Traffic shaping is jacked up
-
I am trying to diagnose why enabling the traffic shaper in pfSense causes traffic flow and even pings to the LAN interface to not act as expected. If the shaper is enabled, I get very high yet sporadic latency on all kinds of traffic. I was just using the ICMPs to the LAN interface since that would obviously set off an alarm if by simply enabling the shaper, the ping times to the LAN interface jumped! I didn't think I had to spell out that this would adversly affect all traffic through the box! Which it does.
As others have stated, ICMP is low priority. The shaper treats your pings to your LAN IP the same way it treats pings to the Internet, it's a limitation of how it works. So if your connection is being heavily used, the shaper will delay ICMP to your LAN IP the same way it will delay it to the Internet.
How do you measure "very high yet sporadic latency on all kinds of traffic"? If it's by your ping times, that's a terrible way to measure network performance, especially when it's being set to low priority. That's not at all indicative of performance for other protocols that aren't given low priority.
-
I am trying to remain calm here!!!!! Your making that very difficult….
I am not routing LAN traffic through the pfsense box, I never said that, I don't why you would think that I was. The problem I trying to bring to your attention is that by even turning on the traffic shaper hoses the box, even when pinging the LAN interface from the LAN segment. Which applies to traffic transiting pfsense as well.
Roy
-
Where do you think the ping reply is send from? From the LAN interface of the pfSense back to your client? This one WILL get shaped.
-
When I normally set up traffic shaping, I exclude traffic to/from the LAN, so that it does not slow down traffic to the box itself, only traffic transiting the box.
I will just drop this issue, it appears no one else is seeing this problem.
-
How do you exclude it? If it's not assigned it goes into the default queue and the parent queue at LAN is usually configured as your WAN downstream.
-
I much more experience with Linux networking, but there you can do all the shaping on the WAN interface with an Ingress and Egress queue for inbound and outbound traffic. This prevents the LAN interface and traffic to other interfaces from getting shaped when traffic is not going out the WAN interface. This also gives you the ability to allow multiple shaper setups for each "WAN" interface.
-
Unfortunately ALTQ does not work this way.
-
This is the last post I will make on this issue…
I am perfectly clear on the issue of the LAN interface has a shaper config applied to it, I am still saying there is something wrong with the shaper config in the current version. I DO HAVE ICMP set to high, and I see HUGE spikes in ping times to external hosts and directly to the pfSense LAN interface.
I am going to get a box that I know works with an older version and load the latest snapshot on it. I suppose it is remotely possible that some obscure hardware issue is causing this problem to happen only when I turn on the shaper.
-
Yes, I've seen this as well.
This affects a number of operations. I do know about it, and there is a workaround.
But it's not cute. It would prevent traffic shaping to all local networks on the box.
I think this might also be triggered for static routes though. But don't add those for the local interface. that will not work. But traffic bounced off the box with a static route may or may not have a queue assigned.
I'll see if I can make a filter.inc for you to test. I have a local shaper here so I can test it.
-
What kind of NICS are you using. This is starting to sound like a driver issue.
-
I would also like to see your rules saying that ICMP has high priority, I have ..several boxes running the traffic shaper, no problems. The ping times are high unless the IP sending the ping is given high priority for ICMP.
-
What kind of NICS are you using. This is starting to sound like a driver issue.
I really think it is a driver problem. I got a new 10Mb/s cable connection at home moving up from 3Mb/s. I didn't have a problem before I upgraded but now my ping times are as high as 3000ms when my traffic rate hits around 4Mb/s. Browsing degrades to a crawl so obviously http was also affected when I'm using just little under half my assigned speed … and I do setup my queues to give http higher priority over all traffic. At first I though it was an ISP configuration problem, didn't want to blame my Pfsense box, so I called and reported the problem. They told me the obvious thing to do ... "plug the Ethernet cable from the modem directly into the pc" .. Boom problem vanished even when the connection speed is near maxed, my pings times were constant and very good.
Im running Pfsense on a PII 366Mhz with 380 Mb of memory.. even when near maxed at 9Mb/s the cpu is still 80% - 85% idle, so it wasn't a performance issue problem...........
Well skipping out my long story of testing and probing I did eventually got rid of the problem when the traffic shaper was disabled. The problem returns if the statement altq on $wan for example ever showed up in the pf rules file. I'm using two nic that uses the dc driver but can't recall the manufacturer or brand at the moment. I have been reduced to using my old Linksys router for my network because the internet goes bad whenever the traffic goes to 4 megs. I want to try to get Intel nics to see if it would fix my problem but I can't get any to buy here locally. Oh well.