Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bufferbloat not always working

    Scheduled Pinned Locked Moved
    Traffic Shaping
    2
    5
    279
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RN222
      last edited by

      Hi All! After seeing Tom Lawrence's video on Bufferbloat

      I've tried to set this up on my Netgate 2100 but I can't get consistent results.

      I've followed his video exactly and still get a loaded ping of 32ms (unloaded is 5ms).

      The download speeds themselves don't actually reflect the new value I've put into the limiter either.

      I've then deleted that config and followed the Sans guide

      This guide has much more detail. But I'm still having issues.

      Is anybody able to assist? I know there's not much detail but I have followed both guides exactly and double checked everything. My setup isn't even that complicated.

      Let me know if anything is needed.

      Thanks!

      R 1 Reply Last reply Reply Quote 0
      • R
        RN222 @RN222
        last edited by

        @RN222 So I've tried this on my other network with a 1100 and get the same issue.

        I've narrowed it down. When doing a speed test my phone obeys the limits, however my laptop does not. I've tried a Windows and Linux laptop - the laptops don't obey the limits.

        This is a simple network I've tried WiFi and Ethernet. Is something strange happening here? Any ideas?

        T 1 Reply Last reply Reply Quote 0
        • T
          TheNarc @RN222
          last edited by

          @RN222 That's curious, because the client devices get no say in whether they obey the limits. When you have limiters set up, you can have firewall rules that do one of three things with them:

          1. Put all clients' traffic in the limiters
          2. Put none of the clients' traffic in the limiters
          3. Put some clients' traffic in the limiters, and not others.

          From the behavior you describe it sounds like you've got #3, but it's also not clear how that would happen "by accident". Because the "default" is #2 (i.e. nothing gets put into limiters unless and until you create firewall rules to do so).

          Can you provide any details of the firewall rule(s) you made to assign traffic to the limiters?

          R 1 Reply Last reply Reply Quote 0
          • R
            RN222 @TheNarc
            last edited by

            @TheNarc These are the floating rules I'm using.

            eb0ff804-2cd4-437e-a75f-8aa0c6a9ad0b-image.png

            It was taken from the SANS guide

            I've triple checked all settings and followed it exactly as the SANS guide outlines.

            T 1 Reply Last reply Reply Quote 0
            • T
              TheNarc @RN222
              last edited by

              @RN222 Okay, I know the SANS guide says to make these rules "quick" but as far as I know, they actually do not work when they're quick. I'm not sure if that was considered a bug, and/or if it still applies, but it was definitely true at one point. And My floating rules that assign traffic to limiter queues are just normal floating rules (i.e. not quick). Mine are also match rules, not pass, which I also believed was necessary at least at one point.

              So I would advise that you first make all four of these rules "normal" (i.e. non-quick) floating rules. And if that still does not work, try making them all match rules as well.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.