Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Traffic Shaping with TCP Limiters and caching - general info / tips

    Traffic Shaping
    1
    4
    1135
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sideout last edited by

      So in an ongoing project of research with running PFSense at 2 area LAN parties , I keep playing with it trying to tweak it to get traffic shaping to work the best way possible.  I have taken some things that others in this forum have done (and on other forums / blogs ) and kind of made my own configuration and ideas.  Props to Elgwhoppo as well. (http://elgwhoppo.com/2013/09/04/pfsense-lan-party-qos-1-3-individually-limited-tcp-streams/)

      Attached is a picture where I am downloading a Steam game with traffic shaping turned on and I have speedtest going in another window with the TCP limiter on for 500Kbit down and 250Kbit up. Steam download it not impacted at all.

      I am using floating rules with separate rules for TCP and UDP along with quick settings as well.  I have a LAN interface rule that is setting the TCP limit and I have a defined alias for the rule so that servers and other static IP's can bypass it.

      For the caching I have nginx going and used settings from http://churchnerd.net  who has an awesome write up on it at his blog so I give him major props for his work there.  Definately helped me improve my caching setup that I had the first time.

      I am running PFSense 2.1 on VMWare 5.5 ESXi on a Dell PowerEdge 2950 with dual 2.8GHZ quad core Xeon's with 28G RAM with 6 NIC's.  I have 2 NIC's to the LAN , 1 to WAN1 , 1 to WAN2 , 1 to iSCSI Network.

      Running Ubuntu 13.10 server for caching with nginx as a VM on a 1TB iSCSI volume on my SAN.

      I choose to use Alias for things like port groups / game server IP's as it lets me simplify the rules I have and make it cleaner.  Some things I have found out are:

      1. Any game that uses Punkbuster , i.e. BF3 BF4 etc , DOES NOT like load balancing so you will need to make specific rules for it and specify the gateway so PFSense does not round robin it.
      2. Queue length for the shaping - if left at default especially under LAN party conditions , it seems to cause issues.  I usually set the queue up to 2000 for most queues.

      Anyone interested in exchanging ideas , swapping configs , anything like that , I would be happy to hear from you.  It is always good to hear what everyone else is doing and trying.  (even if to just tell me I am totally wrong and my ideas are whack!!!  :P)


      1 Reply Last reply Reply Quote 0
      • S
        sideout last edited by

        Posting other Screenshots. Here is my Alias set.


        1 Reply Last reply Reply Quote 0
        • S
          sideout last edited by

          Alias2


          1 Reply Last reply Reply Quote 0
          • S
            sideout last edited by

            LAN Rule


            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy