Playing with fq_codel in 2.4
-
Implementing fq_codel improved the dsl reports TO A AND B but USING hfsc and CODEL I get better results ALL A+, I tried a linux distro with fq_codel got same A,B and sometime C but again with Pfsense HFSC and codel I get all A+, so for me I am getting better results with HFSC and Codel
-
Implementing fq_codel improved the dsl reports TO A AND B but USING hfsc and CODEL I get better results ALL A+, I tried a linux distro with fq_codel got same A,B and sometime C but again with Pfsense HFSC and codel I get all A+, so for me I am getting better results with HFSC and Codel
Did you configure manually or use the wizard? I used the wizard with HFSC selected and received better grades on dslreports but speed was much lower overall. The scores were better because the throttle was more aggressive. Would you be willing to share your config? Screenshots maybe. I would like to compare what I get using fq_codel as described in this thread.
-
It's possible that HFSC+ALTQ gives better rate limiting characteristics compared to IPFW.
-
Implementing fq_codel improved the dsl reports TO A AND B but USING hfsc and CODEL I get better results ALL A+, I tried a linux distro with fq_codel got same A,B and sometime C but again with Pfsense HFSC and codel I get all A+, so for me I am getting better results with HFSC and Codel
Did you configure manually or use the wizard? I used the wizard with HFSC selected and received better grades on dslreports but speed was much lower overall. The scores were better because the throttle was more aggressive. Would you be willing to share your config? Screenshots maybe. I would like to compare what I get using fq_codel as described in this thread.
Sure in dsl buffer bloat test I get half the speed but thats cos if it goes over that speed I get buffer bloat , but running a normal speed test with same setup I get my full speed, so I only get half with dsl reports so for me HFSC and codel are doing a fine Job but I am sure many more experts here can correct me. A other thing using ipfw limiters when using the full upload speed it does not give example enough bandwidth plex remote users need, in hfsc it takes bandwidth from example the upload backup to the cloud and gives plex itS full 5mbps it needs
-
I have fq_codel working on my system without issue. I followed the screenshots from post #121.
Question:
If I apply the same lan / wan queues to the In / Out on my IPsec interface rule will bandwidth then be shared evenly between multiple IPsec clients?
I have several people that access server resources and it would be great if the bandwidth was shared evenly when everyone was trying to perform a get operation.
Thanks
-
to the guys saying they only had to enable in cli and "nothing" else.
You didnt do this step?
Start with a recent 2.4 snapshot. Create two root limiters, Download and Upload, and put 95% your maximum values in bandwidth. Create two queues under each, say LAN and WAN. For LAN, selection destination addresses for mask and source addresses for WAN. Modify the default outgoing firewall rule to use WAN under "in" pipe and LAN under "out" pipe.
Also the limiter is surviving all filter reload's?
-
to the guys saying they only had to enable in cli and "nothing" else.
You didnt do this step?
Start with a recent 2.4 snapshot. Create two root limiters, Download and Upload, and put 95% your maximum values in bandwidth. Create two queues under each, say LAN and WAN. For LAN, selection destination addresses for mask and source addresses for WAN. Modify the default outgoing firewall rule to use WAN under "in" pipe and LAN under "out" pipe.
Also the limiter is surviving all filter reload's?
Yes I did that step. When I say I only used the command line I mean I did not install a patch of any kind. I use Shellcmd package to run the command line again each time my system boots.
-
Part of the challenge is trying to figure out what gives better performance is your ISP and what may or may not be going on with your local network.
I've got a 1Gb FIOS line and a pretty 'quiet' neighborhood so I tend to get a very consistent speed for up and download when I'm testing. Since it's not a pure 'lab' scenario, you can't really be sure of the variables in your testing.
I've noticed:
- FQ_Codel seems to have a bit less overhead than HFCS/Codel
- If I get my upload and download speeds set properly, I can straight A+s on any buffer bloat tests
- If I have multiple things going on or something not configured correctly, I tend to get problems
- If you are using a straight up limiter and equally sharing bandwidth across all LAN connections for an example, you won't see your max upload/download as you have it shared equally. To that point, in OPNSense, you would configure a limiter and "weight" your FW rules to prioritize what you wanted.
