@shellbr I know the docs say "It does not care about bandwidth on interfaces, only the priority" but in my experience the limits on WAN and LAN are enforced.

@zennb1 Okay, what stands out to me are target and interval values of 0 for your WAN down limiter. I don't think that is valid. I feel like I've seen other posts from people claiming that somehow those can end up being defaults, but I'm betting that's what's breaking things for you. I would start by setting target to 5 and interval to 100 like your upload limiter. As to all the other parameters, I don't feel like I can give great advice, especially for such a fast symmetric connection. To be honest, in my experience it seems like almost everywhere you look for information about how to set the few "knobs" available with FQ_CODEL, the advice is different :) But I bet that just changing those target and interval values will get traffic flowing for you. Clearly, you can try changing various settings and test to see what works best for you. I have found some advice that the "queue length" should be set equal to "limit", and also that for an 8Gbps symmetric connection you may want "limit" and "flows" both set to something like 4096. But, I am not an expert on these FQ_CODEL settings so if anyone chimes in who is, I would defer to them.

@SteveITS Hmm, yeah, I don't think that bug is applicable to my situation, beacuse they're using source masking to apply limiters to individual /32s, wheras I'm looking to throttle traffic collectively on a gateway, no source mask in play.

No support are in the same situation we are. It would require building a 25.07.2 release. It's fixed in 25.11 snapshots if you're able to test there. The first public beta is close.

Thanks @SteveITS I want to clarify that I am already applying fq_codel globally to my entire WAN interface by following the official Netgate tutorial and using floating rules. After setting this up I also reset the firewall state table so that all connections had to be rebuilt. Other clients in my network are shaped correctly this way. I tested this, by setting the limits to 50% of my maximum bandwidth (upload and download). My PC's bandwidth got cut in half, whereas the storage server still uploaded with 100% of my maximum upload bandwidth (with bursts above 100%, as measured with btop) What confuses me is that the Storage Server still does not appear to be shaped. All other devices respect the fq_codel limits, yet the Storage Server continues to burst above the configured bandwidth and the lag spikes remain whenever it is active. This is very puzzling to me, since my expectation was that fq_codel at the WAN level should catch all traffic. My goal is to get bufferbloat under control, because the added latency is very noticeable while gaming and also during normal web browsing. Do you have an idea why the Storage Server in particular might be bypassing the limiter, even though everything else seems to be shaped correctly?

@chpalmer Thanks for your experience and thoughts. Good points all.

I too noticed the problem, but I'm noticing when I disable the floating rule, not only do my original limiters work but bufferbloat doesn't seem to be an issue any more. I'm not sure if 2.8 fixed an old issue, or now has some kind of SQM.

I cannot say more about questions Q1 and Q2. About Q3. I have a PPPoE line, 1Gbps/300Mbps, MTU is 1492. My line is fine also without limiters, I had a solid A for bufferbloat, RTT is 6ms (first hop) I tried limiters, using 1506 as quantum (1492 + 14 interface overhead), set limit at 7ms for download and 5ms for upload, bandwidth (950/285) I tested with thoese limiters, set the floating rules as per netgate instructions, and now I have a solid A+ on bufferbloat test, with average speeds of 930/280. I suggest to test against bufferbloat issues before using limiters, then repeat the test using limiters so you can see if they are working and improving latency management.

@maliaga If you can find a way to report bugs in a way that Netgate respond to, let us know!

@pfsvrb this was an issue on my system also.. Target & Interval were default set to 0.. change to 5 & 100 fixed it

Update: It turned out to be some issue with the ISP. Took multiple calls, people and hours of troubleshooting, works much better now. Still curious if prioritizing traffic to a specific URL is possible

@Bob-Dig I don't know how and why, but it does. :( I confirmed the unintended traffic shaping with simple iperf3 between local devices. With floating rules off there is shaping, with the floating rules off, I get gigabit speed again. The shaping is bidirectional. Are you saying regardless of the traffics IPv6 adress being globally routable, they should be treated as local traffic since the interface is still LAN?

@rkbest said in pfsense error (s) loading the rules: /tmp/rules.debug:95: errors in queue definition - internet very choppy and unusable: choppy internet beyond i can use with all my IOT offline and wifi not working That's 3 different things. Afaik : the common factor might be : power ? If wifi (radio waves) don't work, check the AP, using 'scanning' to see if other APs are using the same channel (frequency), etc. IOT offline : if these are connected over radio (wifi) and not cable, the see suggestion above. If the IOT are wired : to access them, you don't need pfSense **. Choppy Internet : the WAN interface is identical as the LAN, so you could swap tyheir position to isolate a potential bad interface. if the interface is ok, go check the device where the pfSense WAN is connected to. Example : my WAN can't go down as I power both (ISP router and pfSense) with a double UPS, so even if my ISP goes down (like what they tested in Spain two days ago) my WAN will stay up. No Internet of course - that's logic.. ** but pfSense will needed to hand over an initial DHCP lease = correct IP /network info, as without this info nothing will work. @rkbest said in pfsense error (s) loading the rules: /tmp/rules.debug:95: errors in queue definition - internet very choppy and unusable: There were error(s) loading the rules: /tmp/rules.debug:95: errors in queue definition - The line in question reads [95]: queue qLink on igc1 priority 2 qlimit 500 priq ( ecn , default ) How do i fix this? Start telling us how you've set up queues, limiters ? This file /tmp/rules.debug (the firewall rules) : line 93,95 95 and 96, what does it contain ? edit : no I think a bit more about this message, knowing that network queues is internal kernel stuff : if something goes bad, this will / might impact all interfaces ... What pfSense version ?

Hey everyone, I similarly have a 1000/50 HFC connection. Were any changes made to the upload limiter scheduler parameters? Thanks!