Crashplan Traffic Shaping
-
What do your rules look like for matching? Without seeing anything, it's really hard to figure out what's going on :)
-
I understand. I didn't want to take the time to post all of it unless I knew someone was interested in helping. I see quite a few posts that go unanswered around here.
First of all, I have never figured out why to put rules in Floating as compared to WAN and LAN. I get some of the reasoning but in general, never quite sure.
So, I tried using DSCP which I can set in the Crashplan client. I followed a guide I found. I set the TCP packet QoS to DSCP-56. Then, I created a floating rule. Interface WAN, TCP/UDP, Source Any, Destination Any, Diffserv Code Point af13, Ackqueue qACK, Queue qP2P. I those are the major points. This rule didn't seem to do anything. I put the same rule in WAN and LAN and that did nothing
Next, I tried to brute force it. I figured out that I was backing up to 162.222.41.62. I created four rules, two in WAN and two in LAN, both the same. One was saying anything going to that IP, put that in qACK and qP2P. Then, one saying anything coming from that IP are put in those queues as well. Still nothing. The queue status still shows everything in qGames on the WAN. I want the lowest priority for the backup. I did reset states every time I made a change.
I even installed ntopng to see if I could get more interesting and/or revealing information and didn't really learn anything new but the data did look a whole lot prettier. I can post screenshots of anything you need to see but I figured I would start there so I don't waste a bunch of time posting a ton of screen shots you don't care about or need to see.
-
There is a good link here on floating rules and why to use them:
https://doc.pfsense.org/index.php/What_are_Floating_Rules
I do a very simplistic set of queues with a high/default/low and my floats look like this:
They match last wins, so you have to have them in the right order to work. If I recall, does Crashplan do UPNP for the port mappings or do you have just a single NAT configured per internal host? I know UPNP shaping is more annoying as my crashplans are configured like this and you can see the UPNP mapping:
I personally just limit crashplan and do backups over night.
-
I find it interesting that you use DSCP 56, which is CS7 and is the highest priority of the "Class Selector" tags. Why not use CS1(8 (Scavenger: YouTube, Gaming, P2P))? Not that it really matters because you can manually assign any DSCP to any queue.
-
I find it interesting that you use DSCP 56, which is CS7 and is the highest priority of the "Class Selector" tags. Why not use CS1(8 (Scavenger: YouTube, Gaming, P2P))? Not that it really matters because you can manually assign any DSCP to any queue.
Only because I don't know any better.
I see your point but if I am manually limiting it to a lower queue it shouldn't really matter? Point being, it doesn't seem to change anything one way or another.
-
There is a good link here on floating rules and why to use them:
https://doc.pfsense.org/index.php/What_are_Floating_Rules
I do a very simplistic set of queues with a high/default/low and my floats look like this:
They match last wins, so you have to have them in the right order to work. If I recall, does Crashplan do UPNP for the port mappings or do you have just a single NAT configured per internal host? I know UPNP shaping is more annoying as my crashplans are configured like this and you can see the UPNP mapping:
I personally just limit crashplan and do backups over night.
Your queues are much simpler than mine. I used the wizard and that's why I came up with so many different ones. I have a huge floating rules list. It is mostly for all the different gaming systems (xbox, playstation, steam, riot, etc).
I know Crashplan is using HTTPS (443) to upload. I don't understand why or how that got into the qGames though. There might be a rule buried in my floating rules that puts 443 in that queue? Maybe, I should start over my traffic shaping and start simpler to help track this down.
Right now I am uploading 1.2GB to Wetransfer for work. That is getting lumped into qOthersDefault. So, I need to track down whatever it is that is (a rule?) that is putting Crashplan traffic into a higher priority.
-
So on your floating rules, if you enter in a description and than turn on the logging for that rule, you can see in the Status->System Logs-> Firewall. The description is shown there.
That will tell you what rule it's matching to help figure out what's going on.
I can see my VOIP device is matching my VIP and my default rule is working as expected:
My thought process with the 'last match' concept is I put my default at the top, my low rules and and than I put all my high priority rules.
Usually if something isn't matching, it's due to a source or protocol that I messed up defining along the way, which is why my rules and queues are really simple, but that's all I need for my use case I as I only want to lower my Plex server for downloads and such from my seedbed and prioritize my gaming boxes/VOIP. Everything else just falls into my default.
This post is also helpful on floating rules and using 'match' and 'quick'.
https://forum.pfsense.org/index.php?topic=112337.msg625358#msg625358
-
So…it looks like I fixed it. I felt that something was really not setup properly so I redid the wizard. I saw that since I last did the wizard there had been a few changes. I still had my QoS rule in when I finished the wizard and, as if my magic, my Crashplan traffic is now relegated to the lowest queue. I am not sure what fixed it but over the last two days it is performing correctly from what I can tell.
-
I only used the wizard once. After that, I just looked at what the wizard was trying to do, then did everything manually.
-
Ok, I lied, I didn't fix it. Now the traffic is going through the default queue. I think I figured out why.
There is a floating rule for 443 traffic to throw it all in the default queue. When I disable that rule it goes back to the qP2P queue. How do I craft a rule that does that but excludes my NAS?
Or where do I put my QoS tag rule to get to overrule the 443 rule?
-
Why not create an extra rule that takes priority over your 443 traffic rule for your NAS?
-
Why not create an extra rule that takes priority over your 443 traffic rule for your NAS?
That's exactly what I am thinking…but what should it look like?
-
Like one that matches your NAS traffic? I would guess a floating rule at the end of your rules for outgoing where the source IP if your NAS and the destination port is 443?