Wiki

User Tools

Site Tools

Trace: accessing_characters_in_a_string arriving_late_at_the_final_destination multiple_catch_blocks make_an_ajax_request_using_xmlhttprequest
networking:buffer_bloat

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
networking:buffer_bloat [2020/07/15 10:11] – created 192.168.1.69networking:buffer_bloat [2020/07/15 10:14] (current) 192.168.1.69
Line 33: Line 33:
 ---- ----
  
-===== Change the Q size ===== +===== Things To Do To Prevent Buffer Bloat =====
- +
- +
-<WRAP important> +
-**IMPORTANT:**  The bandwidth settings for the limiters need to be set to the upload/download speed of your internet connection. +
- +
-It is important to keep in mind that what you are doing in pfSense is setting up a rate limiter. +
- +
-If you set the numbers lower than your connection will allow, you'll get a great buffer bloat score but you'll slow your network throughput to whatever value you chose. +
- +
-If you set the number too high, the rate limiter wont come into play and you'll be subjected to the same performance and buffer bloat you had prior to making the changes. +
- +
-The idea is to let pfSense do the rate limiting closer to home. +
- +
-Letting your provider do it for you increases latency... and that's what we are really trying to avoid. +
- +
-So to minimize latency, a recommendation is to first do a speed test to find out what your connection is capable of, then set the bandwidth of the limiters in pfSense to those numbers. +
- +
-Adjust the queue size adds another dimension to the optimizations. +
- +
-Someday your connection might receive a speed upgrade and you may forgot to adjust the limiter to make use of it! +
-</WRAP> +
- +
----- +
- +
-===== Instructions ===== +
- +
-==== Create Limiters ==== +
- +
-Navigate to **Firewall -> Traffic Shaper -> Limiters**. +
- +
-<code> +
-1.) Create "Out" limiter +
- +
-    Tick "Enable" +
-    Name: FQ_CODEL_OUT +
-    Bandwidth: 96907 Kbit/s +
-    Mask: None +
-    Queue Management Algorithm: Tail Drop +
-    Scheduler: FQ_CODEL +
-        target: 5 +
-        interval: 100 +
-        quantum: 300 +
-        limit: 10240 +
-        flows: 20480 +
-    Click Save/Apply Changes +
- +
-2.) Add "Out" queue +
- +
-    Tick "Enable" +
-    Name: fq_codel_out_q +
-    Mask: None +
-    Queue Management Algorithm: Tail Drop +
-    Click Save/Apply Changes +
- +
-3.) Create "In" limiter +
- +
-    Tick "Enable" +
-    Name: FQ_CODEL_IN +
-    Bandwidth: 83886 Kbit/s +
-    Mask: None +
-    Queue Management Algorithm: Tail Drop +
-    Scheduler: FQ_CODEL +
-        target: 5 +
-        interval: 100 +
-        quantum: 300 +
-        limit: 10240 +
-        flows: 20480 +
-    Click Save/Apply Changes +
- +
-4.) Add "In" queue +
- +
-    Tick "Enable" +
-    Name: fq_codel_in_q +
-    Mask: None +
-    Queue Management Algorithm: Tail Drop +
-    Click Save/Apply Changes +
-</code> +
- +
----- +
- +
-==== Create Floating Rules ==== +
- +
-<code> +
-Add quick pass floating rule to handle ICMP traceroute. This rule matches ICMP traceroute packets so that they are not matched by the WAN-Out limiter rule that utilizes policy routing. Policy routing breaks traceroute. +
- +
-    Action: Pass +
-    Quick: Tick Apply the action immediately on match. +
-    Interface: WAN +
-    Direction: out +
-    Address Family: IPv4 +
-    Protocol: ICMP +
-    ICMP subtypes: Traceroute +
-    Source: any +
-    Destination: any +
-    Description: policy routing traceroute workaround +
-    Click Save +
- +
-2.) Add quick pass floating rule to handle ICMP echo-request and echo-reply. This rule matches ping packets so that they are not matched by the limiter rules. See bug 9024 for more info. +
- +
-    Action: Pass +
-    Quick: Tick Apply the action immediately on match. +
-    Interface: WAN +
-    Direction: any +
-    Address Family: IPv4 +
-    Protocol: ICMP +
-    ICMP subtypes: Echo reply, Echo Request +
-    Source: any +
-    Destination: any +
-    Description: limiter drop echo-reply under load workaround +
-    Click Save +
- +
-3.) Add a match rule for incoming state flows so that they're placed into the FQ-CoDel in/out queues +
- +
-    Action: Match +
-    Interface: WAN +
-    Direction: in +
-    Address Family: IPv4 +
-    Protocol: Any +
-    Source: any +
-    Destination: any +
-    Description: WAN-In FQ-CoDel queue +
-    Gateway: Default +
-    In / Out pipe: fq_codel_in_q / fq_codel_out_q +
-    Click Save +
- +
-4.) Add a match rule for outgoing state flows so that they're placed into the FQ-CoDel out/in queues +
- +
-    Action: Match +
-    Interface: WAN +
-    Direction: out +
-    Address Family: IPv4 +
-    Protocol: Any +
-    Source: any +
-    Destination: any +
-    Description: WAN-Out FQ-CoDel queue +
-    Gateway: WAN_DHCP +
-    In / Out pipe: fq_codel_out_q / fq_codel_in_q +
-    Click Save/Apply Changes +
-</code> +
- +
- +
----- +
- +
-===== Troubleshooting ===== +
- +
-https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/896 +
- +
-https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/815 +
- +
-https://www.dslreports.com/forum/r32261369-Internet-Optimizing-speeds-on-pfSense-with-limiters +
  
 +  * Change the Q size.
  
 ---- ----
networking/buffer_bloat.1594807900.txt.gz · Last modified: 2020/07/15 10:11 by 192.168.1.69
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki