How to fix Bufferbloat with OPNsense firewall

Unfortunately everybody has to deal with Bufferbloat, especially in home internet connections.

Bufferbloat is caused when your gigabit internal network pushes packets to your home router/firewall, which has to deal with a lower speed connection on the other side. A common example is to think about an 8 lane freeway that is going to be reduced immediately to a 3 lane highway. In order to not lose any packet transmitted (packet loss), network devices use a buffer in order to “park” and line them up in a queue until the way is free to go. This means that during congestions, you would most likely see your packets being delivered later that expected (high latency).

In order to avoid this, a fairly new algorithm called CodelQ has been developed. CodelQ manages the packet queue in a different way than FIFO (First In First Out) and together with traffic shaping (in order to not max out your internet bandwidth), can totally resolve Bufferbloat.

A good network and speed test for checking this can be found at https://www.dslreports.com/speedtest.

Here my status before fixing Bufferbloat:

As shown, Bufferbloat score is a D.

Here a step-by-step basic guide to configure your OPNsense box in order to fix Bufferbloat:

– First of all it is necessary to test your internet connection in order to gather the real maximum speed. For reliable results, I would test it by using a wired connection to the internet provider’s router or your router/firewall. My Spectrum connection is a 400/20 Mbit/s but I normally get no more than 240/23 Mbit/s (as my connection is DOCSIS, normally they over-provision in order to make sure that they can meet the speeds that we pay for, even with cable loss).

– Access the OPNsense GUI and go in Firewall->Shaper->Settings. Click to create a new Pipe that will shape our download speed. Click on the “advanced mode” toggle in order to have the advanced settings, then configure as follow:

  • Enable: checked
  • Bandwidt: 250 Bandwith Metric: Mbit/s (you should set a speed of 85/90% of your max, and then fine tune it basing on results)
  • Scheduler type: Select FlowQueue-CoDel
  • (FQ-)CoDel ECN: checked
  • Description: Window
  • Anything else leave it as default
  • Click Save

Then create a new pipe for shaping the upload speed:

  • Enable: checked
  • Bandwidt: 20 Bandwith Metric: Mbit/s (you should set a speed of 85/90% of your max, and then fine tune it basing on results)
  • Scheduler type: Select FlowQueue-CoDel
  • (FQ-)CoDel ECN: checked
  • Description: WANup
  • Anything else leave it as default
  • Click Save
  • Click Apply at the bottom of the section

– Go into the Rules Tab and add a new rule that is going to apply our traffic shaping on for the upload speed, and configure it as follow:

  • Enable: checked
  • Interface: WAN
  • Proto: IP
  • Source: 10.0.0./24 (it should be your LAN subnet)
  • Destination: Any
  • Target: WANup
  • Description: WANup
  • Anything else leave it as default
  • Click Save

Then create a new rule for shaping the download speed:

  • Enable: checked
  • Interface: WAN
  • Proto: IP
  • Source: 10.0.0./24 (it should be your LAN subnet)
  • Destination: Any
  • Target: WANdown
  • Description: WANdown
  • Anything else leave it as default
  • Click Save
  • Click Apply at the bottom of the section

At this point we are ready to run another connection test and hopefully see some improvements. Here the results of my test after applying the new configuration:

In order to get even better results (A+) it is possible to adjust the configuration and fine tune the maximum speed for both upload and download pipe settings.

I will update this guide to be more advanced once I have gathered more info related to all the advanced settings.

1 thought on “How to fix Bufferbloat with OPNsense firewall

Leave a Reply

Your email address will not be published. Required fields are marked *