Best way to reduce game latency
-
fq_codel is great at reducing latency on its own. Adding complexity by having more queues may actually make it worse. Of course not in relation to the issue you're seeing.
What would be the easiest setup here? i dont mind not dealing with queues :D
-
stuff
not sure what you mean here, would you mind sending me some screenshots or uploading them here, i thought the floating rules were necessary. I just added for my upload limiters source and for my download limiters destination with the same results :(
Actually the most basic setup requires only an upload and download limiter with one queue under each, and no matching firewall rules.
Here's how you would set that up:
First, remove your existing settings including your matching firewall rules you created for fq_codel.
Next:
1) Create a upload and download limiter and set their bandwidth limits
2) Create one queue under the Upload limiter, i.e. in your case let's call this "in" and make sure the Mask field is set to "Source Addresses". Leave the Weight field empty.
3) Create one queue under the Download limiter, i.e. in your case let's call this "out" and make sure the Mask field is set to "Destination Addresses". Leave the Weight field empty.
4) Next go to your LAN interface and find the rule that allows outbound traffic to the internet (e.g. your default allow all rule). Under that rules' settings, go to Advanced Options, In/Out Pipe.
5) For the In Pipe use the queue you created under the upload limiter, in your case the "in" queue.
6) For the Out Pipe use the queue you created under the download limiter, in your case the "out" queue.
7) Enable fq_codel with this command: ipfw sched 1 config pipe 1 type fq_codel && ipfw sched 2 config pipe 2 type fq_codel
8 ) Speed test and check for buffer bloat.Harvy66 is right that fq_codel is pretty good at reducing latency without having to filter traffic into different queues first and then applying fq_codel. In my case I'm only using multiple weighted queues to control the total amount of bandwidth available to different VLAN's instead of controlling the amount of bandwidth available to different traffic on the same interface/VLAN. That may still be possible to do (e.g. with matching firewall rules), but unfortunately I have don't have any specific experience with such a setup.
Hope this helps.
-
I must be doing something wrong.
-
I must be doing something wrong.
Try this:
- On the command line issue this command: ipfw pipe flush
- Then go ahead and reset your firewall states.
- Then issue this command on the command line: ipfw sched 1 config pipe 1 type fq_codel && ipfw sched 2 config pipe 2 type fq_codel
- Try another speed test.
What do the results look like now?
Hope this helps.
-
I must be doing something wrong.
Try this:
- On the command line issue this command: ipfw pipe flush
- Then go ahead and reset your firewall states.
- Then issue this command on the command line: ipfw sched 1 config pipe 1 type fq_codel && ipfw sched 2 config pipe 2 type fq_codel
- Try another speed test.
What do the results look like now?
Hope this helps.
First off thank you for helping me! That's really great! Unfortunately this did change the outcome significantely, or at least i get the same result.
Could there be anything else besides the trafficshaper that influences this, whats surprising to me is that the upload part of the speedtest just works flawlessly, no bufferbloat and constant high throughput, its only that the download really is not working well, when i remove the traffic shaper its the opposite ?
-
after updating to 2.4.3 no change
-
after updating to 2.4.3 no change
Something still seems off here. Do you have any other firewall rules (floating or otherwise) or traffic shaping settings enabled that are impacting traffic coming to or from your LAN and/or WAN? Besides setting up the limiters and queues, are there any other changes you made to try to implement fq_codel that you might have forgotten to undo? Can you provide screenshots again so we can see if anything does not look correct? Also, what happens if you raise the limiters to 930 or 940Mbit? Any difference?
Hope this helps.
-
Hey tman222,
So, i have some port forwarding rules activated for some services on some other machines, but other than that nothing really. I put as you suggested the in and out pipe on the lan rule instead of creating floating rules, and deactivated/deleted all the other rules I had on. When i'll come home from work i'll upload some screenshots/ or some video. Maybe there is something obviously wrong and i am just too much of a beginner. Thanks again for all the help and effort you put into my problems.
-
Hey tman222,
So i basically here are all my settings regarding firewalling and limiters. Could i have messed something up with nat or dns, that could cause a problem like this?
https://imgur.com/a/5z4zM
Edit: Update:
When i limit the download to 500Mbit, i dont get any buffer-bloat as soon as I go above if feels like the download just crashes… any suggestions are welcome.
