Playing with fq_codel in 2.4
-
fq_Codel is a zero-config AQM. All it needs is to be hooked up to a shaper of some sort and and works magic. You really need to understand how to traffic shape to do better than it. Eve then, it's great.
Agreed, it really is very impressive - probably one of the more impressive things I've seen in pfSense.
It's a huge improvement for very little config, and the config you have to do is not complicated even for a non-tech-savvy home user.
Netgate should implement some sort of automatic bandwidth limiting, and place that in the UI next to dummynet using fq_codel. Maybe 2.4.2?
The net result of the above would be that pfSense would dramatically improve the quality of even the crappiest connections from ISP with a sub 5 minute configuration for even the least experienced user.
I will grant you that pfSense can already do that (very, very well) with HFSC and limiting your bandwidth manually to below the lowest values you ever see. But HFSC you have to learn how to do, and as Harvy noted - even if you know what you're doing you will have to spend some time getting it as good as fq_codel can be just by turning it on. The result of that is most people either don't use it or don't use it well.
Also, many WAN connection speeds dip dramatically during peak hours. No one wants to cut their bandwidth down by a large percentage all the time just so their limiter can catch the traffic during peak hours.
Either an automatic speedtest similar to ubiquiti's, or an automatic latency test similar to gargoyle could be leveraged to automatically keep bandwidth limited just below the current WAN speeds so your limiter is always catching the traffic and you are always making the most of your available bandwidth.fq_codel + automatic bandwidth limiter = killer app - huge bullet point for pfSense & Netgate.
Agreed with all you said. They should look into implementing it asap
-
@w0w:
Patch for Limiter Info page with schedulers information and refresh interval of 500ms
--- diag_limiter_info.php Wed Sep 07 00:26:47 2016 +++ diag_limiter_info.php Sun Oct 01 08:20:33 2017 @@ -40,5 +40,5 @@ echo $text; - $text = `/sbin/ipfw queue show`; + $text = `/sbin/ipfw sched show`; if ($text != "") { - echo "\n\n" . gettext("Queues") . ":\n"; + echo "\n\n" . gettext("Shedulers") . ":\n"; echo $text; @@ -72,3 +76,3 @@ events.push(function() { - setInterval('getlimiteractivity()', 2500); + setInterval('getlimiteractivity()', 500); getlimiteractivity();Would love to try this patch out. This will show fq_codel on the limiter info page? Is there are kind soul who could explain how to implement this to the lay person?
-
There's a redmine feature request to get an automatic bandwidth limiter added to dummynet.
If anyone is interested and technically inclined please chime in!
Check out the links in my signature for more info.
https://redmine.pfsense.org/issues/7904
-
I finally got fq_codel limiters applied to just my WAN connection via floating rules.
From what I am seeing I think I like it better than using my vlan's interfaces. From what I am seeing in my own testing the jitter seems lower and I see fewer latency spikes on my upload bandwidth tests. Also since this is queuing all traffic on the WAN interface I feel like it is handling separate flows better than it did before.
I could be wrong and all of this is anecdotal or a placebo affect from all of my messing around with shappers and limiters.
If anyone is interested in trying it out the setup is fairly easy.
Firewall > Rules > Floating
*Add new rule
*Change "Action" from "Pass" to "Match"
*Select "WAN" in Interface
*Set "Direction" to "Out"
*Set "Protocol" to "any"
*Source to "any"
*Destination to "any"
Advanced settings
*Set Gateway (Cannot leave as default; you have to specifically set it to your configured gateway)
*Set In/Out (Because it is a floating rule and it is set to "Out" it gets a little confusing. It reverses In/Out ie In is for outgoing and Out is for incoming.)
-
dslreports.com has a good bufferbloat test.
-
Would love to try this patch out. This will show fq_codel on the limiter info page? Is there are kind soul who could explain how to implement this to the lay person?
You need "System patches" package.
Create new patch and apply it. See attachment.
-
I got asked in a PM to post some screenshots of my settings.. Figured post it here as reference.
Just apply the in/out pipe to firewall rule on your interface.. So that these do not effect your intervlan traffic if you have any. Put a rule above to allow access to your other vlans without the pipe's applied.
These settings changed my bufferbloat tests on dslreports to A..