My rules would look like something like:
Limiters: 10000: 940.000 Mbit/s 0 ms burst 0 q75536 50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail sched 75536 type FIFO flags 0x0 0 buckets 0 active 10001: 880.000 Mbit/s 0 ms burst 0 q75537 50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail sched 75537 type FIFO flags 0x0 0 buckets 0 active Queues: q10002 50 sl. 0 flows (1 buckets) sched 10001 weight 100 lmax 0 pri 0 AQM CoDel target 5ms interval 100ms NoECN q10003 50 sl. 0 flows (1 buckets) sched 10001 weight 10 lmax 0 pri 0 AQM CoDel target 5ms interval 100ms NoECN q10000 50 sl. 0 flows (1 buckets) sched 10000 weight 100 lmax 0 pri 0 AQM CoDel target 5ms interval 100ms NoECN q10001 50 sl. 0 flows (1 buckets) sched 10000 weight 10 lmax 0 pri 0 AQM CoDel target 5ms interval 100ms NoECNWhich created some buckets and than weighted by my firewall rules.
I try to use the concept simple is better as I have very limited rules and only really lower my plex download traffic and prioritize my gaming traffic. Everything else just falls into the defaults.
-
To that point, in OPNSense, you would configure a limiter and "weight" your FW rules to prioritize what you wanted.
It works the same way in pfSense. I weight my guest Network to 10% of my bandwidth.
So if there is no lan traffic then guest can use all the bandwidth. When someone on lan starts using bandwidth then it will throttle guest all the way until they get down to 10% as necessary.
It's great, limits without wasting bandwidth. Of course you can set hard limits as well if you need to. -
To that point, in OPNSense, you would configure a limiter and "weight" your FW rules to prioritize what you wanted.
It works the same way in pfSense. I weight my guest Network to 10% of my bandwidth.
So if there is no lan traffic then guest can use all the bandwidth. When someone on lan starts using bandwidth then it will throttle guest all the way until they get down to 10% as necessary.
It's great, limits without wasting bandwidth. Of course you can set hard limits as well if you need to.Apologies as I don't mean to state the obvious so don't read into other than a statement, there is always traffic going on so if the plan is to share out across a LAN.
I always see some traffic going on which is specifically why I avoided equal sharing across my LAN and focused more on prioritizing hosts. All those Echos, ATVs and such are chatty :)
-
I don't think you're understanding.
Example:
On a 100/100 limiter.
LAN is weight 90, Guest is weight 10.LAN is unused, background traffic only (let's say ~2Kbps) - Guest has up to 99998Kbps of bandwidth available.
In short, guest is free to use as much of the available bandwidth as they want less whatever LAN is using (Guest can only ever take away 10% of the total available bandwidth from LAN. Likewise, LAN can only ever take away 90% of the total available from Guest).So, neither network will be limited at all until the pipe is full. The same principle is true for clients within each individual network.
Equal sharing does not mean that your bandwidth is automatically divided up between the number of clients on the network and each is given a hard limit.
I.e., 100Mbps limiter with 10 clients on the network automatically limits those clients to 10Mbps each all the time. That does not happen. That scenario would only ever happen if the pipe was full and ALL 10 clients were asking for >10Mbps simultaneously. The instant even one client backed off, that clients bandwidth would be distributed back out into the pool of available bandwidth. -
I don't think you're understanding.
Example:
On a 100/100 limiter.
LAN is weight 90, Guest is weight 10.LAN is unused, background traffic only (let's say ~2Kbps) - Guest has up to 99998Kbps of bandwidth available.
In short, guest is free to use as much of the available bandwidth as they want less whatever LAN is using (Guest can only ever take away 10% of the total available bandwidth from LAN. Likewise, LAN can only ever take away 90% of the total available from Guest).So, neither network will be limited at all until the pipe is full. The same principle is true for clients within each individual network.
I understood what you said. I used the term "equally sharing bandwidth across all LAN connections" in my post and you repeated my example of weighting, which I said I used.
-
Ok I see.
My point was that you made it sound like only opensense offered this feature, which is incorrect.
