• Is this article about bufferbloat as issue with pfsense?

  • That is well known in TCP world.
    pfSense has buffer auto-tuning to avoid this and hopefully in 2.1 will have different algorithms choice for congestion avoidance for different kind of links as will FreeBSD in its 8.2 release.

    The internet is built on top of collaboration rules and not strict rules so this things are normal.

  • And what Ermal described is only applicable to the endpoints of the TCP connection (real source and destination), which is usually not your firewall (unless you're running Squid which makes the firewall initiate the actual connection), most often the systems behind it.

  • I want to comment on this as well, since the internet is all ablaze with talk of bufferbloat now, thanks to Gettys and Robert Cringley. Are you saying that we don't need to configure anything for pfsense to avoid bufferbloat? If the dudes above are all recommending we tweak our home DSL routers, would that not also matter to pfsense? The kind of problems that are described as a cause of bufferbloat are exactly the kind of issues we are seeing with our staff behind pfsense boxes, for the record.

  • A general resource site has been set up to track the discussion: http://www.bufferbloat.net/

    The main migration [1] seems to be some form of traffic shaping. Explicit resist traffic leaving your networks below the rated limit of the links.

    One of the threads had a nasty example [2]:

    In the old days i was used to be able to work interactive on a Serial connection with 33600 Bit/s shared with 10 Dialup users.

    After reading Jims blog i started to dig in our Network and found huge buffers on the Huawei MA5600 DSLAMs which are Ethernet based DSLAMs. These DSLAMs are basically invisible to the user as they are only in the L2 PPPoE path for the customer.

    I found the Buffer to be roughly 1MByte per Line. With a 1MBit/s DSL line this is roughly 10s worth of Buffer which i can observe on my line in the real world.

    The FAQ [3] is handy as well.

    [1] http://gettys.wordpress.com/2010/12/08/bufferbloat-mitigations/
    [2] https://lists.bufferbloat.net/pipermail/bloat/2011-January/000004.html
    [3] http://gettys.wordpress.com/bufferbloat-faq/

  • pfSense is a router and its network interface queues are the only place where such delay can be induced.
    Though the delay in such queues is not noticeable.
    When you use traffic shaping of course is up to you to decide on what to do and that is why it exists.

    For any equipment doing translation from one format to the other as is shown above from ethernet to ADSL etc for sure there is such queue/buffer and its not related to pfSense in any way of control. Though pfSense can help on reducing what is buffered in configuring traffic shaping to provide lest delay which might mean even dropping packets to achive this.

  • Thanks guys, that's useful information.

Log in to reply