-
Hey tman222,
So i basically here are all my settings regarding firewalling and limiters. Could i have messed something up with nat or dns, that could cause a problem like this?
https://imgur.com/a/5z4zM
Edit: Update:
When i limit the download to 500Mbit, i dont get any buffer-bloat as soon as I go above if feels like the download just crashes… any suggestions are welcome.
The only thing I see right now in those WAN rules that I'm a little suspicious of are the two haproxy rules that pass HTTP/HTTPS traffic on port 80 and 443. What does this NAT redirect do exactly? If you disable those two rules temporarily does it make a difference?
Also, are you running any IDS/IPS (e.g. Snort) on your interfaces? If so, if you disable that, do you see any improvement?
What are the hardware specs of your pfSense box?
Hope this helps.
-
Hi,
the ha proxy rules direct incoming traffic on port 80 and 443 to the internal haproxy, to direct to my personal blog and a speed test, https://speed.zwck.de so nothing critical. However, if i disable the haproxy rules the results are the same. I also dont have a snort running.
My system is an older i5 system with 4GB ram and 4 intel nics, i am thinking maybe something is setup wrongly in the general setup. maybe dns ? i really have no idea.
The thing is if i flush the pipe ;) (ipfw pipe flush and reload the filters) the sched resetsto WF2Q+ of course, when i now perform the dlsreport speed tests the speeds are to be expected 900Mbits, quite constant, and with limited bufferbloat. However, when i have qa_coddle on the download just crashes hardcore, it goes up to 900 then stops (bufferbloat 35 seconds) then drops to 40Mbit and avg of 350 or so. its really weird. I checked my cpu performance and states and all, but nothing seems to bottle neck this.
-
Hi,
the ha proxy rules direct incoming traffic on port 80 and 443 to the internal haproxy, to direct to my personal blog and a speed test, https://speed.zwck.de so nothing critical. However, if i disable the haproxy rules the results are the same. I also dont have a snort running.
My system is an older i5 system with 4GB ram and 4 intel nics, i am thinking maybe something is setup wrongly in the general setup. maybe dns ? i really have no idea.
The thing is if i flush the pipe ;) (ipfw pipe flush and reload the filters) the sched resetsto WF2Q+ of course, when i now perform the dlsreport speed tests the speeds are to be expected 900Mbits, quite constant, and with limited bufferbloat. However, when i have qa_coddle on the download just crashes hardcore, it goes up to 900 then stops (bufferbloat 35 seconds) then drops to 40Mbit and avg of 350 or so. its really weird. I checked my cpu performance and states and all, but nothing seems to bottle neck this.
Thanks for the additional information. Your particular case is indeed interesting because fq_codel looks like it's working fine on the upload side, but not on the download for some reason. It seems like it there is a constraint somewhere, whether it's physical or some type of processing constraint.
In any case, there are a few more things we can try:
- If you increase the limiters from 900Mbit to 930Mbit or 940Mbit, do you see any difference?
- Regarding your system specs, what make and model Intel NIC's do you have in your system?
- Given that yours is a very fast connection (symmetric gigabit), we might want to try tuning the NIC parameters a bit to see if it will help:
For example, see these two threads and pfSense wiki entry:
https://forum.pfsense.org/index.php?topic=113496.0
https://forum.pfsense.org/index.php?topic=132345
https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_CardsIn particular, I would be curious about, the rx and tx descriptors (rxd, txd), rx and tx process limit, number of queues, and the nmbclusters settings on your system.
You can easily access these values from the command line using, e.g. : sysctl -a | grep hw.igb.txd and so on. Do note that depending on the type of Intel NIC's you have, you may need to "em" instead of "igb".
I actually also have a symmetric gigabit fiber connection and was able to improve performance some after tuning some of these parameters.
Hope this helps.
-
Hey tman222,
thanks man for the help, when i up the limit to 930 or 940 the same happens, no real improvement.
