Any updates on implementing fq_codel

shinzo

Since we hit 2.4 beta, wanted to see if there was any plans for fq_codel.

cplmayo

+1

I am waiting for this. Proper FQ_Codel would make pfSense so much better.

Dazog

FQ-CoDel, PIE and FQ_PIE are all in FreeBSD 11.

I would love to see them all supported.

Any chance?

cplmayo

Everything I have seen posted is they are in development but nothing about any AQMs making it into 2.4. Their road map show it for future versions.

Personally I am waiting for this. Currently I have an Edgerouter-X setup as a bridge between my cable modem and PfSense running their "Smart Queue" on the cable modem side.

With I line IDS (Suricata) breaking Traffic Shapping Queues I could not come up with a good way to run Codel on my connection and still run my IDS how I wanted it to run.

I would just love to see this become a higher priority as bufferbloat is still a problem that needs addressed and Codel seems to be the best option for taming the problem.

w0w

What benefits of FQ-CoDel comparing with plain CODELQ shaper implemented on pfsense 2.3?
Currently for eliminating bufferbloat problems I just limiting my bandwidth on both traffic shaper settings and limiters settings. If I don't limit my bandwidth, then bufferbloat occurs on ISP side/router, not mine.
Does using FQ-CoDel resolves this problem, you don't need any limits of bandwidth?

cplmayo

FQ_Codel handles multiple connections much better than Limiters and our current implementation of Codel. For the last year at least I have have used Dynamic limiters to control clients and keep anyone from hogging all the bandwidth. I then used Codel in PfSense's traffic shapper to handle queuing so that bufferbloat and latency both remained usable.

The limiters in pfsense currently use a FIFO (First-in First-out) queue, If I remember correctly, so just the dynamic limiters is not going to handle queue delay and latency nearly as well as Codel.

So setting codel as the queue on the traffic shapper ensures that my latency and bloat stays low regardless of how many connections are running.

While this works it is kind of a cobbled together way of doing FQ_Codel.

I have tried HFSC, CQB, and PRIQ with Codel as the scheduler but every single time as soon as my clients start hammering at the WAN connection latency spikes happen and bufferbloat can be seen.

To test just fq_codel I took an Edgerouter X (https://www.ubnt.com/edgemax/edgerouter-x/) and setup a bridge between two ports. I then setup the smart queue on one of the ports. Their Smart Queue works very well and implements fq_codel, and is easy to setup. All you have to do is input your connection speed and it calculates the 95% and sets the queues accordingly.

Since I did this I have turned off all limiters and shappers on my pfSense box and my connection has been rock solid with no issues. I have three streaming boxes streaming Netflix, Hulu, or youtube going at any given time on my network. I also have Torrents/Usenet going a lot and at no time does the connection feel sluggish.

From what I have seen fq_codel works so well I just want to have it running in pfSense and eliminate the Edgerouter X. I do not like having it sitting between my cable modem and pfsense; I think it is silly and unreliable, but at this point the benefit to me makes it worth it.

Sorry for the long post, I could be wrong on how I think Limiters and the Shapper work in PfSense but I based it off of my observations over the last three years of using it.

w0w

You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it's HFSC with three queues where only two have codel enabled. Those are "p2p" and "everything else". VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

cplmayo

@w0w:

You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it's HFSC with three queues where only two have codel enabled. Those are "p2p" and "everything else". VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

This is kind of how I have ran my firewall for the last couple years. Recently In-Line filtering in Suricata has broken traffic shapping for me so I have not been able to use the setup that I prefer.

I never had the greatest luck with HFSC but I know that in FreeBSD 11 CoDel, FQ-CoDel, PIE and FQ-PIE are supported in the Limiters/Dummynet. I think this will make the limiters much better in terms of Dynamic Limiting as instead of FiFo you could use CoDel, FQ-CoDel, PIE or FQ-PIE as the scheduler basically eliminating the need for ALTQ. Combine that with 2.4's fix to limiters on WAN connections running NAT and you have the making for a very effective bandwidth manager.

hhkb

Thought I'd just chime in with my own experience. I've been a pfsense user for about 6 months now, prior to that all my edge routing was done with Linux stack.

I've got bufferbloat sort of controlled, using CoDeL with fair queuing in pfsense. But it's nothing compared to fq_codel. Bufferbloat is reduced but I still get spikes of latency before it seems to clamp down. With fq_codel jitter is extremely low (single digit miilliseconds) even under saturation. It's also much easier to setup since you can limit both ingress and egress on a single interface, and just have to fill in the bandwidth values.

