pfSense FQ_CoDel & Bufferbloat

I’ll start with – Tom from Lawrence Systems absolutely nailed the tutorial for this!

Bufferbloat is something that sits in my mind, recently I’ve picked up the gaming mantle again and latency has been greatly improved by me now being on FTTP as opposed to the old SoGEA FTTC service. Improving that latency though and making it more even is something I’ve always been on top of previously using a USG3 (smart queues), then SFQ on MikroTik before FQ_CoDel when ROS7 launched and then more recently FQ_CoDel with pfSense. Other queue algorithms are about and work to a degree but FQ_CoDel is the one I’ve had most success with.

I followed some YT videos in the past and thought I’d taken in the documentation properly but it turns out I hadn’t, Tom nailed it with this recent video though and following this moved me from an A to an A+ on the bloat test.

It’s super simple and in general if you’re doing anything latency dependant I’d highly advise implementing some kind of FQ_CoDel

Windows Home Lab?

I’ve got an IT based project on again! It’s been an absolute age since I’ve been “interested” in my IT and computers and servers and all things good like this but I’ve got a project on my hands, add in as well I currently have a renewed interest in learning and relearning some network essentials and generally needing to sharpen back up on these things (more to come on that in the future).

So…
I had a spare HP Gen8 Microserver with one of the 1260 Xeon’s (4c8t) and 16GB RAM so a decent little box by most accounts. A quick amazon order for 2 Oracle SSD>HDD mounting brackets and I’ve got 2 Crucial 240GB SSD’s in the first two 6Gb SATA drive bays.

A quick hop over onto Gamers Outlet and I’d bagged a Server 2022 license and probably 10 minutes of installing later I have a decent little server running. This is being used now in 2 parts, firstly for my project to look at guest accounts, remote desktop access and how to lock down users. The second part of it is to spin up a HyperV environment and get some MikroTik CHR’s talking to each other! A return to MikroTik world albeit brief as I don’t envisage my work going that way again any time soon, it was good to use Tik to understand the concepts and replicate in my own way.

More to come as the IT project unfolds and yeah maybe more networky stuff…

ReInstalled pfSense CE

I said I wasn’t going to but then I’ve lost access to some of the packages I was using and am unable to install any more so it was time to sidegrade to the CE from Plus. I’ve watched Tom from Lawrence Systems YouTube video on how to do it a couple of times and to be fair the process was perfectly easy.
Backup>Reinstall>Restore

Whilst my firewall was down I took advantage and upgraded the BIOS which had eluded me on the last shutdown but this time it was done without issues.

Back up and running and absolutely nothing specal to report which is kind of what you want of a firewall. No problems, no oddities.

Still got this odd “can’t reach Gb” problem on the WAN which I think is down to signle core performance but I can lve with it for now being as changes may be coming soon in that department anyway.

pfSense+ vs opnSense – Is it a competition?

I was recently caught out by the whole pfSense+ is going to be chargeable going forwards scandal that I’m sure many other pfSense users have been, I’ve kerbed my outrage, it’s not life ending, I moved from CE to Plus only a month before this happened and to be honest, apart from the inconvenience of reinstalling to move back – I can live with it howevere there is a similar alternative, a fork of the pfSense build. OPNsense.
Link to said announcement.

What a nightmare that’s been!!
I had it in my mind to swap the SSD my Dell R210 was running on anyway so whipped out the old Crucial and popped in a new one, installed OPN sense and that’s where the problems all started! Huge memory spikes (filling the 8GB hardware and 8GB swap), the firewall then proceeded to drop some services due to the memory being so high, CPU spiking to 60% plus randomly for periods. VLANs not working and I use a LAGG setup for my downlinks to LAN (I can so I do) also not coming up when needed meaning I had a situation where I managed to lock myself out due to the LAGG not coming up, a reset to factory and then start config again. Just a general nightmare.

Sat contemplating my poor life decisions, I remebered I swapped out the SSD in full, what had taken me the best part of 2 and a half hours, was reverted in a shutdown, SSD swap and power up (30 seconds max) to resume normality. Yes I have a CE reinstall to do and it does bug me I never get 1Gb any more only 850Mb (first world problem) but I am going to concentrate now on moving the interfaces to the built in ethernet and swap out the PCiE card for something 10Gb flavour.

I have read so much up on moving pf to opn and I was super excited to do so but pf for me is currently still where it’s at.