Just a quick tip, if you say your Inernet connection size is 15 megs, then asssign 60 megs to a queue, it will die a horrible death.  The math has to add up in the shaper.  Hope that helps  ;D

I think we found the problem.
P2P was the default queue and when the upload reached the upload limit it was some packet loss.
Now we change the rules: OthersL the default queue and the last rule catch everything to the P2Pqueue. It seems working for a day. I used this type of Traffic Shaping that's why my system was working.
We had the same problem on WRAP with 1.01, 1.2b1 and VMware with 1.01.

I think this problem occurs again on 1.2 beta1.

#########################################################
Diagnostics: Filter Reload Status
There were error(s) loading the rules: /tmp/qwanRoot.rules:11: syntax errorpfctl: Syntax error in config file: pf rules not loaded pfctl: load anchors - The line in question reads [11]: …
#########################################################

/tmp/qwanRoot.rules
###################################################

loopback = "{ lo0 }"
lan = "{ rl1  }"
wan = "{ rl0  }"
enc0 = "{ enc0 }"

pass in quick on $wan proto tcp from any to 192.168.10.180 port = 443 keep state  queue (qwanRoot, qwanacks) label "USER_RULE"
pass in quick on $wan proto tcp from any to 192.168.10.180 port = 2223 keep state  queue (qwanRoot, qwanacks) label "USER_RULE"
pass in quick on $wan proto udp from any to 192.168.10.180 port = 1194 keep state  queue (qwanRoot, qwanacks) label "USER_RULE"
pass in quick on $wan inet proto icmp from any to 192.168.10.180 icmp-type echoreq keep state  queue (qwanRoot, qwanacks) label "USER_RULE"
queue qwanRoot label "USER_RULE"
pass in quick on $lan from 192.168.1.0/24 to any keep state  queue (qwanRoot, qlanacks) label "USER_RULE: Default LAN -> any"
pass in quick on $enc0 from any to any keep state  queue qwanRoot label "USER_RULE"
##########################################################################################

thanks,

@aphekz:

hi

is there any possibility to tagging by packet length in openbsd pf?

for example
dst port 80 packet length <80  tag www1
dst port 80 packet length >=80 tag www2

or maybe there is another way to put http request in one queue and
http upload (ex. photos, files) to another queue?

thanks

squid can manage traffic per host or per extensions

It's a kernel ordering thing - PPTP happens before it hits the firewall portion that does the traffic shaping, so it's PPTP traffic already at that point.

Try your tests again with the traffic shaper enabled and visit status -> queues.

Do you see drops on any of the queues besides the default queues?

3 stickies in subforum "Traffic Shaping"
http://forum.pfsense.org/index.php/topic,2484.0.html
http://forum.pfsense.org/index.php/topic,3050.0.html
http://forum.pfsense.org/index.php/topic,1384.0.html

Search the forum for fair bandwidth.

Short answer, it is not possible right now.

So basically what you are saying is that it does not like the names of the queues?

Might have something to do with the queue name ending on a number.

I took a look at the Load Balancer tutorial. I think and according the scheme shown there I need to implement one more router in my network and finally (I hope so!) I will manage to get the desired results - will be able to redirect the traffic successfully.
Thanks a lot!
…and see you next time...  :)

"It is not ready.  Kernel patches are still being sorted out."

#define HFSC_MAX_CLASSES        64

/usr/src/sys/contrib/altq/altq/altq_hfsc.h

Not sure what would happen when you raise the limit but I have heard others have had success in doing so.

I would guess though but you can't edit them through the gui then later. You also can try to find and remove the check in the webgui code but that of course is not officially supported (as well as trafficshaping config.xml hacking).  ;)

Thanks !

Works fine, but there's no multi-wan shaping possible, eh ?

To define one "Bubble" out of all WAN Interfaces and shape traffic there for example…

Well it works this way too, I just had to force this Alias to use only the WAN IF, thanks !

All traffic will run inside this one queue. It won't create a queue per source or destination IP. m0n0wall has an option to do this but m0n0 uses a completely different shaper mechanism.

If anything in the rules/queue construct is not correct you will get some weird errors. You probably have some rules that are still assigning traffic to these queues. We currently only support wizard created rules and queues. Everything beyond that is a bit tricky and you really have to know what you are doing.

In the official release of 1.0.1, there is no borrow option in queue setup (let's say, there might be but I cannot find it). Queues use HFSC scheduler instead of PRIOR as in the previoud version. I tried to config all queues as the in Rep1. Actually, I have 20 PCs. Threrefore, I assign m2 of Realtime to 4% and Linkshare to 10% and leave all fields of Upperlimit blank. I also set the default queue to have 1% realtime with 1% upper limit and ACKs queue to have 10% realtime with 25% upper limit. However, the system reports that the aggregate bandwidth of child queues is greater than the root (which has BW of 1020kbps).

@rwalker:

Ok, I opened another thread about this very issue and no one responded with anything remotely useful.  So here is the evidence I have collected to confirm that the traffic shaper in it's current form is worthless!

Here is the test setup I have isolated.  I have removed everything I can possibly think of to make this as simple as possible:

Cisco 2924 switch #1 with my test "workstation" and the internal pfsense interface.  Cisco 2924 #2 with pfsense outside and uplink to network.  This is all 100meg links and thoroughly tested that it all works.  I got a clean pfsense box with nothing else on it.  It has 2 broadcom bg0 interfaces in it (I have tried 2 intel, 2 realtek, 2 dc0, it doesn't matter), there is no other packages running, I turned off all unnecessary services.  I can run 75 meg/s through this box and it barely breaks a sweat!  The ping times stay at under 1ms at ALL TIMES!

As SOON as I turn on the shaper it all goes to SHIT!  I can set the shaper to 5 meg/s and make sure I don't go anywhere near that, and i will start to see fluctuations in the ping times.  If I get about 90% of the shaper bandwidth, the pings really start to go off.  Before I reach 95%+ of the bandwidth, the box is pretty much worthless.  The pings will time out, traffic and streams start to break up.

Before everyone starts with the normal misconfig crap: I have ICMP set to highest priority.  I can setup m0n0wall or IPCop on the same box and it is silky smooth with the shaper on and does exactly as I would expect.  The only reason I am even spending my time here, is because I want to see it get resolved.  Unfortunately, I do not have the time to solve this myself.  If you need help testing, I am happy to help.

One piece of advice, move the LAN (downstream) shaping to the WAN interface on an ingress queue where it belongs.  If you need an example of this, just drop me a line.

Roy

Seeing as inbound queuing is a lie in the first place, I'd like to see how you plan on doing inbound shaping.  I have half a mind to remove that part of the code altogether, it can't work, it's impossible, it's too late.  Also, altq doesn't actually allow for inbound queueing…for that exact reason, the packet has already crossed the wire.  We don't need testers for the shaper, we need someone who can spend the time to fix issues they find with it.  When that person has something to test, I'm sure they'll call for testers.

--Bill