-
Ok I see.
My point was that you made it sound like only opensense offered this feature, which is incorrect.
Ah, ok as that wasn't my point. I just wanted to share that both the FQ-Codel and HFSC/Codel work well when configured right and my findings with quite a bit of testing was that FQ-Codel was more efficient but not by much and I had working results with both.
-
My bad, my bad! It was a really late couple of nights haha.
-
Hi guys,
Have been following the discussion on how to setup weights on the queues. Wanted to go through an example to make sure I understand correctly:
Let's assume I have 3 subnets (LAN1 - 3) and one guest network. I'd like to make sure that when under load, no LAN (or guest network) can hog all the bandwidth.
To set this up with limiters, I would:
Create an upload and download limiter and then create under each:
Download: Create 4 queues (one for each subnet with weight 30, and one for the guest network with weight 10)
Upload: Create 4 queues (one for each subnet with weight 30, and one for the guest network with weight 10).Assuming I had a 100/100 connection, this would ensure that:
With no load, any of the subnets including guest network could consume up to 100Mbit.
Assuming the connection is maxed out, this will ensure the that LAN1 - 3 are limited to 30Mbit each, and the guest network is limited 10Mbit each.In the situation where e.g. only LAN1 and LAN2 are trying to use all the bandwidth, how would it work (i.e. not traffic on LAN 3 and guest network)? Depending on on which subnet started using the bandwidth first, is either able to go up to 70Mbit as the other is guaranteed at least 30Mbit?
Thanks in advance for your help and explanation I really appreciate it.
-
You got it, in the lan 1 and 2 only scenario it would go to 50 Mbps for each since they are weighted equally.
The speeds will certainly have transient periods of assymetric throughput but will balance out.
-
You got it, in the lan 1 and 2 only scenario it would go to 50 Mbps for each since they are weighted equally.
The speeds will certainly have transient periods of assymetric throughput but will balance out.
Thanks! I configured everything as described and was able to test it out by running a speed test on the three LAN's concurrently. Was a nice to see speeds adjusting so that every LAN got its faire share as determined by the weights, yet if the other two LAN's are busy the third LAN could still use all the bandwidth.
Thanks again for the help - I think it's great how with proper traffic shaping one can really get the most out of a lower bandwidth connection, e.g. 50/50 or 75/75 will go a long way with proper shaping vs. spending extra $ to upgrade to more bandwidth to try to solve the problem.
-
The problem I'm having with fq_codel is shaping OpenVPN. It's not clear how best to apply fq_codel to OpenVPN for my setup.
There are two options here.-
Apply fq_codel to the WAN firewall rule for OpenVPN. This works well for site-to-site VPNs. If I send highly-compressable data, then the LZ4 compression works and I get a higher throughput. Uncompressable data is shaped normally and works well. This doesn't work well for a road-warrior connection. When the road-warrior accesses the Internet, that traffic is not handled by fq_codel. If it saturates the link then it's like not have fq_codel at all.
-
Apply fq_codel to the OpenVPN interface firewall rules. This breaks compression apparently as I couldn't get rates that exceeded the limiter speed.
With the old codelq applied to WAN, it didn't seem to matter what I did, as it would always do a pretty good job of keeping latency under control with/without OpenVPN, highly-compressable data, etc. fq_codel does a better job but having to apply it to every firewall rule is a bit of configuration tangle.
*Applying fq_codel to the WAN firewall rule for OpenVPN and sending highly-compressable data does introduce a lot of latency for me but still ok. It's much worse without fq_codel.
For reference:
Idle: 8ms, regular upstream saturation with fq_codel: 12-18ms, highly-compressable upstream saturation: 100ms, no fq_codel/codel upstream saturation: 1500ms. -
-
I have two queues created under the "download" limiter and they show up in Limiter Info, but when I create the schedule only one queue gets added…
Does the command "ipfw sched 1 config pipe 1 type fq_codel" need to be modified to tell it to include all queues? I'm trying to add a lower weight to the guest network.
edit: one other observation, I followed the screenshots from post 121 but I needed to set the mask to match my subnets or multiple clients were clashing and still causing buffer bloat.
