Lan Party config Gold - HFSC Shaper - Single WAN / LAN
-
Here is my Lan Party configuration using HFSC shaping - Single WAN / LAN. Some notes about this config:
1. Apinger is disabled as it is broken still I think and you wont have to disable it when you add more WAN's.
2. Floating Rule config is optimized for last matching processing for my taste with Torrent and Steam P2P blocking.
3. LAN rule config is optimized for 1st rule matching processing with blocks for Torrent and Steam P2P along with TCP passes for certain games.
4. A limiter for TCP uploading and downloading is set on the LAN rules so undo that or change the limits. Currently set at 70MB Download and 8MB upload.
5. qInternet is set at 120MB - change for whatever you have available.
6. Traffic Shaper has been simplified for ease of use with the following queue setup:
A. qACK - ACK queue 15% / 15% real time all interfaces
B. qGames - Gaming / High Priority queue - 40% / 20% real time all interfaces
C. qHTTP - Web / general queue - 40% / 20% share all interfaces
D. qCatchAll - LAN / qDefault - WAN - Default queue - 5% / 5% share / 5% max all interfaces
7. Softflwd is enabled - you will need to change settings to your liking or uninstall.
8. DHCP is set for my ranges. I use a 172.22.0.0/22 for my LAN parties. You will need to adjust.
9. DNS is setup to use 8.8.8.8 / 8.8.4.4 / 208.67.222.222 / 208.67.222.220 for DNS and not to let WAN override. Change if you want.When you switch to multiWAN you will need to do the following:
1. Adjust ALL FLOATING RULES so that both WAN's are chosen.
2. Make a gateway group and under LAN Firewall rules change all rules to use that Gateway group
3. Under System / General Setup - change 2 of the DNS servers to use the other gateways if 2 WAN's . For 3 or more change accordingly.This is the config I use at LAN parties. This is designed to allow max bandwidth for gaming traffic and everything else unknown get's throttled. This works for me and I run it 4 LAN's a year of 150 people per LAN.
Our last LAN (See LANOC v17 Post ) we ran Rocket League and Heroes of the Storm as tourney games and we had under 60MS pings or better the whole time for these games along with League of Legends pings under 60MS as well running on 2 TWC cable modems for Internet access.
-
Nice Sideout, well done! Saw on the Facebook page that there was some latency for RocketLeague tourney, was the on the service side? Also, how did the steam caching go this time around?
For external DNS, you might consider using Namebench to figure out which DNS servers resolve the fastest for your geographic location. https://code.google.com/p/namebench/
Great post!
-
The latency was twofold - this weekend Steam had issues keeping the service up, you could watch online Steam numbers go from 10 million to under 2 million in a matter of minutes. Plus we had a couple of people running some very nasty torrent clients and they had to be rooted out and shutdown. Once that was done - latency was good to go.
i checked all the Rocket League people and they were under 60MS for the most part during the tourney with a few spikes at times. If you looked on Reddit and Twitter you could see the Steam bashing going on all weekend long as it affected all Steam servers and services.
We didn't cache anything this time and just took Steam backup's and posted up the location for people to download and restore. I don't have a box built yet with enough space to really cache , nor do i have your mad Linux skills to get it working!!! :)
I will check out that site and give it a try!!! Thanks!!
-
Nice Sideout, well done! Saw on the Facebook page that there was some latency for RocketLeague tourney, was the on the service side? Also, how did the steam caching go this time around?
For external DNS, you might consider using Namebench to figure out which DNS servers resolve the fastest for your geographic location. https://code.google.com/p/namebench/
Great post!
NameBench seems to be freaking out
google.com appears incorrect: 4.59.67.50, 4.59.67.25, 4.59.67.34, 4.59.67.24, 4.59.67.55, 4.59.67.39, 4.59.67.29, 4.59.67.59, 4.59.67.40, 4.59.67.35, 4.59.67.49, 4.59.67.20, 4.59.67.44, 4.59.67.54, 4.59.67.30, 4.59.67.45
twitter.com appears incorrect: 199.16.156.230, 199.16.156.198, 199.16.156.70, 199.16.156.6
For some reason it claims 300ms response times to 192.168.1.1.
When I use DNSBench, it says 1ms for cached responses and 75ms for uncached.
-
Thanks again for posting the config and concise adjustment instructions sideout.
Glad to see the Steam p2p bit as well, had issues at our last LAN with the torrent traffic War Thunder uses for updating.
-
Thank you for the comment.
Yes WoT / WoW / WoP and that whole family of games use Torrenting to update. While at times it is okay to let it go especially after the 1st day when most people are arriving and getting things updated , definately like to squelch it during online tourney's.
I can't wait till we can get full Layer 2 managed switches on the tables that way I can track a MAC to the actual port and just disable it there. Now I have to go find the MAC / IP , make a firewall rule to block all traffic from that IP and then wait for the person to come up to the staff table.