The NICS are https://ark.intel.com/products/64404/Intel-Ethernet-Controller-I211-AT if i check what the parameters are the following shows up
These are my current values. maybe i should play around with them.
hw.igb.txd: 1024 hw.igb.rxd: 1024 net.pf.states_hashsize: 32768 net.pf.source_nodes_hashsize: 8192 hw.igb.tx_process_limit: -1 hw.igb.rx_process_limit: 100 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.bucketlimit: 30If i would like to change them i most likely have to put them into system tunables, right ?
-
Hey tman222,
thanks man for the help, when i up the limit to 930 or 940 the same happens, no real improvement.
The NICS are https://ark.intel.com/products/64404/Intel-Ethernet-Controller-I211-AT if i check what the parameters are the following shows up
These are my current values. maybe i should play around with them.
hw.igb.txd: 1024 hw.igb.rxd: 1024 net.pf.states_hashsize: 32768 net.pf.source_nodes_hashsize: 8192 hw.igb.tx_process_limit: -1 hw.igb.rx_process_limit: 100 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.bucketlimit: 30If i would like to change them i most likely have to put them into system tunables, right ?
Hi again,
Yes, you can change those settings either in the System Tunables section under Advanced Settings, or you can also put them in /boot/loader.conf.local
To begin, I would change the following:
hw.igb.txd: 2048
hw.igb.rxd: 2048hw.igb.tx_process_limit: -1
hw.igb.rx_process_limit: -1 (100 is probably too low for a fast connection like yours).Also, what value did you have for kern.ipc.nmbclusters? If it's less than 131072, I would change it to 131072 to start and see if that offers any improvement as outlined here:
https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards
–-----
Let's see if changing those parameters offers some improvement. Hope this helps.
-
so i completely reinstalled pfsense, from scratch, just set up the traffic shaper. same results as before.
Then i added
hw.igb.txd: 2048
hw.igb.rxd: 2048hw.igb.tx_process_limit: -1
hw.igb.rx_process_limit: -1but besides taking more memory nothing really changed. my kern.ipc.nmbclusters are twice that much. Whats next ? its 3 am and i just restored everything to the before stage… :( Thanks tman for all your help i am really clueless :(
-
Hmmm, this is indeed perplexing and I'm running out of ideas unfortunately. However, there's an alternative we can try. Instead of using dummynet (limiters) and fq_codel, we can emulate the behavior of fq_codel using the ALTQ traffic shaping by using the FAIRQ Scheduler and Codel controlled queues. The performance of this is similar to fq_codel. Would you be willing to try that?
Here's how you would set it up:
- First off remove all your fq_codel limiters and associated queues from both Firewall/Traffic Shaper and from you your firewall rules.
- Next go to Firewall/Traffic Shaper/By Interface tab
- For your WAN interface, choose scheduler type FAIRQ and set bandwidth equal to 900 Mbit/s. Check Enable/disable discipline and its children and hit Save.
- Next go to the bottom and click "Add new Queue".
- In the queue settings choose a name, then choose the default priority of 1. For "Queue Limit", choose either 512 or 1024 (the default is 50, which is too low for your connection speed). For scheduler options check "Default Queue" and "Codel Active Queue". For bandwidth choose 900 Mbit/s. Check "Enable/disable discipline and its children". Click Save to save the queue settings.
- Repeat steps 3-5 for your LAN interface.
Once you have done that, run a speed test again. What does the performance look like?
Hope this helps.
-
Hiii,
this is exactly the way i had it set up before based on this http://www.speedtest.net/insights/blog/maximized-speed-non-gigabit-internet-connection/ article, which lead me to the whole qu_coddle thread here :D
The tests are great i get like ABA mainly,which is better then FCA, however i would really like to know what is off with my system that the qa_cddle thing isnt working, might it be the ram? or similar
-
Thanks for getting back to me. So it's good to know that ALTQ FAIRQ + Codel does work in your case. However, we should be able to get fq_codel working as well using dummynet (limiters).
I have a few more questions for you:
- Is there anything special about your symmetric gigabit connection (e.g. are you using PPoE or something like that)?
- What pfSense add-on's/plug-in's are you running, if any?
