're not going to really be changing much on the bandwidth we're actually going to set the bandwidth to a little bit under because I find that's where I get the best level of performance by going just a little under what is prescribed it's not about having the maximum bandwidth as I noted earlier it is about having a properly managed queue so your bandwidth gets used efficiently now there's several steps to this and they're really simple to follow so I'm not going to go through all of them I'm just going to give you the idea of how to do mpf sense and I'll show you the finished setup here now we go to firewall traffic shaper then limiters and we want to build a new limiter we're going to go ahead and call this one Wan down just like it does in instructions I'm setting this to 550 just a little bit below what I have in terms of bandwidth this gives me a little bit of overhead in case there's some problems uh with my Upstream provider and I want to make sure I still have the packets in order we'll leave this at tail drop we're going to change this to fq coddle Q length we're going to specify 1,000 just like it does the instructions here and we'll scroll down the bottom and hit save now after you've done that we want to go back here and check the ECM box just like the instruction says hit save now once we've done this we don't need to apply the changes because we have a few more to build we scroll down the bottom once again and we want to add a new queue and this one's much simpler we're just going to enable this queue we're going to call it w down Q scroll down here leave everything at default leave it a tail drop and go ahead and hit save and then you repeat the process creating the WAN up and the WAN up q and you can see for the wup I've got this set to 75 once again just a little bit less than the maximum 80 that I have for my provider upload to give myself a little bit of Headroom there and everything else here is just left at theault make sure as I noted that this ecn explicit congestion notification is checked on both of these and now we've completed the limiters but we have not applied them yet the next step from there is to go over to create a floating Rule and we're going to follow the instructions again for setting up this rule action pass quick make sure you check that interface is going to be Wan Direction out there's an important reason you want it out it is not any it is only specifically for out because you're applying it to the W and that's how this will match Source match is wan address destination any you can log packets if you want I give you the description of codal limiters we're not worried about any of this until we get down here and this is really important we've got the W DCP Gateway this is the one I want to apply this to but yes you can apply it to other gateways and other interfaces for other reasons but for Simplicity we're just applying it to W the in is going to be your Wan up q and the down is a Wan down Q Q not weigh down but sply weigh down Q if you follow the instructions they should all be named the same then you can Simply Save and apply these rules and here's how the results look different after building these cues buffer blo A+ this is ideal this is what you want and you can see that I've only got 4 MC difference when it's doing a download that little bit of overhead means yes I'm not getting 600 I'm getting 553 I could probably tweak it a little bit higher and it would probably work and as I said as long as there's plenty of overhead there's nothing restricted coming from my Upstream provider and yes I lost a little bit on the upload but if you're someone dealing with high latency issues or latency sensitive applications especially in the gaming world this is a huge improvement over the way it was latency will drive you crazy as anyone knows and the lag from it is just well the difference between winning and losing many matches as any gamer who's probably watching this video is extremely aware of so that's all you have to do in pfSense to get this set up now one quick troubleshooting tip existing state on the firewall will remain where they are even after you create this floating rule only new states will be going through the floating rule which means if you have that browser open and you just on the buffer bloat test and you apply the rule and rerun that page and do it again it may not go through the floating rule because you have an existing established connection but if you close your browser restart your computer Etc the states will fall off and start new ones and then we will know it's going through the floating rule you can also Mouse over on any rule inside a pfSense and it'll tell you the states that are going through that so you know that they're being applied properly but it's one of those little troubleshooting things that you can think well maybe it's not working properly but remember sessions don't get broken when you reload firewall rules but you actually can force and clear the states there's an option for that but watch my troubleshooting video to talk a little bit more in depth about that just a little thing that you kind of need to watch out for like And subscribe to see more content from this Channel all the links of things I talked about as I noted are down below including that other video that dives deeper into how the traffic shaping Works in general or queuing and all the related things that video that Mark did it's a little older video but boy that's really good had to R my forums for that discussion about this or other topics head over to lawren systems.com to connect with me on whatever socials are available whenever you're watching this video and you can also Stop And subscribe to my newsletter to keep up with things that are going on all right and thanks [Music]
Info
Channel: Lawrence Systems
Views: 28,524
Rating: undefined out of 5
Keywords: LawrenceSystems, buffer bloat, pfsense setup, pfsense router, pfsense tutorial, pfsense firewall, pfsense bufferbloat, pfsense bufferbloat fix, pfsense traffic shaping, pfsense bandwidth management
Id: gEH5UMjHT_8
Channel Id: undefined
Length: 8min 40sec (520 seconds)
Published: Wed May 29 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.