Stability issues with Vodafone Gigafast

eds89

Hi,

I currently have Virgin DOCSIS coax into the home, and have this working in my pfSense VM on ESXi without issue, and with several more advanced configs such as PIA OpenVPN client, inbound NATs, etc.

I've been trying to get my new Vodafone FTTP service working properly on a secondary WAN link, but am finding as soon as my PPPoE session establishes, and I start sending traffic down the link, the stability is horrible with lots of dropped pings and really high response times.
I also find, that the pfSense WebUI at some point becomes completely unresponsive, or I start getting NGINX timeout errors when trying to load the page to change my default gateway back.

I think this issue must lie in my pfSense config, as I have created a new VM in place of the old one, and done a basic install and setup on it, and stability appears to be fine.

How, on the old install, can I diagnose the stability issues?
I'd rather not have to reconfigure all of my extra interfaces, rules, VPN clients etc on a new VM.

Cheers
Eds

eds89

@eds89 This seems to be related to ALTQ/PRIQ shaping rules, as as soon as I had copied these over to a new install, I started seeing the problematic behaviour.

I will speak to Vodafone to see why this might cause an issue, but anyone have any thoughts why stability is poor when using queues that work on Virgin's network?

Cheers
Eds

pwood999

Surely the traffic shaping rules are between the pfsense WAN & LAN only. No point in doing any traffic marking beyond the WAN.

Not sure about VF, but Virgin definitely strip all QOS bits inbound & outbound to their various internet connections. Hence why it doesn't help gamers that try traffic marking.

Your marking might get noticed by the CMTS, but will still remain in the same Docsis Service flow, so no benefit to you. Low Latency Docsis is being worked on by lots of vendors & operators, but not customer ready yet.

eds89

@pwood999 Thanks for this.

That's right.
I'm not really expecting any change of priority at the network/ISP level, I am mainly focused on pfSense itself prioritising Plex traffic. I know that traffic won't get any precedence once it leaves my network, I just want to ensure if there are other high bandwidth consumers on the LAN at the time, the Plex traffic is given priority by pfSense.

I am only applying the floating traffic shaping rules to the WAN and LAN connections.
Perhaps I am doing it wrong. Is there any guidance available on how best to set it up?
My assumption was;

1. Use the wizard to create default rules
2. Create a new higher priority queue on the WAN and LAN interfaces
3. Create a firewall rule that applies the high priority queue to traffic matching a specific port

Again, this worked fine for Virgin, and I was seeing my Plex traffic hit this rule, but with Vodafone it brings the WAN connection to a grinding halt!

Cheers
Eds

pwood999

@eds89 Perhaps Vodafone doesn't like the packets marked going out the WAN ? Just give them priority within your LAN & internal to pfsense.

Have a look at the VF T&C's to see if they mention anything ?

eds89

@pwood999 Can you offer me any guidance on how to configure it?

Again, I used the wizard to create the queues, but did not apply them to any firewall rules. The issue was still present.

If it has a problem before I've even tagged any packets in my rules, then I am presuming I have used to wizard incorrectly to set the queues up?

Cheers
Eds

pwood999

Wondering why you need traffic shaping within home LAN? Probably best to switch it off, and make sure either load-balance or failover is working correctly with your Dual-WAN first.

I have Virgin (400Mbps) plus BT (320Mbps), and they balance just fine.

I only ever used traffic shaping to restrict kids internet speed from 10pm to 6am. This nicely caused gaming to suffer, but allowed web access for homework to proceed !!

eds89

@pwood999 I'm not trying to prioritise it "within" the LAN, I am trying to ensure that pfSense itself gives this traffic priority over everything else. For example;
If I have a download running on my machine, but someone is remotely watching a video on Plex, I want pfSense to prioritise the Plex traffic so my download does not impact the viewers experience.

Without any shaping, it is possible that pfSense would devote all available bandwidth to my download, forcing buffering on the Plex client.
If I have shaping rules within pfSense, it won't be prioritised on the Vodafone network, but it will be from a routing perspective on my gateway/network.

I want to use shaping to in essence do the opposite of what you do for your kids;
Rather than restricting clients to set bandwidths, I want to ensure some clients (more specifically traffic types/ports) are given priority.

I don't have dual WAN. I had both connections configured whilst my Vodafone connection was installed and the Virgin one was being terminated, but I am only using Vodafone at this stage.

Cheers
Eds

pwood999

@eds89 That's the same as I meant, i.e. setting priorities on LAN to PfSense traffic !!

If the shaping rules are the same, then the only change is the WAN config. What is different ?