Playing with fq_codel in 2.4
-
Regarding the sysctl defaults, this link is likely the most official source for details, particularly the "Parameters" section: https://tools.ietf.org/html/draft-ietf-aqm-fq-codel-06
-
One Sunday morning I have found that bufferbloat rating is B or even C and no drops on my side. I've tried to play with bandwidth limiting and after changing it to twice smaller I got A rating again, looks like it's a problem on the ISP side. OK, I was thinking there is nothing to do, but why not to try to use delay instead of limiting bandwidth.
SO I changed limiter config to
pipe 1 config delay 0ms for both pipes
And looks like this did the trick, now I have A+ bufferbloat and A or A+ Quality ratings.
Certainly, I need to do advanced tests before draw some conclusions, but it looks hopefully. -
Can't WAIT for this to get into the UI.
FQ_codel's fair queuing is incredible, and HFSC + CODEL, FAIRQ + CODEL and CODELQ in pfSense can't provide multi-bucket fair queuing nearly as well.
I tested this using shellcmd so it will persist through reboots: "ipfw sched 1 config pipe 1 type fq_codel && ipfw sched 2 config pipe 2 type fq_codel" runs on reboot, with limiters and firewall pipes configured in the UI. It performs just as good as Linux's fq_codel that I have running on LEDE, IPFire and a few other boxes. pfSense getting fq_codel and wireguard would let me move entirely to pfSense / BSD on the networking side :)
-
As for GUI I was thinking about building some package, but I am not any kind of php programmer and the best would be mainstream implementation into pfsense by professionals, core team.
We can also vote for bounty and see what happens. -
It's literally an on/off setting, and a kernel module
-
It's literally an on/off setting, and a kernel module
Not so simple. You need to enable limiters at least and use it in pf rule. So it's a lot of GUI and code change if we going to make it on the traffic shaper side. If we going to make it on the limiters side, then yes it's much more simpler, we need scheduler type selection and bandwidth OR delay limiting. Since I use delay limiting for pipe, it's not enough to use only bandwidth limit.
BTW delay limiting with 0ms gives me the best result with bufferbloat test, since enabled, I have tested it multiple times per day and it's always A/A+ regarding to ISP mainstream router load.
The best thing that comes with delay setting is that you don't limit your traffic when it's really don't need to be limited. For example my real bandwidth varies from 250 to 300Mbit and sometimes to make it work without bufferbloat I need to limit bandwidth down to 100. I am not sure why delay limiting helps in this case but it really works at least with my ISP and I have no bandwidth limit on my side. -
@w0w:
It's literally an on/off setting, and a kernel module
Not so simple. You need to enable limiters at least and use it in pf rule. So it's a lot of GUI and code change if we going to make it on the traffic shaper side. If we going to make it on the limiters side, then yes it's much more simpler, we need scheduler type selection and bandwidth OR delay limiting. Since I use delay limiting for pipe, it's not enough to use only bandwidth limit.
BTW delay limiting with 0ms gives me the best result with bufferbloat test, since enabled, I have tested it multiple times per day and it's always A/A+ regarding to ISP mainstream router load.
The best thing that comes with delay setting is that you don't limit your traffic when it's really don't need to be limited. For example my real bandwidth varies from 250 to 300Mbit and sometimes to make it work without bufferbloat I need to limit bandwidth down to 100. I am not sure why delay limiting helps in this case but it really works at least with my ISP and I have no bandwidth limit on my side.Thanks for trying to explain it. When it comes to traffic-shaping, even from a user perspective (disregarding the developer implementation), rarely is anything as simple as "It's literally an on/off setting, and a kernel module".
I've been guilty of back-seat driving myself… and I'm totally, fully, absolutely awesome. ::)
-
Why wouldn't it be a check box next to where we already have codel, random, random in and out, and explicit congestion notification
All of those things are already implemented.
It's just a different control algorithm tied in at the same place
-
Why wouldn't it be a check box next to where we already have codel, random, random in and out, and explicit congestion notification
All of those things are already implemented.
It's just a different control algorithm tied in at the same place
One big reason is because the area you're referring to is in the queues (ALTQ) section while fq_codel was implemented in limiters (dummynet) section.
Why don't we "just" send humans to Mars? We already have robots there.
Like I said, back-seat driving is easy.
-
Why wouldn't it be a check box next to where we already have codel, random, random in and out, and explicit congestion notification
All of those things are already implemented.
It's just a different control algorithm tied in at the same place
One big reason is because the area you're referring to is in the queues (ALTQ) section while fq_codel was implemented in limiters (dummynet) section.
Why don't we "just" send humans to Mars? We already have robots there.
Like I said, back-seat driving is easy.
Why is it under limiter, when the rest of them are under altq?
-
ALTQ and Limiters are two different systems. My understanding is ALTQ is PF traffic shaping and Limiters are IPFW traffic shaping. Two competing firewall systems that FreeBSD has.
-
Why wouldn't it be a check box next to where we already have codel, random, random in and out, and explicit congestion notification
All of those things are already implemented.
