sb's home | kaizo.org

Squeezing the last drops out of FTTP connections using OpenBSD

Posted on Jan 5, 2023
tl;dr: Tinker with your queueing rules!

Packet Queuing with OpenBSD’s pf.

Two immediate links for you, one to Solene’s fantastic explanation of queueing, and another to the pf.conf manpage.

I’m on fibre now at home, which is rather fantastic. In the UK you pay for packages which are sometimes described as 100, 200, 250, 500 etc which indicates the download speed, but annoyingly, they still insist on asymmetric traffic flows, meaning your uplink is limited. As a result, in order to get the maximum download speeds you’ll find yet again, you need to do some traffic shaping.

The following is an optimised example for my current package, i’m on a ‘145’ package which is really 145/30.

The following is a sample extraction for your pf.conf, if you’re on similar working on the basis we have that 30mb uplink, adapted and tweaked using Solene’s guidance on the link above.

Of interest, the ackp took some tinkering to squeeze every last bit out of, but at these ratios the difference can be another 1MB/s….

For example, on the ackp queue:

  • Using the values bandwidth 2M max 2M gave a download speed around 17.4MB/s
  • Using the values bandwidth 1M max 1M gave a download speed around 8.5MB/s
  • Using the values bandwidth 2M max 4M min 1M increases the download speed to 18.4MB/s

So, tinker with your rules if you want to maximise your speeds. I don’t think I can squeeze any more out, but as always with queueing you have no idea how one thing will affect another in the real world. YMMV!

zsh/2 602  (git)-[main]-% more pf/queue.pf 
# queue
# https://dataswamp.org/~solene/2021-08-30-openbsd-qos-lan.html
queue std on pppoe0 bandwidth 1G
    queue upstream parent std bandwidth 30M max 30M
        queue iffy      parent upstream bandwidth 6M
        queue web       parent upstream bandwidth 8M qlimit 128 # queue length, default is 50
        queue dns       parent upstream bandwidth 128K min 64K
        queue unknown   parent upstream bandwidth 4M qlimit 512 default
        queue wireguard parent upstream bandwidth 8M min 2M burst 30M for 300ms
        queue ping      parent upstream bandwidth 64K min 32K max 64K
        queue dmz       parent upstream bandwidth 1M max 2M
            queue   telnet  parent dmz bandwidth 1M
        queue ackp      parent upstream bandwidth 2M max 4M min 1M
            queue ack_iffy  parent ackp bandwidth 2M flows 256
            queue ack_web   parent ackp bandwidth 2M flows 256
            queue ack       parent ackp bandwidth 2M flows 256

match proto {tcp, udp}                        to any    queue (unknown, ack)
match inet proto icmp                         to any    queue ping
match proto {tcp, udp}                        to any    port {domain, domain-s, ntp} queue (dns,ack)
match proto {tcp, udp}                        to any    port {http, https}           queue (web,ack_web) # QUIC uses https/udp
# keep this last to ensure matches on iffy
match proto {tcp, udp} from (vlan220:network) to any queue (iffy, ack_iffy)