Then it's "Oh I didn't have anything turned on" - Oh really?? hmm well the 2000+ states say otherwise. BANHAMMER!!!!!
-
I'll try your config sir and I hope this solves my game/lag problems, I'll give feedback in a few days (or week)
-
Sideout.
Is your config reliant on Pfsense being the primary DHCP?
Here is my Lan Party configuration using HFSC shaping - Single WAN / LAN. Some notes about this config:
1. Apinger is disabled as it is broken still I think and you wont have to disable it when you add more WAN's.
2. Floating Rule config is optimized for last matching processing for my taste with Torrent and Steam P2P blocking.
3. LAN rule config is optimized for 1st rule matching processing with blocks for Torrent and Steam P2P along with TCP passes for certain games.
4. A limiter for TCP uploading and downloading is set on the LAN rules so undo that or change the limits. Currently set at 70MB Download and 8MB upload.
5. qInternet is set at 120MB - change for whatever you have available.
6. Traffic Shaper has been simplified for ease of use with the following queue setup:
A. qACK - ACK queue 15% / 15% real time all interfaces
B. qGames - Gaming / High Priority queue - 40% / 20% real time all interfaces
C. qHTTP - Web / general queue - 40% / 20% share all interfaces
D. qCatchAll - LAN / qDefault - WAN - Default queue - 5% / 5% share / 5% max all interfaces
7. Softflwd is enabled - you will need to change settings to your liking or uninstall.
8. DHCP is set for my ranges. I use a 172.22.0.0/22 for my LAN parties. You will need to adjust.
9. DNS is setup to use 8.8.8.8 / 8.8.4.4 / 208.67.222.222 / 208.67.222.220 for DNS and not to let WAN override. Change if you want.When you switch to multiWAN you will need to do the following:
1. Adjust ALL FLOATING RULES so that both WAN's are chosen.
2. Make a gateway group and under LAN Firewall rules change all rules to use that Gateway group
3. Under System / General Setup - change 2 of the DNS servers to use the other gateways if 2 WAN's . For 3 or more change accordingly.This is the config I use at LAN parties. This is designed to allow max bandwidth for gaming traffic and everything else unknown get's throttled. This works for me and I run it 4 LAN's a year of 150 people per LAN.
Our last LAN (See LANOC v17 Post ) we ran Rocket League and Heroes of the Storm as tourney games and we had under 60MS pings or better the whole time for these games along with League of Legends pings under 60MS as well running on 2 TWC cable modems for Internet access.
-
It is not reliant on PFSense being the primary DHCP. You can designate another server for DHCP / DNS if you want to and it should work just fine.
-
Here is my Lan Party configuration using HFSC shaping - Single WAN / LAN. Some notes about this config:
1. Apinger is disabled as it is broken still I think and you wont have to disable it when you add more WAN's.
2. Floating Rule config is optimized for last matching processing for my taste with Torrent and Steam P2P blocking.
3. LAN rule config is optimized for 1st rule matching processing with blocks for Torrent and Steam P2P along with TCP passes for certain games.
4. A limiter for TCP uploading and downloading is set on the LAN rules so undo that or change the limits. Currently set at 70MB Download and 8MB upload.
5. qInternet is set at 120MB - change for whatever you have available.
6. Traffic Shaper has been simplified for ease of use with the following queue setup:
A. qACK - ACK queue 15% / 15% real time all interfaces
B. qGames - Gaming / High Priority queue - 40% / 20% real time all interfaces
C. qHTTP - Web / general queue - 40% / 20% share all interfaces
D. qCatchAll - LAN / qDefault - WAN - Default queue - 5% / 5% share / 5% max all interfaces
7. Softflwd is enabled - you will need to change settings to your liking or uninstall.
8. DHCP is set for my ranges. I use a 172.22.0.0/22 for my LAN parties. You will need to adjust.
9. DNS is setup to use 8.8.8.8 / 8.8.4.4 / 208.67.222.222 / 208.67.222.220 for DNS and not to let WAN override. Change if you want.When you switch to multiWAN you will need to do the following:
1. Adjust ALL FLOATING RULES so that both WAN's are chosen.
2. Make a gateway group and under LAN Firewall rules change all rules to use that Gateway group
3. Under System / General Setup - change 2 of the DNS servers to use the other gateways if 2 WAN's . For 3 or more change accordingly.This is the config I use at LAN parties. This is designed to allow max bandwidth for gaming traffic and everything else unknown get's throttled. This works for me and I run it 4 LAN's a year of 150 people per LAN.
Our last LAN (See LANOC v17 Post ) we ran Rocket League and Heroes of the Storm as tourney games and we had under 60MS pings or better the whole time for these games along with League of Legends pings under 60MS as well running on 2 TWC cable modems for Internet access.
Hey sideout,
This is great stuff. I'm helping organize a LAN event this weekend and am having a little bit of a hard time with all of this. There will be a single WAN connection.
