Discourage gaming - add significant latency? other ideas?

mervincm

Can someone suggest a way to significantly degrade the gaming experience via pfsense? To a specific IP address (or a set of them, maybe an alias) I looked at QOS options, but since the link is never actually at its limits, it seems the priorities don't actually kick in.
If I could add 50-100 ms of latency to a few IP I think it would do the job and still allow other traffic at a reasonable quality of experience.

netblues

Have you tried limiters? Create a limiter, assign a queue and specify packet loss and latency.
Then create a floating rule and assign queue for in/out pipe . (you can always create two queues and control misery bothways.. ) :)

mervincm

I think I should start with traffic inbound from the Internet.
I created a limiter, specified a bandwidth limitation ( 1/2 my ISP provided DL capacity), Mask: none, then in queue, left it at Tail drop and FIFO, no specific queue length and ECN not enabled. under advanced, I specified a 50ms delay, saved and added a new queue. I left everything as default here ( didn't want to add packet loss)

Then, under firewall rules, floating, I create a new Pass rule, above the standard existing rule, I don't see how to assign the limiter I made, nor the in/out pipe.

Am I missing something here?

netblues

floating rules, advanced, scroll down to in/out pipe and assign queue

mervincm

Does not seem to have the desired effect.
I can confirm the gamer is using DHCP assigned IP address I created a reservation for
I confirm that ip address (mouseover lists the hostname actually) is in the alias that I created (gaming_systems)
I have a floating rule, the first one, ipv4 * for protocol, source *, port *, Destination is my alias, gaming_systems, port *, gateway * , in/out pipe I selected the queue named "latency" in the first box (is that IN?)

if I mouse over the floating rule states it says evaluations 6008K, packets:0, bytes:0, states:0 state creations:0

mervincm

Can anyone suggest where I may have gone wrong? I understand this should add 150ms of latency and 5% packet loss.

0_1542777947082_0a547e7b-b88c-4ff7-aa38-cc7012486213-image.png

0_1542778029845_ab1c6ee5-da94-4263-a188-a9155c2ff07d-image.png

0_1542778092850_a933e5cf-7fd7-49e9-a8f0-7b29926b1110-image.png

0_1542778248549_9fa14af7-b0db-4893-b264-fc5460004be8-image.png

Derelict

What is in the gaming_systems alias?

mervincm

it contains the IP adresses of the systems that I want to add latency and packet loss to.

0_1542849068200_ced5c34d-c80f-4968-aa67-e94bc2fd285d-image.png

Derelict

Try doing exactly the same thing but change the floating rule interface from WAN any to LAN any. And from type Pass to type Match. You will still need a normal pass rule on LAN to pass the traffic from them but that could just be the one for all of LAN.

I would also set both in and out queues to latency.

mervincm

OK I did this, but it didn't help

0_1542940642093_08d6dbb7-9287-4a93-90c5-458d519832c5-image.png

If you mean set these both to latency, then I can't do that, as I get an error if I change the second one (OUT) to latency , they can't be the same
0_1542940823045_2b2cac85-0204-40ab-9fba-9c5b971244d9-image.png

uptownVagrant

Ugh! Before I tell you how to do this I thought I would make sure that you know that you are really creating a terrible use experience for gaming_systems. Not only will the online games suck but everything else that you may NOT want to slow down will suck too. Why would you want everything to suck? (rhetorical question)

Here's how you make things suck...

Create Limiters:

1.) Create "Out" limiter

Tick Enable
Name: latency_out
Bandwidth: 100 Mbit/s
Queue Management Algorithm: Tail Drop
Scheduler: FIFO
Delay (ms): 75
Packet Loss Rate: 0.025
Save/Apply Changes

2.) Add "Out" queue

Tick "Enable"
Name: latency_out_q
Queue Management Algorithm: Tail Drop
Save/Apply Changes

3.) Create "In" limiter

Tick "Enable"
Name: latency_in
Bandwidth: 100 Mbit/s
Queue Management Algorithm: Tail Drop
Scheduler: FIFO
Delay (ms): 75
Packet Loss Rate: 0.025
Save/Apply Changes

4.) Add "In" queue

Tick "Enable"
Name: latency_in_q
Queue Management Algorithm: Tail Drop
Save/Apply Changes

Add floating firewall rules:

1.) Add "Out" limiter in floating firewall rule

Action: Match
Interface: LAN
Direction: out
Address Family: IPv4
Protocol: Any
Source: any
Destination: gaming_systems
Description: gaming_systems OUT limiter
Gateway: WANGW
In / Out pipe: latency_out_q / latency_in_q

2.) Add "In" limiter in floating firewall rule

Action: Match
Interface: LAN
Direction: in
Address Family: IPv4
Protocol: Any
Source: gaming_systems
Destination: any
Description: gaming_systems IN limiter
Gateway: Default
In / Out pipe: latency_in_q / latency_out_q

Graph to show added latency:
0_1542995270435_Add_150ms_latency_.05_loss.jpg

mervincm

I only added this much delay/loss to make sure it is visible in my post-test. Where I eventually land is somewhere that it is frustrating to use, but not impossible. I want to discourage the use of this link, while not making unavailable completely. Thank you for your time, I really appreciate it. I will try what you suggest and let you know how it goes!

Derelict

If it cannot set both to the latency queue, then make identical queues for latency_in and latency_out.

mervincm

This absolutely works!!!!!!!

Thanks to you both so very much.