So, really hoping we see the AQM fq_codel in pfsense, it is the one major thing it's missing for me - and I've been sorely tempted to go back to a linux distro because of it.

grandrivers

This sure would help in remote desktop scenarios but maybe my isps are so bad nothing will help but i wont know that till i can try it and dont want to go through caning to a firewall that has it already to try vs voting for it in pfsense

here is a feature request for it
https://redmine.pfsense.org/issues/6620

codel and queuing changelog
Version 0.2.1 (17 May 2016)
–-------------------------

Fixed FQ-Codel/FQ-PIE over-limit checking
Fixed CoDel/FQ-Codel isqrt initial value that can cause wrong isqrt guessing
Fixed kernel panic when unloading dummynet module while there is a busy
PIE AQM
Fixed kernel panic when reconfigure busy droptail pipe to use CoDel/PIE AQM
Fixed mismatch FQ-Codel/FQ-PIE quantum boundaries with the technical report

Version 0.2 (18 April 2016)

Added PIE and FQ-PIE AQM
Fixed ECN implementation of CoDel and FQ-CoDel
Fixed FQ-Codel perturbation bits in hash calculation
Fixed compilation and loading error in i386 platform
Fixed double increment of Dummynet io_pkt_drop counter
Changed default FQ-CoDel ECN to enable
Changed CoDel/FQ-CoDel count variable size to 32-bit
Changed time resolution from millisecond to microsecond
Changed time unit for ipfw userland AQM parameters from millisecond
to time with units i.e. s, ms and us
Code clean-up and little fixes

Version 0.1 (26 February 2016)

First release of CoDel and FQ-CoDel for FreeBSD's ipfw/dummynet
framework.

coliflower

Dear all,

is there any new status on this topic, please ?

w0w

https://forum.pfsense.org/index.php?topic=126637.0
Using since this topic posted, so far — I see no problems using it, even if it not supported officially. Actually, I was thinking about creating bounty for implementing this feature as package, but not sure is it necessary, because Netgate "keep eyes on it" and may be they will implement this feature ::)

coliflower

Thank you for your reply !

dimangelid

@w0w:

You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it's HFSC with three queues where only two have codel enabled. Those are "p2p" and "everything else". VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

I know that there is an old topic, but i'm trying to do the same setup. Would you mind sharing screenshots with your setup?

w0w

@dimangelid:

@w0w:

You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it's HFSC with three queues where only two have codel enabled. Those are "p2p" and "everything else". VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

I know that there is an old topic, but i'm trying to do the same setup. Would you mind sharing screenshots with your setup?

I am not using this scheme anymore, I am using FQ_CODEL now https://forum.pfsense.org/index.php?topic=126637.0

dimangelid

@w0w:

@dimangelid:

@w0w:

You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it's HFSC with three queues where only two have codel enabled. Those are "p2p" and "everything else". VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

I know that there is an old topic, but i'm trying to do the same setup. Would you mind sharing screenshots with your setup?

I am not using this scheme anymore, I am using FQ_CODEL now https://forum.pfsense.org/index.php?topic=126637.0

Maybe by chance have you kept your old settings?

w0w

Let me see tomorrow. I'll check some backups and let you know.

w0w

It was something like that, you must use floating rules with pass and quick apply option. WAN/LAN is using the same shaper parameters as I have symmetrical bandwidth.

shaper.jpg_thumb

everything.jpg_thumb

voip.jpg_thumb

qlow.jpg_thumb

qacklow.jpg_thumb

rules.jpg_thumb

dimangelid

@w0w:

It was something like that, you must use floating rules with pass and quick apply option. WAN/LAN is using the same shaper parameters as I have symmetrical bandwidth.

Thank you very much for your feedback! My main concern is how did you implement Also I have dynamic limiter that set to equalize bandwidth between IP addresses

I have setup HFSC and it works good, but the bandwidth between devices when the traffic goes to the same queue, is not shared evenly.

I have setup my floating rules with Action: Match and Quick Pass for assigning traffic to HFSC queues and it is assigned perfectly. I have also setup a firewall rule at LAN interface, for all traffic except the traffic in my local network, and i assign the traffic to In/Out pipes in order to share the bandwidth evenly between devices.

When the LAN rule is active the bandwidth is shared evenly between devices, but the traffic shapping is not working as it should. I have setup my torrents queue to have maximum bandwidth 50kb/s when an HTTP/FTP download occurs at the same time. When i start a torrent download from one computer and an HTTP download from another, the bandwidth is shared evenly between the computers, instead of limiting the torrents to 50kb/s and letting HTTP to download at full speed.

When i turn off the LAN rule, the torrents are almost instantly limited to 50kb/s. I have attached screenshots for the Pipe settings. Do you have a suggestion for combining correctly HFSC queues and Pipes, in order to share evenly bandwidth between devices and at the same time my HFSC queues do their job according to my setup?

01.png_thumb

02.png_thumb

03.png_thumb

04.png_thumb

05.png_thumb

06.png_thumb

w0w

I have used https://forum.pfsense.org/index.php?topic=63531.0 this guide for evenly sharing.

Limiters is not the right thing you are looking for, you should do proper traffic sorting on shaper side, ex using HFSC and your torrent and http download must not share one queue, then you can set link share percents or bandwidth limits under service curve, for example setting 1% for torrent queue [qlow and qacklow in my sample setup] will limit this queue to 1% of overall bandwidth if any other queue wants full speed at the same time.