It's just a different control algorithm tied in at the same place
One big reason is because the area you're referring to is in the queues (ALTQ) section while fq_codel was implemented in limiters (dummynet) section.
Why don't we "just" send humans to Mars? We already have robots there.
Like I said, back-seat driving is easy.
Why is it under limiter, when the rest of them are under altq?
I'm a bit unclear about what you're asking but if you are asking why fq_codel was implemented in dummynet rather than ALTQ you'd need to ask the devs: http://caia.swin.edu.au/freebsd/aqm/
I'd like to know as well. Maybe they think ipfw/dummynet is more future-proof than ALTQ? I dunno…
-
By default, fq_codel uses ECN.
This often doesn't work properly for upload so you may need to try without it. For my config this meant using:
ipfw sched 1 config pipe 1 type fq_codel ecn && ipfw sched 2 config pipe 2 type fq_codel noecn
Swap ecn/noecn as needed depending on the order you created the limiters in.
-
Interestingly, on Linux, fq_codel is in mainstream kernel, and enabled by default now.no settings required.
-
By default, fq_codel uses ECN.
This often doesn't work properly for upload so you may need to try without it. For my config this meant using:
ipfw sched 1 config pipe 1 type fq_codel ecn && ipfw sched 2 config pipe 2 type fq_codel noecn
Swap ecn/noecn as needed depending on the order you created the limiters in.
I know what are you talking about.
https://www.bufferbloat.net/projects/codel/wiki/Best_practices_for_benchmarking_Codel_and_FQ_Codel/
But FQ_CODEL revision was updated several times since this article was published and no official remarks about ECN and recommended settings in docs.
I have read a lot and played a bit with ECN option, but in my case it have no effect directly. If anybody suggest some simple way to test ECN I will be much thankful. -
@w0w:
By default, fq_codel uses ECN.
This often doesn't work properly for upload so you may need to try without it. For my config this meant using:
ipfw sched 1 config pipe 1 type fq_codel ecn && ipfw sched 2 config pipe 2 type fq_codel noecn
Swap ecn/noecn as needed depending on the order you created the limiters in.
I know what are you talking about.
https://www.bufferbloat.net/projects/codel/wiki/Best_practices_for_benchmarking_Codel_and_FQ_Codel/
But FQ_CODEL revision was updated several times since this article was published and no official remarks about ECN and recommended settings in docs.
I have read a lot and played a bit with ECN option, but in my case it have no effect directly. If anybody suggest some simple way to test ECN I will be much thankful.You can use tcpdump to see whether ECN has been negotiated/used, then run downloads & uploads with ECN disabled/enabled to see if there's any difference in speeds and/or latencies.
For me, it improved download (or was it upload? or both?) speeds by a few percent but over a few days of using ECN (Linux client /proc/sys/net/ipv4/tcp_ecn = 1) had a couple of sites completely fail to work so I set tcp_ecn back to it's default (2).
Whether your pfSense router supports ECN is a separate condition from your client supporting it, so make sure to configure it appropriately on both.
I only played with ECN very quickly so take my input with a grain of salt… ;)
-
…
For me, it improved download (or was it upload? or both?) speeds by a few percent but over a few days of using ECN (Linux client /proc/sys/net/ipv4/tcp_ecn = 1) had a couple of sites completely fail to work so I set tcp_ecn back to it's default (2).Whether your pfSense router supports ECN is a separate condition from your client supporting it, so make sure to configure it appropriately on both.
I only played with ECN very quickly so take my input with a grain of salt... ;)
Do you remember URLs of sites failed to work with ECN?
I've seen some reports like "Measuring the State of ECN Readiness in Servers, Clients" and others too, all of them stated that there is some % of servers that have wrongly configured ECN and this is the real problem, even if percentage of those servers lowered over years, but the real quantity raised up, so the simplest way is to test ECN enabled FQ_CODEL against some of those " ECN-failed" sites. -
Setting my bandwidth to 95% of my always results in about 20mb off of my total bandwidth in tests. It seems that to use this you have to take a bandwidth hit….
-
I have a 150Mb connection, I set my bandwidth to 99%, or 148.5Mb, and I get about 147.8Mb/s with speed tests. If you're losing more than a small faction of a percentage, it's because something is misconfigured, low quality network equipment, or you're dealing with very small amounts of bandwidth where dropping a single packet results in a sizable bandwidth difference.
-
I have a 150Mb connection, I set my bandwidth to 99%, or 148.5Mb, and I get about 147.8Mb/s with speed tests. If you're losing more than a small faction of a percentage, it's because something is misconfigured, low quality network equipment, or you're dealing with very small amounts of bandwidth where dropping a single packet results in a sizable bandwidth difference.
This is my experience as well. Only when I was beginning my traffic-shaping journey did I experience strange things like that. My assumption is that I was misconfiguring.
I suppose it's possible that these algorithms incorrectly calculate bitrates but that is very unlikely since transmitting at the configured bitrate is perhaps the most fundamental aspect of any traffic-shaping algorithm.