Looking for suggestions on revamping my home office network

  • I am looking to redo my network now that I have more experience with pfsense. This time I want to do it right. Here is what I have for network equipment right now:

    pfsense box with 4xGigabit port NIC.
    LAN port has the majority of my equipment (printer, NAS which serves as torrent box, main workstation w/VOIP traffic, Wireless AP for tablets and laptops)
    OPT2 port has my untrusted devices (computers I work on that I don't trust…)

    LAN interface has a netgear "smart switch" but it is a pain in the neck to do VLANs on, so that's why I used another interface to separate the traffic between trusted and untrusted devices. I have traffic shaping set up as outlined here: https://forum.pfsense.org/index.php?topic=63531.msg612934#msg612934

    I have a WAN connection with 30 down and 5 up. You can see below that I have bufferbloat problems. I had heard something about using HFSC+CoDel to manage my traffic better.

    The only other aspect of my network is a IPsec site to site vpn to my office for backups.

    Any suggestions/criticisms would be welcomed.

  • Any suggestions here?

    Thanks guys!

  • Cool ol straight setup.
    Why would you want to do extra-fancy if it doesn't have to be?

  • @jahonix:

    Cool ol straight setup.
    Why would you want to do extra-fancy if it doesn't have to be?

    I guess I am not trying to be extra fancy, but want to make sure I am doing it right. The only thing that would be nice to improve on would be to find a way to share the bandwidth better. Having 30 megabit down, I would like to share it better between my two interfaces. As far as I know, there is no way to allow the LAN interface to use all available bandwidth if OPT1 is not using the 5-10 that I have allocated to it. Obviously, for guest computers, I would not want to ever allow it to go the other way.

    Does anyone know of a way to do that?

    My other concern was with bufferbloat. Should I be worried about this? I don't really notice any slowness on the network.

  • Bufferbloat is temporary latency due to buffers being filled during moments that data isn't able to be sent over the line. This is often an issue for cable internet customers because of the shared nature of the cable system. It's most noticeable in online gaming, and sometimes in VoIP applications, where low latency is extremely important and a sudden 300+ms delay becomes noticeable, even if it's just for a moment. It's not so much a slowness issue as it is a latency issue.

    There are a couple of different ways that you can add Codel to the traffic shaper. The best way for you might be different than someone else depending on what other traffic shaping is being done. If you're not doing anything else, then you can add Codel directly to an interface in the traffic shaper. That has worked great for me, raising my Bufferbloat score from a D to a B.

Log in to reply