Traffic shaper changes [90% completed, please send money to complete bounty]

eri-- · Mar 10, 2008, 6:33 PM

AFAIK i am trying to roll the update now :).

NateDavis · Mar 10, 2008, 6:45 PM

Wonderful, give me about 3 hours to get approval, and I will send $200 to paypal@chrisbuechler.com for this Bounty.

Thanks so much for your efforts!

Nate

NateDavis · Mar 10, 2008, 8:47 PM

Done and Sent. $200 to paypal@chrisbuechler.com for this feature.

Thanks again for your time and effort. It is making a difference.

Looking forward to the new release,
Nate

pogi · Mar 11, 2008, 7:20 AM

I have just discovered this thread and bounty, and would like to know if this would allow me to do the following and I would be very happy to send a payment of $100

I have 2 WAN, 1 of the WAN's is for use by DMZ VOIP only, and the other is for my LAN.

I am planning to get another WAN DSL.

I would really like to be able to have:

LAN Machine 1 <> WAN 1 with shaping for giving priority based on protocols etc
LAN Machine 2 <> WAN 2 with shaping for giving priority based on protocols etc
DMZ VOIP <> WAN3 with shaping for giving priority based on protocols etc

Would also be nice to send certain traffic from LAN to WAN3 to be shaped etc.

Is this possible, sorry I a bit confused.

Thanks

Lee

eri-- · Mar 11, 2008, 4:52 PM

I have 2 WAN, 1 of the WAN's is for use by DMZ VOIP only, and the other is for my LAN.

That's the bounty requirement and it is fulfilled.

As for the other parts those are rfeatures that pfSense supports already.

eri-- · Mar 11, 2008, 11:50 PM

All the people that have contributed to this bounty should have a PM(private message) on their inboxes.
If by any chance i have left anybody out please contact me.

Thank you again to all of you.

colin7151 · Mar 12, 2008, 1:15 AM

Ok, just sent $200 to paypal@chrisbuechler.com

pogi · Mar 12, 2008, 2:10 AM

sent $100 to paypal@chrisbuechler.com

Lee

gandyman · Mar 12, 2008, 7:13 PM

Thx ermal for the great job.

NateDavis · Mar 14, 2008, 3:05 AM

All seems to be working pretty good in my environment with this new Traffic Shapper. The only problem I am having, is I would like to be able to see the queue's and there total usage so I can troubleshoot where the problems are. When I clock Traffic Shaper under the Firewall menu, I do see the shaper and the settings I have made. But when I goto Status, and choose Queues, and it returns back, "Traffic shaping is currently disabled." Let me know if I am doing something wrong…

Thanks!
Nate

P.S. I did use the EZ Traffic Shaper to create my rules.

eri-- · Mar 14, 2008, 9:06 AM

Hmm its a forgotten merge on the update i gave just change this from the /usr/local/www/status_queues.php

63 if(!isset($config['shaper']['enable'])) {
to
if (!is_array($config['shaper']['queue'])) {

The numbers are the line number.

Or if you wish go here to this link and save it in your pfSense router as /usr/local/www/status_queues.php.

Sorry about the disruption. It will be fixed on the next one.

heiko · Mar 14, 2008, 8:09 PM

you have to receive a present, please send me an invoice

300$ Done!

greetings
heiko

eri-- · Mar 14, 2008, 9:44 PM

Thank You very much!

Nice present :)

heiko · Mar 14, 2008, 9:49 PM

My Pleasure! ;)

neek · Mar 18, 2008, 4:46 AM

$50 sent to paypal@chrisbuechler.com

Thanks for all the work!

eri-- · Mar 19, 2008, 6:38 PM

For all the bounty people a simple introduction to the new shaper interface:
There are 5 new things:
1- Floating rules
2- The way you configure queues
3- The way you setup traffic to belong to a queue
4- DSCP(diffserv codepoint) matching
5- IPSec tunnels shaping

1- Is a tool to allow all sort of things.
Basically from this tab you can choose multiple interfaces for a rule. Which direction the rule applies, if it is a terminating rule[quick], if you want to tag traffic with it for later matching it with this tag.
For example you want the http traffic is allowed to go out on every interface you have.
Just setup direction outgoing, port 80 and click save.
If you want the rule to apply only to certain interfaces select them at the interface selection with holding down CTRL button and choosing the ones you want and the above rule applies only to those interfaces.
This way for example you can load balance squid. With a rule as pass out from any to any port 80

Now if you do not select the quick option the rule is not terminating meaning even if it matches the traffic it goes to the next rule and matching against those. If the next rule matches it is the matching rule now. Tags can be applied from one rule to the other.
IE let say you want to pass/shape traffic from protocol tcp,icmp,udp from different interfaces to a same queue. Instead of having to choose the action/queue on each rule just setup the rules and on advanced section apply the same tag to them. At the end of these just setup a rule which passes or block the traffic tagged/marked with the previous tag or the queue they should go. So next time you decide this traffic should go to a different queue you just change one rule and not all of them.
Beaware that to preserve previous behaviour the rules created on the specific interface take priority meaning that they just are applied if traffic matches and that is the final verdict.
So i fyou want a mix of FloatingRules and specific interface rules you must be very specific on the specific interface rules so not to override the actions choosed on floating rules.

2- Now on the Firewall->Traffic shaper you configure only the queue parameters.
To know better what they mean you have to read the pf.conf manual page or just go at http://www.openbsd.org/faq/pf and read about shaping.

To shape traffic on multiple interfaces with only one rule. Just create on multiple interfaces queue with the same name and than just setup a rule that makes desired traffic go to that queue and even if traffic passes to different interface it will go to this queue and be shaped accordingly.
Be aware that the queues with the same names share only the name they can have different priority bandwidth discipline or even the hierarchy of queue may be different. Just the name has to be the same.

For example, if you have 3 interfaces. One LAN 1 and 2 internet links. Have created a load balancing pool for the 2 internet links and want to shape http traffic on the links to the queue http created with the desired parameter on the Traffic shaper configuration.
There are 2 ways to do it.
a) From the lan tab choose all traffic with a destination port of http and select queue http this takes care of it.
b) go to Floating tab and create the same rule there.
If you have Squid running and want to loadbalance the only place is the Floating tab. Create a rule with outgoing direction and select the 2 interfaces where the internet links are connected and choose the queue http for traffic with destination port 80 and protocol tcp.

3- Now the queues are specified on the rule tab and you have easily noticed that.

4- You can now match traffic based on DSCP so easier to match VoIP traffic.

5- IPSec inside tunnels is transparent.
Just setup rules as you do for traffic passing from LAN to WAN and choose the queue you want to apply.
So if you want RDP to have priority better than other thing on the tunnel just setup rules as said on 1-.

For any questions do not hesitate.

Regards and thank you again for your support,
Ermal

eri-- · Mar 19, 2008, 7:15 PM

Forgot the By queues view:

It allows you to copy queues from one interface to the other.
Cloning a full interface is not currently supported.

sai · Mar 20, 2008, 6:56 AM

is it possible to make a new queue that is a child of an existing queue?

eri-- · Mar 20, 2008, 7:20 AM

Sure.

sai · Mar 21, 2008, 5:44 AM

If I have a queue called qVoip23 in the Lan, how do I make a new queue that has as parent qVoip23 ?