OK I will try that although I think it's got something to do with Aspera Connect software bottlenecking my WAN.

@chudak I also would like updated steps on this. Trying to setup reverse proxy on LAN for 3 services on different ports without much success :(

I assign ip addresses via FreeRadius and have split the 172.16.8.0/24 into 2, the top half are the others that I want to limit. [image: 1547144737705-screenshot-2019-01-10-at-18.24.01-resized.png]

@kirillkh Flent is a python frontend for netperf, iperf, and irtt and has many test options. E.g. the objective of the Flent RRUL test is to use ICMP and UDP to measure RTT while loading the pipe with eight TCP streams (four downloads, four uploads) - there are options to change down/up streams and there are many other tests. Flent RRUL test uses ping timestamps with ICMP to determine latency/loss - not the incrementing TTL function that you are executing with traceroute. https://flent.org https://github.com/heistp/irtt

@scottsh the value you enter for queue length is not used when using FQ-CoDel - CoDel is dynamically managing the queue length within each subqueue created for flows. @Harvy66 is absolutely right, you really don't want to have hyper-threading enabled. You are inducing way more latency, especially with the limiter loaded with flows, than you probably realize. Even if pfSense was on your bare metal, hyper-threading would not be enabled if it were me.

@softener Also, CoDel is not working on your queues where QFQ is the scheduler. See this: https://forum.netgate.com/topic/137963/codel-does-not-work-on-limiter-queues-in-2-4-4

anyone?

Can you elaborate on the exact settings you used to reach that point?

Yes, thanks for the info @uptownVagrant ! Using the settings I also get A+ across the board too. I wonder though, even after downloading 10GB of stuff, the floating match firewall rules only report 122KB in and 4.01MB out traffic/states. What does that mean? Why doesn't it show 10GB? The pfsense LAN 'Default allow LAN to any rule' does report the expected 10GB in...!?

Hello, All. It seems like 2.4.4-RELEASE-p1 now is ok with limiters. The only thing i changed: Scheduler from FIFO to QFQ. Happy New Year!

@cwagz said in Question RE Buffer Bloat / FQ-Codel Setup: @guardian Use uptownvagrants setup from the “Playing with FQ_codel” thread. The message will go away. https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/815

@harvy66 said in Crash report following fq_codel setup: Uncaught Error: Call to a member function addGlobal() on null in /usr/local/www/firewall_shaper_vinterface.php:400 This is not a shaper error, but a GUI error. The function addGlobal() is used everywhere in the GUI. When you access the "/usr/local/www/firewall_shaper_vinterface.php" page, everything from /usr/local/www/classes/ would get included, and one of the files exposes the addGlobal() funcion. On your system, this didn't happen : some file or install error ?

@harvy66 Great! I hope it comes with low profile brackets.... the description says it should. if that checks out, i'm ready to go!

Excellent!! Thanks a lot!!

The easier 80/20 rule to get decent results is setup FairQ on your upload and download, and set the default queue to use Codel.

@uptownVagrant many thanks for your help!! I imported your config on my firewall and played around with it a bit. Sadly I didn`t get any more performance in relation to the stuck traffic at about 500 mbit/s I had before. The PC I´m testing with has 1 Gbit onboard lan and two 1 Gbit Intel nics. The two Intel ones are the nics I´ve been using the whole time. After testing with your config I desided to switch the "LAN" port from the Intel nic to the onboard nic. [image: 1544698958536-traffic.jpg] After changing this I could get full 1 Gbit/s (110 Mb/s) copy speed through the firewall-bridge, at least in one direction. The other direction still makes only about 60Mb/s, probably because of the Intel nic on the WAN port. So in my opinion, I struggled the whole time with some incompatible ore crappy network cards in my specific hardware constellation, which caused my traffic bottleneck through the bridge... In principle, my configuration was correct the whole time, unfortunately it was not the hardware...