-
Why a /32 IPv4 mask?
-
Because that is what comes up in the gui when this is the rules.limiter
[2.4.0-RELEASE][root@pfsense.local.lan]/root: cat /tmp/rules.limiter
pipe 1 config bw 85Mb
queue 1 config pipe 1 mask dst-ip6 /128 dst-ip 0xffffffffpipe 2 config bw 11Mb
queue 2 config pipe 2 mask src-ip6 /128 src-ip 0xffffffffIs something wrong there? It was working great!!!
-
Haha, I don't know to be honest. I had mine set the same way until I noticed that, then set it to /24 to match my network (I'm IPv4 only). I haven't been on that network in awhile now but I don't remember noticing a difference. My config is otherwise pretty much the same as yours.
Maybe someone can chime in on whether that setting matters or not and exactly what it is doing?
I know that in some parts of traffic shaping GUI there are options presented that don't apply to all types of shaping.
-
The person that asked for the screenshot says its working great for him as well..
I just am not knowledgeable enough when it comes to shaping and limiters to know one way or the other either. I understand the basic principles is about all. I just took the settings as given and applied them to my bandwidth at the time and yeah it drastically reduced the bufferbloat test without noticing any serious hit to the top end numbers on speedtest or during normal use.
But to be honest I had not really noticed any issues before that ;) Other than the test showing me my bufferbloat was bad..
Looking forward to when I can apply it to my new 500/50 line when get new pfsense hardware. I can tell you for sure that on the usg that currently stuck with that when you turn on their smart queues my download is limited to 80ish down vs the 530 I see on speedtest currently. Seems to handle the upload ok but the download gets shit on..
-
Yikes, that's pretty limited!
-
Which is why its not on ;) When you turn on their queues you loose the hardware offload it seems.. So yeah speed takes a hit ;)
-
And that is why I am thankful for pfSense!
-
Oh believe me I will be back to pfsense as soon as get new hardware that can handle the speed.. The usg was a temp solution that was cheap enough to sneak through the budget committee (wife).. its was only a 100$ ;)
It can handle the speed in hardware offload.. But its feature set is so lacking.. Still running my pfsense vm for dhcp and dns since those features on usg need a huge amount of work to be viable in anything other than the most basic of home user networks.. And really just forget about ipv6 and or openvpn without manipulate of json files and having to reload them any time you reprovision the usg from the controller.. And the firewall rules are just nuts to setup on it as well.. I counting the days til I have pfsense back that is for sure ;)
-
I ran this on my router at my LAN party and it worked out great. 184 people with a 300mbit modem and 2 100mbit modems , made 2 download shapers and 1 upload shaper.
i made the system patches as well so it would apply after updates.
-
I should skip this since I don't know what I'm doing but still really curious to make it work. I have gigabit service and get D's and F's on buffer bloat.
I'm sure its in the post and I have indeed read though but still don't understand. What are the steps to enable this? I have 2.4 installed.
Looks like install patches package, run patch posted on page 8 which I was going to do until it said I could not remove this so I thought I better study a bit before I keep going. If you have the energy, please tell me what are the steps and I will follow them. Thanks.
-
You don't have to install the patch.
Just set up limiters (look at Johns screenshots a few pages above this) then run the ipfw commands for fq_codel and add them to shellcmd.
Run a speed test and set your limiters to 95% of the speeds you get.
Now go to your firewall rules to pass traffic and in the advanced section just select the queues you just made.
That's it.
-
You don't have to install the patch.
Just set up limiters (look at Johns screenshots a few pages above this) then run the ipfw commands for fq_codel and add them to shellcmd.
Run a speed test and set your limiters to 95% of the speeds you get.
Now go to your firewall rules to pass traffic and in the advanced section just select the queues you just made.
That's it.
I don't think it's that simple. If you don't override rules.limiter with own one like TS suggests by patching php code, then any firewall config or even WAN IP change that wants and would reload this file will destroy your manually configured fq_codel, until you manually run ipfw commands again or restart firewall to let shellcmd to do it. Am I wrong?
-
No sorry it is that simple.. You do not need to make any files changes at all.. Just create the limiters and then put in the commands via shellcmd to put them in every time you reboot, etc.