- When you installed pfSense from scratch, did you also re-enable are your WAN NAT firewall rules, or did you try shaping with just the defaults (i.e. no special firewall rules on WAN and/or LAN)? I'd be curious to see what results look like with just the system defaults (i.e. no special firewall rules and no add-on's/plug-in's).
- Can you do me a favor and show me screenshots again for your limiter and queue settings, firewall rules, as well as the fq_codel configuration (output) from the command line? I just want to check one more time to make sure we didn't miss anything obvious.
Hope this helps.
-
Hey Tman222,
I am trying to answer this to the best of my ability, i dont think there is anything special about my fiber cable. Its an FTTH setup
Fiber cable -> TP-LINK MC220L, 1x SFP 1000Base-SX/LX/LH, 1x RJ45 1000Base-T (Media converter) + TP-LINK TL-SM321B, SFP, Simplex, LX/LC (Transceiver) -> RJ45 -> PFSENSE
PFSENSE:
Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz
4 1Gbit Intel NIC i211-AT
120GB SSD
4GB RamPFsense Plugins (typically shellcmd103 haproxy0552 nmap1441 ntopng0811 pfblockerng2122) however at the moment only haproxy is on.
after resetting the pfsense i changed the ip of the box created the limiters changed the in/outpipe of the default lan rule allow all,set the traffic shaping to qa_codle through the cmd and run the dslreport test
i did not change anything regarding NAT or other rules, everything should be set to default. such as NAT reflection and so on.
- https://imgur.com/a/5z4zM this is still how i have it.
at the moment i have my download limit to 500 and upload to 890
/tmp/rules.limiterpipe 1 config bw 500Mb queue 1 config pipe 1 mask dst-ip6 /128 dst-ip 0xffffffff pipe 2 config bw 890Mb queue 2 config pipe 2 mask src-ip6 /128 src-ip 0xffffffffand ipfw sched show
00001: 510.000 Mbit/s 0 ms burst 0 q00001 50 sl. 0 flows (256 buckets) sched 1 weight 1 lmax 0 pri 0 droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 sched 1 type FQ_CODEL flags 0x0 0 buckets 1 active FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 1 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 ip 0.0.0.0/0 0.0.0.0/0 809 32614 0 0 0 00002: 890.000 Mbit/s 0 ms burst 0 q00002 50 sl. 0 flows (256 buckets) sched 2 weight 1 lmax 0 pri 0 droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 sched 2 type FQ_CODEL flags 0x0 0 buckets 1 active FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 2 0 ip 0.0.0.0/0 0.0.0.0/0 1219696 1819422727 416 622680 787when uploading traffic seems to go through it
and upon downloading same thing..
00001: 510.000 Mbit/s 0 ms burst 0 q00001 50 sl. 0 flows (256 buckets) sched 1 weight 1 lmax 0 pri 0 droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 sched 1 type FQ_CODEL flags 0x0 0 buckets 1 active FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 1 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 ip 0.0.0.0/0 0.0.0.0/0 209511 312499033 164 245320 377 00002: 890.000 Mbit/s 0 ms burst 0 q00002 50 sl. 0 flows (256 buckets) sched 2 weight 1 lmax 0 pri 0 droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 sched 2 type FQ_CODEL flags 0x0 0 buckets 1 active FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN Children flowsets: 2 0 ip 0.0.0.0/0 0.0.0.0/0 1242 50904 0 0 0In my advanced>interfaces tab after setting up the pfsense disable hardware TCP segmentation offload and Disable hardware large receive offload is ticked. is that alright, or should i be able to untick this?
-
Hi again,
I still feel like there is a bottleneck somewhere and that is why you are seeing poor performance above 500Mbit/s. However, I'm not quite sure yet where that bottleneck is, and while you do have a slower CPU (and it is ultra-low power), I'm not 100% convinced that's it.
So, we can do some troubleshooting to try to find where the bottleneck is occurring on your system. Please see this link:
https://bsdrp.net/documentation/technical_docs/performance
And go down to the section, "Where is the bottleneck?" at the bottom.
Can you try some of the tools suggested there and report back the results? I would try a test at 500Mbit with fq_codel enabled and then one at 900Mbit with fq_codel enabled to see what differences/issues might show up.
Hope this helps.