Under shaper config > WAN - you have it set to 5.5Mbit HFSC in the downloaded config? Is this meant to be your WAN connection limit?
For your FW aliases - specifically BF4SRV*, these are for some specific servers on the net that your users were connecting to?
We have properly configured LAN Cache (https://github.com/multiplay/lancache) and I'm wondering if any of the rules around GameDownloadProviders would conflict with that? I'm assuming our LAN Cache server would need to bypass that rule.. so it can cache things?
This is great, thanks!
-
Yes the 5.5Mibt is the upload limit on the WAN interface.
The BF4 Servers were specific servers we were connecting to for tourney's yes. You can take those out.
You would want to make a rule on the LAN side with the IP of the cache server so that it is not limited by the TCP limiter. I would also put a floating rule in with the IP of the cache server so it goes in the qGames so it has the most bandwidth to cache stuff.
Make sure you double check that UPnP is turned on and set to WAN since this is a single WAN configuration.
Good luck with your LAN. Be sure to monitor the UPnP window on PFSense to see who is trying to torrent and then just make a rule on the LAN side to block any any from that IP. They will figure out they are blocked and come see you.
-
Bringing this back to the top to thank Sideout for the config!
Thanks to being able to read through your rules and xml files I was able to read the guides for pfSense traffic shaping and somewhat figure out how that applies to my actual need.
You have one of the only openly available complete configs for gaming. It's a great learning resource.
Thanks again.
-
Thank you!!! I appreciate the compliment alot!!!
-
Thanks again sideout for the config! I am new to this, Is there away to upload the XML files to my pfsense router? or do I have to look at the files and recreate all the ques and rules manually?
Thanks!
-
At Diagnostics | Backup/Restore you can restore a configuration from file. Set the "Restore Area" to "Traffic shaper".
-
Hey sideout.
Just wanted to thank you for the nice TS config. Just a couple of questions though…
For this parts:
4. A limiter for TCP uploading and downloading is set on the LAN rules so undo that or change the limits. Currently set at 70MB Download and 8MB upload.
I don't see any limits settings on this LAN rule in my FW settings. Is there something else that requires importing? My observations see that it seems to be throwing all HTTP downloads and limiting them in the levels for qHTTP settings.
There is a reference to qDNS on the Floating Rules side for DNS traffic, and I don't see this in the TS queues. Is this supposed to be like this?
Lastly, for the WAN and Internet settings, are those the ISP profiles or just under them? I've tried lowering upwards of 10 percent from my ISP profile (100/10) to 90/9 and still don't see or feel any differences.
Thanks again.
-
@Thor086:
Lastly, for the WAN and Internet settings, are those the ISP profiles or just under them? I've tried lowering upwards of 10 percent from my ISP profile (100/10) to 90/9 and still don't see or feel any differences.
What do you mean by "still don't see or feel any differences"? What exactly do you want to see or feel? Precisely what problem(s) are you experiencing?
Are you experiencing bufferbloat (aka high ping)? Are you saturating upload, download, or both?
-
Hi, yes I see buffer bloat from either profile settings or lowering it by 10 percent. My understanding is that is normal with HFSC. Correct me if I am wrong.
Thank you.
-
@Thor086:
Hi, yes I see buffer bloat from either profile settings or lowering it by 10 percent. My understanding is that is normal with HFSC. Correct me if I am wrong.
Thank you.
HFSC does not control the queue depth (bufferbloat). You can change the queue depth (default: 50 packets) yourself or employ an AQM like Codel (tick codel checkbox) to deal with bufferbloat.
-
@Thor086:
Hey sideout.
Just wanted to thank you for the nice TS config. Just a couple of questions though…
For this parts:
4. A limiter for TCP uploading and downloading is set on the LAN rules so undo that or change the limits. Currently set at 70MB Download and 8MB upload.
I don't see any limits settings on this LAN rule in my FW settings. Is there something else that requires importing? My observations see that it seems to be throwing all HTTP downloads and limiting them in the levels for qHTTP settings.
There is a reference to qDNS on the Floating Rules side for DNS traffic, and I don't see this in the TS queues. Is this supposed to be like this?
Lastly, for the WAN and Internet settings, are those the ISP profiles or just under them? I've tried lowering upwards of 10 percent from my ISP profile (100/10) to 90/9 and still don't see or feel any differences.
Thanks again.
The limiter is for TCP only from the LAN and if you want to change it then adjust the limter settings under traffic shaping or just disable the rule. Since the limiter is on the last LAN rule before the any / any rule it will limit all TCP traffic from the WAN to the LAN.
The WAN / Internet settings should be at 95% of your ISP Limits.
I had a qDNS in there and a rule once upon a time and might have taken it out but forgot the rule so either disable the floating rule or make a queue under shaping on the LAN or WAN if you want to use it.
