Make the most of your Internet with OPNsense traffic shaping

Written by

admin

in

OPNsense is powerful firewall firmware, rocking some incredible features not found in ISP-provided routers. One such feature is traffic shaping. It sounds strange, but this can prove invaluable when wanting to improve your home network and ensure it performs as expected, especially when you have speedy broadband. I have a connection that can sometimes surpass 1Gb depending on the day, but traffic shaping can improve overall performance on this side of the firewall. The best part? It’s easy to configure in OPNsense.

What is traffic shaping?

And how does it improve your network?

Let’s say you have two computers on the same LAN, and both are connected to the network. One could be streaming a YouTube video while the other engages in a video call. These two devices will then share available bandwidth, both inside the LAN and past the firewall. What you may not know is that all this traffic could cause issues on your side of the fence, which is where traffic shaping can have a major impact through some rules and dedicated space on the LAN.

Traffic shaping (or Smart Queue Management, as it’s known on some routers) consists of three parts:

The first (and arguably most important) part of traffic shaping is the pipes. These can be configured with maximum limits for bandwidth, such as 50 Mbps. These are used to funnel traffic to and from devices, which is where queues come into play. These allow you to prioritize traffic within a pipe, for instance, gaming over video calls. Lastly, we have rules, which govern which apps, services, and devices are prioritized and/or restricted. Using all three, we can create a powerful traffic shaping solution.

How it works is by effectively delaying specific packets in favor of those that are specified as a priority through rules, effectively placing them in a queue for processing within the pipe. Consider it like queuing for an amusement ride. We want to separate packets queueing normally to access the ride from those that we can provide fast passes. Every packet is processed in a timely manner, but prioritised devices and ports are handled before everything else. If you game a lot, you may wish to configure OPNsense to process game-related packets first,

This can have a positive effect on latency since we want to avoid bufferbloat as much as possible.

Related

5 reasons to replace your basic router with a pfSense or OPNSense box

A custom router and firewall gives you so many more options.

What is a Bufferbloat rating?

It’s as bad as a high ping

Bufferbloat Rating without traffic shaping

Bufferbloat is when networking equipment, typically your firewall or router, buffers too much data and causes undesirable latency. It may be inconspicuous to someone scrolling through a web page, but it can wreak havoc on playing games and other network-sensitive tasks. Without any settings applied to my OPNsense installation, my LAN setup and ISP connection result in a Waveform Bufferbloat rating of A, which is pretty good.

There are various tests one can use to measure latency, including Speedtest by Ookla and Waveform’s speed test. We’re using Waveform for this feature and testing since it offers an actual score to easily determine how much of a difference has been made by adjusting OPNsense settings. That’s what I refer to as a Bufferbloat rating. You’ll want an A+ if possible, but in general, the lower in the alphabet the letter corresponding to your score, the better your bufferbloat is.

Not addressing lower scores could make video calls stutter, cause VoIP calls (including those through Discord) to drop or hang, and real-time multiplayer gaming will be a challenge at the best of times. Have you ever tried to play League of Legends with high latency? It’s no fun at all. Thankfully, with OPNsense, it’s easy to make a few changes to our web admin panel to make a world of difference.

The OPNsense Dashboard

Related

How I made the ultimate firewall for my home with OPNsense

Armed with tons of security provisions, OPNsense is an amazing firewall OS for your home network

How to use traffic shaping in OPNsense

Become a traffic shaping pro

OPNsense dashboard

Simply follow these steps to configure traffic shaping on your OPNsense-powered firewall:

  1. Go to Firewall > Shaper > Pipes.

    OPNsense traffic shaping pipes

  2. Click the + button.
  3. Toggle advanced mode.
  4. Set Bandwidth to your network download speed.
  5. Set Queue to “2”.
  6. Change Scheduler type to “FlowQueue-CoDel”.
  7. Enter a value in the FQ-CoDel quantum field. (Calculate this by multiplying 300 for each 100 MB/s of bandwidth. This would be 3,000 for 1Gb/s.)
  8. Enter “Download” in the description field.

    Adding traffic shaping pipe in OPNsense

  9. Click Save.
  10. Now, it’s time for the upload pipe. Click the + button.
  11. Toggle advanced mode.
  12. Set Bandwidth to your network upload speed.
  13. Change Scheduler type to “FlowQueue-CoDel”.
  14. Enter “Upload” in the description field.
  15. Leave the rest and click Save.

    OPnsense traffic shaping pipes added

  16. Click Apply.
  17. Click the Queues tab.
  18. Click the + button.
  19. Set Pipe to “Download”.
  20. Change mask to “destination”.
  21. Enable CoDel.
  22. Enter “Download Queue” in the description field.

    Adding traffic shaping download queue in OPNsense

  23. Click Save.
  24. Click the + button.
  25. Set Pipe to “Upload”.
  26. Change mask to “source”.
  27. Enable CoDel.
  28. Enter “Upload Queue” in the description field.

    Adding traffic shaping upload queue in OPNsense

  29. Click Save.
  30. Click Apply.

    Traffic shaping queues added in OPNsense

  31. Finally, click the Rules tab.
  32. Click the + button.
  33. Change Direction to “in”.
  34. Set Target to “Download Queue”.
  35. Enter “Download Rule” in the description field.

    Adding traffic shaping rule in OPNsense

  36. Click Save.
  37. Click the + button.
  38. Change Direction to “out”.
  39. Set Target to “Upload Queue”.
  40. Enter “Upload Rule” in the description field.
  41. Click Save.

OPNsense will now be running its traffic shaping feature. You can re-run your bufferbloat testing to see what difference has been made. In my case, it was possible to notice an immediate improvement in latencies with active transfers, reducing values across the board. I didn’t quite manage an A+ rating, but it’s rock-solid for gaming, media, and everything else we wish to use our Internet for at home. This method is a catch-all.

Bufferbloat Rating with traffic shaping

Even though we haven’t configured any prioritization, I saw notable improvements thanks to the FQ_CoDel queueing discipline. With the pipes and queues set, you can use rules to set prioritization for specific IP addresses, which can be assigned to devices or even hosted services. Remember to factor in VLANs and guest networks, as these will need to be handled separately within the same interface.

Ugreen NAS 4

Related

I replaced my ISP router with OPNsense months ago, and I don’t regret it at all

I took the plunge a while ago, and OPNsense is fantastic.

Continue Reading

More posts