pfSense box or Edgerouter lite?

[coxhaus]

OK. I am sold. How do I implement it? Is it under traffic shaping?

PS
I also added snort today. This is a nice feature not available in the RV320 router. It does not seem to slow my CPU. It only takes a little extra memory but with 4 GIG there is no problem.
There are a few false positives you need to get through for it to work right.

 

[Nullity]

OK. I am sold. How do I implement it? Is it under traffic shaping?

Yeah. If you have no needs for rate-limiting/throttling any particular traffic type you can simply select CODELQ on WAN. Otherwise you can select CBQ/FAIRQ (or HFSC if you prefer complexity) queues then toggle Codel for which queue you want.

Like any QoS, you must set the bandwidth of the interface below your real-world maximum connection bitrate.

 

[YeOldeStonecat]

Just found a good way to repurpose Datto Alto units (little x86 appliances Datto Backup uses for their entry level units).
We have a bunch being replaced at clients this year...so I took one and installed Sophos UTM on it..runs great. Gonna try PFSense next.
They are ODM'd by Zotac. Has a little quad core AMD in it, 8 gigs of RAM, a 1TB hard drive. Very small little box.

 

[System Error Message]

This is why i prefer using x86, you can do things you cant do with embedded routers but while mikrotik cant do a lot of things it does however have something like iptables for layer 2 as well with the capability of layer 2 also using the layer 3/IP firewall. The only problem is that despite mikrotik's CCR line they do not have things like snort, or any UTM features. When it comes to speed x86 beats even the highest end consumer router even in VPN.

 

[coxhaus]

I have found my 3ms faster speed. It was hiding in Windows 10. My DSLReports speedtest is 3ms faster with Windows 10 vs Windows 7. I can now match the speed of the RV320 router. All my tests for the RV320 router were using Windows 10. My wife had the machine tied up yesterday so I used a Windows 7 machine. They both have the same Intel motherboards which I built years ago.

The motherboard S5000VESATA in my pfSense firewall was an old high end Intel server motherboard with 2 built-in NICs. The BIOS has NIC offloading built-in to the BIOS. You can turn it off or on. I am it using on. So my assumption is there is processing going on for the NICs not using the CPU. Offloading gives you a speed increase by not using the CPU.

CODELQ is my next ad on. I hate to have to limit my top end but I think I will go with 323 for download and 23 for upload. I do not expect to really saturate my 300 gigabit connection but who knows. Getting priority on web browsing may turn out to be a good thing which I will not want to give up. We will see,

 

[Nullity]

I have found my 3ms faster speed. It was hiding in Windows 10. My DSLReports speedtest is 3ms faster with Windows 10 vs Windows 7. I can now match the speed of the RV320 router. All my tests for the RV320 router were using Windows 10. My wife had the machine tied up yesterday so I used a Windows 7 machine. They both have the same Intel motherboards which I built years ago.

The motherboard S5000VESATA in my pfSense firewall was an old high end Intel server motherboard with 2 built-in NICs. The BIOS has NIC offloading built-in to the BIOS. You can turn it off or on. I am it using on. So my assumption is there is processing going on for the NICs not using the CPU.

CODELQ is my next ad on. I hate to have to limit my top end but I think I will go with 323 for download and 23 for upload. I do not expect to really saturate my 300 gigabit connection but who knows. Getting priority on web browsing may turn out to be a good thing which I will not want to give up. We will see,

Defining "saturation" is interesting to me. Technically, a NIC is either idle or active. At any given instance, there is no such thing as "80% activity".

 

[System Error Message]

300 gigabit :O? With intel and non realtek NICs try to offload as much processing as you can. They may even have layer 3 or NAT acceleration.

 

[coxhaus]

Defining "saturation" is interesting to me. Technically, a NIC is either idle or active. At any given instance, there is no such thing as "80% activity".

I think of it as latency.

 

[coxhaus]

I have added CoDel to my pfSense router. It was so easy. Select traffic shaper. Then select WAN. There will be a pulldown with CoDel on it select it. Save the settings. Done.

I figured out you do not need bandwidth limits with basic CoDel. I don't plan to max out my 300 megabit connection so I think it is a perfect fit for me. If you are running at the top of your bandwidth then you would want a que style CoDel traffic shaper from what I have been reading.

The one thing I did notice is my upload speed is now 22.6 instead of 24.79. The 24.79 had been real stabile and not varied previously. My download speed varied by 5 or 10 from time to time.Running my DSLReports speedtest now puts me 3 ms faster than the original pfsense main config and my Cisco RV320 router. I am now down to 15ms for my ping time..

I really like how the web pages work with CoDel they are so much more fluid and responsive.

I have not noticed any change in processing requirements. I posted a screen shot.

I am now happy with my pfSense setup for my router.

 

[L&LD]

Do you see any other benefits by running CoDel other than a 3ms difference in ping to DSLReports?

15ms seems very high to me. (I have 6ms here).

 

[Nullity]

Do you see any other benefits by running CoDel other than a 3ms difference in ping to DSLReports?

15ms seems very high to me. (I have 6ms here).

What type of internet do you have?

 

[coxhaus]

I have Time Warner Cable 300/20 connection with a Ubee modem. I wish I could get single digit but 15ms is low for me.

CoDel seems to work well with web pages. I am not loading my line. I have only run it one day so I need time to look for issues.

PS
Here is a ping from the pfSense box.

 

[Nullity]

CoDel should really only help during times of heavy traffic.

 

[coxhaus]

CoDel has lowered my ping times just a little and when streaming HD web pages seem a little more fluid without loading down the system. There is a little help with just using it.

 

[L&LD]

What type of internet do you have?

VDSL 50/10 which I get 95% of the time (anytime) at up to 57/12 with 6ms latency.

 

[coxhaus]

I am jealous. I have to be on a pipe which is real loaded. I am just outside Austin TX.

 

[Nullity]

VDSL 50/10 which I get 95% of the time (anytime) at up to 57/12 with 6ms latency.

They just made VDSL2 available here, but it is bonded VDSL2, which I have read might have increased latency. Hopefully that is not true...

lol... worrying about 10ms of latency...

 

[L&LD]

They just made VDSL2 available here, but it is bonded VDSL2, which I have read might have increased latency. Hopefully that is not true...

lol... worrying about 10ms of latency...

I had bonded VDSL for less than a day. Slower, more latency and more finicky than what I had them replace it with.

The 'trick' is to buy the installer a beer or two and become buddies. He went all out in getting me the single best line available from the ISP's demarcation point half a mile away.

 

[Nullity]

I had bonded VDSL for less than a day. Slower, more latency and more finicky than what I had them replace it with.

The 'trick' is to buy the installer a beer or two and become buddies. He went all out in getting me the single best line available from the ISP's demarcation point half a mile away.

Social skills you say... I need to get me some of that.

 

[coxhaus]

I want to throw something out here about my setup. I don't always mention every detail. My CoDel WAN testing is done from 2 workstations in my computer room. My web impressions are on my fast laptop in the TV room across a power adapter which is slower than the rest of my network. So I don't know if this has an impact on my results. My HD video streams also cross this power adapter and one wireless WAP321 as I have a 8 port Cisco switch feeding all of this which talks across the power adapter.

So the slow link is my power adapter in my network. My ISP connection is faster than my power adapter. I only run CoDel on the WAN interface.