I would not use Codel for below 1Mb/s. You're on the fence, try it, but it may not be a good fit. I would just use FairQ. The default queue size is 50 packets, which is too much for your upload bandwidth. 50 1500 byte packets is nearly 1 second of bloat. A queue size of 8 would be about 120ms max latency before packets get dropped.

I would recommend a separate ACK queue.

The most difficulty is to set up floating rules for inbound.  For example, I wanted to put http downloads for XBOX in a low priority queue.  I did a floating rule for 80 source,  destination (xbox IP), to go to my lowprioqueue.  But even though the floating rule is at the bottom, it never gets used.  It's hard to do inbound matching, any help on this?

@TauCeti:

The short version is: The floating firewall rules that assign traffic to your queues have to have their Action changed from "match" to "pass".

Anyone reading this thread, be careful using PASS in floating rules, this can open your internal network up to the Internet.

If you need to use PASS rules, don't use floating rules but put them in the LAN or other appropriate interface.

I've never used limiters, only shapers. I can only tell you how to limit your fail-over egress via shaping, but not how to limit your fail-over ingress via limiting.

https://redmine.pfsense.org/issues/7898

I stand corrected!

thanks this worked for me on 2.3.4. I saw on a few other threads that ue (USB interface) devices don't support altq, but I seems to be working fine for me. I've just set this up on one box, and another box has been running queueing on two ue devices for ~1yr.

Is it just not that reliable? hence the default non-inclusion, or am I missing something?

Mine has also been stable with the tuned parameters so definitely agree this is a better solution than limiting queue length.

@Double:

I'm having some issues with the Priority field in the GUI.  Could be my limited understanding of the tool.

tl;dr - The GUI doesn't seem to be saving Priority=0 to the config file

I thought I was alone in this, I also noticed that a priority of 0 cannot be saved, even though the GUI attempts to. would be great if a priority of 0 could be saved because it would allow us one more bucket/level of shaping

I would set the queue size to 1,000. The average packet size is about 600 bytes, or 4800bits, which is a bit over 1,000 packets for 10ms of buffer @ 500Mbit/s.

Your upload is much slower, you'll want a linearly smaller queue.

Have had pfsense using PRIQ for over a year, luckily we have not ran into any of the corner cases, but our network is only a small home network.(I can definitely see where PRIQ could cause issues on larger networks.) It has also kept all the buffer bloat in check with this setup. What I have loved about PRIQ is that the important things ALWAYS get the bandwidth they need, no matter what, it has been wonderful.

I am really curious as to whether or not PRIQ can support 8 buckets, I may try to dig into the code and see if I can change the default value from 1 to 0 and see if that allows me another bucket. Just have to find the right file to edit.

I tried plex pass 3 weeks ago.  That is interesting, I will have to try again.

It looks like this is a more recent thread on the same issue: https://forum.pfsense.org/index.php?topic=129267.15

I don't use HFSC but I believe this is how you would do it.

Probably the best way to do it would be to set a dummynet (limiter) on the network you want to throttle, and then set it to fq_codel (via shellcmd).

Then create an HFSC queue with a minimum value only, and set that to 64Kbps.


@belt9:

Exactly what UDP traffic problems are you having?

Since PF and consequently pfSense lack limit pps for UDP feature, I had to do it on an upstream router.
Well I think, unless proper MAC filtering, NetFlow MAC exporting and UDP PPS limiting is implemented, I cannot use pfSense for my customers (SMB and small enterprises).
It has many great features and I really appreciate all work that developers have done.

Okay, I've looked at this again. Interestingly, while my circuit speed is "rated" at 50 Mbps, I found that I was getting more than that. I raised the limits in the wizard to 60 Mbps, and that seemed to help. But my upload speed used to be 58-59 Mbps, but with traffic shaping, it's down to 52 Mbps. That's a 10% hit.

What sort of hit should I expect here? I was under the impression that PRIQ shaping would not affect circuit speed at all, but may not guarantee minimum bandwidth for services if there's a lot of demand. I could live with that, but that's not what I'm seeing. Are my expectations unrealistic?

Below is the shaper config (the altq sections of /tmp/rules.debug):

set loginterface igb1 set skip on pfsync0 scrub on $WAN all    fragment reassemble scrub on $LAN all    fragment reassemble altq on igb0 priq bandwidth 60Mb queue {  qACK,  qDefault,  qP2P,  qOthersHigh,  qOthersLow  } queue qACK on igb0 priority 6 priq (  ecn  ) queue qDefault on igb0 priority 3 priq (  ecn  , default  ) queue qP2P on igb0 priority 1 priq (  ecn  ) queue qOthersHigh on igb0 priority 4 priq (  ecn  ) queue qOthersLow on igb0 priority 2 priq (  ecn  ) altq on igb1 priq bandwidth 62914.56Kb queue {  qLink,  qACK,  qP2P,  qOthersHigh,  qOthersLow  } queue qLink on igb1 priority 2 qlimit 500 priq (  ecn  , default  ) queue qACK on igb1 priority 6 priq (  ecn  ) queue qP2P on igb1 priority 1 priq (  ecn  ) queue qOthersHigh on igb1 priority 4 priq (  ecn  ) queue qOthersLow on igb1 priority 3 priq (  ecn  ) no nat proto carp no rdr proto carp nat-anchor "natearly/*" nat-anchor "natrules/*"

I fixed the issue. The number of slots in the bucket needed to be updated. I set it to 250 and it can handle the full stream at 180M/bit without issue.

Thank you :)

Thanks for the help, it seems to be working alot more smoothly.

Here's some more RRUL & DSLReports output using fq_codel without the VPN variable.

The DSLReports output and the last two pictures are over wifi, an old crappy Intel 6205 Advanced-N card. I had to limit the dummynet down to 40Mbps to get fq_codel to capture this slow card. I made an alias for all of my slow wifi devices and made a firewall rule to pass their traffic with the Slower dummynet pipe.

I am very pleased with the wifi performance, RRUL tests without fq_codel were averaging in the 3-5000ms range, often spiking into the 8000ms range and sometimes more. I tried adjusting txqueuelen and setting SFQ instead of pfifo_fast on the AP (Ubiquiti AP AC Pro) but it didn't improve performance much. Simply setting fq_codel to handle it on pfSense dramatically improved wifi.

wired1.png
wired1.png_thumb
wired2.png
wired2.png_thumb