Crashplan Traffic Shaping
-
There is a good link here on floating rules and why to use them:
https://doc.pfsense.org/index.php/What_are_Floating_Rules
I do a very simplistic set of queues with a high/default/low and my floats look like this:
They match last wins, so you have to have them in the right order to work. If I recall, does Crashplan do UPNP for the port mappings or do you have just a single NAT configured per internal host? I know UPNP shaping is more annoying as my crashplans are configured like this and you can see the UPNP mapping:
I personally just limit crashplan and do backups over night.
-
I find it interesting that you use DSCP 56, which is CS7 and is the highest priority of the "Class Selector" tags. Why not use CS1(8 (Scavenger: YouTube, Gaming, P2P))? Not that it really matters because you can manually assign any DSCP to any queue.
-
I find it interesting that you use DSCP 56, which is CS7 and is the highest priority of the "Class Selector" tags. Why not use CS1(8 (Scavenger: YouTube, Gaming, P2P))? Not that it really matters because you can manually assign any DSCP to any queue.
Only because I don't know any better.
I see your point but if I am manually limiting it to a lower queue it shouldn't really matter? Point being, it doesn't seem to change anything one way or another.
-
There is a good link here on floating rules and why to use them:
https://doc.pfsense.org/index.php/What_are_Floating_Rules
I do a very simplistic set of queues with a high/default/low and my floats look like this:
They match last wins, so you have to have them in the right order to work. If I recall, does Crashplan do UPNP for the port mappings or do you have just a single NAT configured per internal host? I know UPNP shaping is more annoying as my crashplans are configured like this and you can see the UPNP mapping:
I personally just limit crashplan and do backups over night.
Your queues are much simpler than mine. I used the wizard and that's why I came up with so many different ones. I have a huge floating rules list. It is mostly for all the different gaming systems (xbox, playstation, steam, riot, etc).
I know Crashplan is using HTTPS (443) to upload. I don't understand why or how that got into the qGames though. There might be a rule buried in my floating rules that puts 443 in that queue? Maybe, I should start over my traffic shaping and start simpler to help track this down.
Right now I am uploading 1.2GB to Wetransfer for work. That is getting lumped into qOthersDefault. So, I need to track down whatever it is that is (a rule?) that is putting Crashplan traffic into a higher priority.
-
So on your floating rules, if you enter in a description and than turn on the logging for that rule, you can see in the Status->System Logs-> Firewall. The description is shown there.
That will tell you what rule it's matching to help figure out what's going on.
I can see my VOIP device is matching my VIP and my default rule is working as expected:
My thought process with the 'last match' concept is I put my default at the top, my low rules and and than I put all my high priority rules.
Usually if something isn't matching, it's due to a source or protocol that I messed up defining along the way, which is why my rules and queues are really simple, but that's all I need for my use case I as I only want to lower my Plex server for downloads and such from my seedbed and prioritize my gaming boxes/VOIP. Everything else just falls into my default.
This post is also helpful on floating rules and using 'match' and 'quick'.
https://forum.pfsense.org/index.php?topic=112337.msg625358#msg625358
-
So…it looks like I fixed it. I felt that something was really not setup properly so I redid the wizard. I saw that since I last did the wizard there had been a few changes. I still had my QoS rule in when I finished the wizard and, as if my magic, my Crashplan traffic is now relegated to the lowest queue. I am not sure what fixed it but over the last two days it is performing correctly from what I can tell.
-
I only used the wizard once. After that, I just looked at what the wizard was trying to do, then did everything manually.
-
Ok, I lied, I didn't fix it. Now the traffic is going through the default queue. I think I figured out why.
There is a floating rule for 443 traffic to throw it all in the default queue. When I disable that rule it goes back to the qP2P queue. How do I craft a rule that does that but excludes my NAS?
Or where do I put my QoS tag rule to get to overrule the 443 rule?
-
Why not create an extra rule that takes priority over your 443 traffic rule for your NAS?
-
Why not create an extra rule that takes priority over your 443 traffic rule for your NAS?
That's exactly what I am thinking…but what should it look like?
-
Like one that matches your NAS traffic? I would guess a floating rule at the end of your rules for outgoing where the source IP if your NAS and the destination port is 443?