@DustSL - unfortunately I can't confirm if the Chelsio cards will work with ALTQ, but I can say that that they should work fine with limiters: I've setup FQ-CoDel based traffic shaping on a system that has had both T520 and T540 Chelsio cards and never experienced any issues. Hope this helps.

For others that are in a similar situation...

Turns out that with the Unifi Controller, you can change the default "User Group" to set a speed limit. Since over Wifi, I'm seeing 120/20, I set my limit to 100/20. When doing the speedtest, I'm now not seeing any bufferbloat and I'm getting an A+ from an F before, but I'm getting speeds around 80/20.

Just a tip too. For reasons unknown, in my controller, I had to specify Kbps and couldn't set it to anything over 100Mbps. I was getting some sort of weird payload error. Some say it was a bug but who knows.

For now, I'll keep it as it is and see how it works. Hopefully it will have a positive effect on zoom meetings.

@bobbenheim
What's up BOB !
/boot/loader.conf.local - final - best result ever !
if_em_load="YES"
cc_htcp_load="YES"
hw.em.eee_setting="0"
hw.em.rx_process_limit="-1"
hw.em.txd="2048"
hw.em.rxd="2048"
net.link.ifqmaxlen="4096"

4 computer downloading debian iso 4.4 gig
RTT never moved 0.6ms
RTTsd never moved 0.2ms
Lost 0.0 %

this is far the best config ever
limiter config Download
Codel
FQ_codel
queue lenght 100
ecn enable

limiter Queue Download
Mask / Destination Adresse /32
Codel

limiter config Upload
Codel
FQ_codel
queue lenght 100
ecn enable

limiter Queue Upload
Mask / Source Adresse /32
Codel

limiter on lan rules
in= upload-queue
out=download-queue

with all helps ! all people sharing knoledge ! everything's possible!
Thank you so muck

Upgraded to 2.4.5, still the same problem.

@Stewart been running it for almost a month and it works well. As long as the limiter is masked it will create individual bucket in the alias list. Else, it's shared.

@kiokoman said in Traffic Shaping (CODEL/FQ_CODEL) kills all traffic, no internet access:

yes it's not working on 2.5.0
https://redmine.pfsense.org/issues/9643

Thanks for info, I keep forgetting about the bug tracker. Watching that one now.

Which nic's are you using and what version of pfsense?
If you are using nic's which use the ix driver then altq are disabled due to driver instability in 2.4.5 and earlier but It has recently been enabled in the 2.5 development snapshots again.

@bobbenheim Cake implementation would be nice!

If you are not using limiters, then note this from the guide;

The ALTQ framework is handled through pf and is closely tied to network card drivers. ALTQ can handle several types of schedulers and queue layouts. The traffic shaper wizard configures ALTQ and gives firewall administrators the ability to quickly configure QoS for common scenarios, and it allows custom rules for more complex tasks. ALTQ is inefficient, however, so the maximum potential throughput of a firewall is lowered significantly when it is active.

pfSense software also supports a separate shaper concept called Limiters. Limiters enforce hard bandwidth limits for a group or on a per-IP address or network basis. Inside of those bandwidth limits, limiters can also manage traffic priorities.

@noplan said in Reverse proxy with HAProxy pointing to the firewall:

@Bob-Dig

Oh yes... I forgot that one

Move to something like 99443
Nothing like 80443 0r 8080

Smashed it out of the park =D thanks for that, needed to do some reading but moving the port seemed to do the trick.

What will be the next thing to do? I am also wondering how can pfsense allocate a dedicated bandwidth or a percent of bandwidth from my total bandwidth to a group and limit each member to for example 3mbps.