pfSense FQ_CoDel & Bufferbloat

I’ll start with – Tom from Lawrence Systems absolutely nailed the tutorial for this!

Bufferbloat is something that sits in my mind, recently I’ve picked up the gaming mantle again and latency has been greatly improved by me now being on FTTP as opposed to the old SoGEA FTTC service. Improving that latency though and making it more even is something I’ve always been on top of previously using a USG3 (smart queues), then SFQ on MikroTik before FQ_CoDel when ROS7 launched and then more recently FQ_CoDel with pfSense. Other queue algorithms are about and work to a degree but FQ_CoDel is the one I’ve had most success with.

I followed some YT videos in the past and thought I’d taken in the documentation properly but it turns out I hadn’t, Tom nailed it with this recent video though and following this moved me from an A to an A+ on the bloat test.

It’s super simple and in general if you’re doing anything latency dependant I’d highly advise implementing some kind of FQ_CoDel

ReInstalled pfSense CE

I said I wasn’t going to but then I’ve lost access to some of the packages I was using and am unable to install any more so it was time to sidegrade to the CE from Plus. I’ve watched Tom from Lawrence Systems YouTube video on how to do it a couple of times and to be fair the process was perfectly easy.
Backup>Reinstall>Restore

Whilst my firewall was down I took advantage and upgraded the BIOS which had eluded me on the last shutdown but this time it was done without issues.

Back up and running and absolutely nothing specal to report which is kind of what you want of a firewall. No problems, no oddities.

Still got this odd “can’t reach Gb” problem on the WAN which I think is down to signle core performance but I can lve with it for now being as changes may be coming soon in that department anyway.

10Gb Firewall > Core Switch

My Intel X520 card have arrived and have been far better than expected. They’re both like new, one even has the LP bracket with it and all 4 Intel SFP’s are like brand new.
I moved both my LAN and WAN interfaces to the R210’s onboard coppers and installed the new card, connected up with a temporary fibre patch cable and it came straight up. LAN moved back onto the 10Gb along with the VLAN’s and we are now live with 10Gb Firewall>Switch>CaveSwitch – Complete 10Gb backbone.

Will it make a difference day to day? Nope. But it’s been an itech I’ve been dying to scratch and now I have a spare X520 to install into the backup server and get rid of the 4 ether LACP.

10Gb Upgrade has started!

I’ve ran a 10Gb link from Attic to ManCave for quite a while now and it’s always been in the back of my mind to stretch it out a little bit more. The unRAID server now using a 2.5Gb into the Cave switch eased things a bit however I have just managed to win an auction for two Intel 10Gb PCIe SFP+ cards with SFP+’s so the plan is to put one in the Dell firewall so we have 10Gb Firewall to Attic Switch and then I’ll still have a spare whih may go in the unRAID box or it may go in the Backup Box.

pfSense+ vs opnSense – Is it a competition?

I was recently caught out by the whole pfSense+ is going to be chargeable going forwards scandal that I’m sure many other pfSense users have been, I’ve kerbed my outrage, it’s not life ending, I moved from CE to Plus only a month before this happened and to be honest, apart from the inconvenience of reinstalling to move back – I can live with it howevere there is a similar alternative, a fork of the pfSense build. OPNsense.
Link to said announcement.

What a nightmare that’s been!!
I had it in my mind to swap the SSD my Dell R210 was running on anyway so whipped out the old Crucial and popped in a new one, installed OPN sense and that’s where the problems all started! Huge memory spikes (filling the 8GB hardware and 8GB swap), the firewall then proceeded to drop some services due to the memory being so high, CPU spiking to 60% plus randomly for periods. VLANs not working and I use a LAGG setup for my downlinks to LAN (I can so I do) also not coming up when needed meaning I had a situation where I managed to lock myself out due to the LAGG not coming up, a reset to factory and then start config again. Just a general nightmare.

Sat contemplating my poor life decisions, I remebered I swapped out the SSD in full, what had taken me the best part of 2 and a half hours, was reverted in a shutdown, SSD swap and power up (30 seconds max) to resume normality. Yes I have a CE reinstall to do and it does bug me I never get 1Gb any more only 850Mb (first world problem) but I am going to concentrate now on moving the interfaces to the built in ethernet and swap out the PCiE card for something 10Gb flavour.

I have read so much up on moving pf to opn and I was super excited to do so but pf for me is currently still where it’s at.