Bufferbloat solution for pfSense

Everybody experienced ‘slow internet’ while someone was download on the same internet connection. This is due to something called ‘Bufferbloat’. The DNS response is slow, games lagg and other services as VoIP en SIP are easily affected too. This latency occurs because routers and other network equipment buffer too much data. Ironically, buffering was a solution to speed up the internet some decades ago. The scheduling algorithm CoDel (controlled delay) is the best solution we have for this problem. Luckily, the guys from pfSense implemented this protocol in there Traffic Shaper!

A more detailed explanation of Bufferbloat can be found here: https://www.bufferbloat.net/projects/bloat/wiki/Introduction/

This tutorial works for pfSense (>2.4.5) but the same principle can be achieved with OpenWRT, DDWRT and ‘gaming routers’ with more advanced options. More about that can be found here: https://www.bufferbloat.net/projects/bloat/wiki/Mitigations_and_solutions_for_Broadband/

You can test you connection, preferably at a quiet time on the network, on Bufferbloat (before and after this tutorial!) at https://www.dslreports.com/speedtest

These are my tests, before and after:

Tutorial (in pfSense 2.4.5)

This works in 2.5.0 (beta) as well and it will probably work in older versions too, which you obviously don’t use.

Step 1
Go to Firewall > Traffic Shaper > Limiters
Click ‘New Limiter’

Enable > select
Name > WANdown
Fill in your connections theoretical bandwith
Queue Management Algorithm > CoDel
Scheduler > FQ_CODEL
Queue length > 1000 (this is a default number, 2000 or 3000 could work better for you)
ECN > select


Step 2
Go to the end of the page and click ‘Add new Queue’

Select Enable
Name > WANdownQ
Queue Management Algorithm > CoDel
ECN > select

Save and Apply Changes

Step 3
Do the exact same but for the upload, with the names ‘WANup’ and ‘WANupQ’ and save it. Apply changes.

Step 4
Go to Firewall > Rules > Floating

Add a new rule above all other (button with arrow up)

Pass Quick > select
Interface > WAN
Direction > out
Protocol > Any
Click Display Advanced
Gateway > WAN_DHCP
In / Out pipe > WANupQ / WANdownQ

If you have a outgoing VPN connection tot a commercial VPN provider, you should not make a floating rule but instead change the LAN rule allowing traffic to the VPN and only make changes to the In/Out pipe. The gateway is probably set to that of the VPN and shouldn’t be changed.

Save and Apply Changes

The result should look like this:

And you’re done! You may ofcourse finetune the upload and download speed. I encourage you to fiddle with it and Google on the subject of Bufferfloat to learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *