Discourage gaming - add significant latency? other ideas?



  • Can someone suggest a way to significantly degrade the gaming experience via pfsense? To a specific IP address (or a set of them, maybe an alias) I looked at QOS options, but since the link is never actually at its limits, it seems the priorities don't actually kick in.
    If I could add 50-100 ms of latency to a few IP I think it would do the job and still allow other traffic at a reasonable quality of experience.



  • Have you tried limiters? Create a limiter, assign a queue and specify packet loss and latency.
    Then create a floating rule and assign queue for in/out pipe . (you can always create two queues and control misery bothways.. ) :)



  • I think I should start with traffic inbound from the Internet.
    I created a limiter, specified a bandwidth limitation ( 1/2 my ISP provided DL capacity), Mask: none, then in queue, left it at Tail drop and FIFO, no specific queue length and ECN not enabled. under advanced, I specified a 50ms delay, saved and added a new queue. I left everything as default here ( didn't want to add packet loss)

    Then, under firewall rules, floating, I create a new Pass rule, above the standard existing rule, I don't see how to assign the limiter I made, nor the in/out pipe.

    Am I missing something here?



  • floating rules, advanced, scroll down to in/out pipe and assign queue



  • Does not seem to have the desired effect.
    I can confirm the gamer is using DHCP assigned IP address I created a reservation for
    I confirm that ip address (mouseover lists the hostname actually) is in the alias that I created (gaming_systems)
    I have a floating rule, the first one, ipv4 * for protocol, source *, port *, Destination is my alias, gaming_systems, port *, gateway * , in/out pipe I selected the queue named "latency" in the first box (is that IN?)

    if I mouse over the floating rule states it says evaluations 6008K, packets:0, bytes:0, states:0 state creations:0



  • Can anyone suggest where I may have gone wrong? I understand this should add 150ms of latency and 5% packet loss.

    0_1542777947082_0a547e7b-b88c-4ff7-aa38-cc7012486213-image.png

    0_1542778029845_ab1c6ee5-da94-4263-a188-a9155c2ff07d-image.png

    0_1542778092850_a933e5cf-7fd7-49e9-a8f0-7b29926b1110-image.png

    0_1542778248549_9fa14af7-b0db-4893-b264-fc5460004be8-image.png


  • Netgate

    What is in the gaming_systems alias?



  • it contains the IP adresses of the systems that I want to add latency and packet loss to.

    0_1542849068200_ced5c34d-c80f-4968-aa67-e94bc2fd285d-image.png


  • Netgate

    Try doing exactly the same thing but change the floating rule interface from WAN any to LAN any. And from type Pass to type Match. You will still need a normal pass rule on LAN to pass the traffic from them but that could just be the one for all of LAN.

    I would also set both in and out queues to latency.



  • OK I did this, but it didn't help

    0_1542940642093_08d6dbb7-9287-4a93-90c5-458d519832c5-image.png

    If you mean set these both to latency, then I can't do that, as I get an error if I change the second one (OUT) to latency , they can't be the same
    0_1542940823045_2b2cac85-0204-40ab-9fba-9c5b971244d9-image.png



  • Ugh! Before I tell you how to do this I thought I would make sure that you know that you are really creating a terrible use experience for gaming_systems. Not only will the online games suck but everything else that you may NOT want to slow down will suck too. Why would you want everything to suck? (rhetorical question)

    Here's how you make things suck...

    Create Limiters:

    1.) Create "Out" limiter

    • Tick Enable
    • Name: latency_out
    • Bandwidth: 100 Mbit/s
    • Queue Management Algorithm: Tail Drop
    • Scheduler: FIFO
    • Delay (ms): 75
    • Packet Loss Rate: 0.025
    • Save/Apply Changes

    2.) Add "Out" queue

    • Tick "Enable"
    • Name: latency_out_q
    • Queue Management Algorithm: Tail Drop
    • Save/Apply Changes

    3.) Create "In" limiter

    • Tick "Enable"
    • Name: latency_in
    • Bandwidth: 100 Mbit/s
    • Queue Management Algorithm: Tail Drop
    • Scheduler: FIFO
    • Delay (ms): 75
    • Packet Loss Rate: 0.025
    • Save/Apply Changes

    4.) Add "In" queue

    • Tick "Enable"
    • Name: latency_in_q
    • Queue Management Algorithm: Tail Drop
    • Save/Apply Changes

    Add floating firewall rules:

    1.) Add "Out" limiter in floating firewall rule

    • Action: Match
    • Interface: LAN
    • Direction: out
    • Address Family: IPv4
    • Protocol: Any
    • Source: any
    • Destination: gaming_systems
    • Description: gaming_systems OUT limiter
    • Gateway: WANGW
    • In / Out pipe: latency_out_q / latency_in_q

    2.) Add "In" limiter in floating firewall rule

    • Action: Match
    • Interface: LAN
    • Direction: in
    • Address Family: IPv4
    • Protocol: Any
    • Source: gaming_systems
    • Destination: any
    • Description: gaming_systems IN limiter
    • Gateway: Default
    • In / Out pipe: latency_in_q / latency_out_q

    Graph to show added latency:
    0_1542995270435_Add_150ms_latency_.05_loss.jpg



  • I only added this much delay/loss to make sure it is visible in my post-test. Where I eventually land is somewhere that it is frustrating to use, but not impossible. I want to discourage the use of this link, while not making unavailable completely. Thank you for your time, I really appreciate it. I will try what you suggest and let you know how it goes!


  • Netgate

    If it cannot set both to the latency queue, then make identical queues for latency_in and latency_out.



  • This absolutely works!!!!!!!

    Thanks to you both so very much.