Playing with fq_codel in 2.4

strangegopher · May 13, 2018, 2:44 AM

Only reason I have it as floating is because I have 6 vlans. I will set it one by one in each vlan and hope this goes away.

dennypage · May 13, 2018, 3:09 AM

@strangegopher:

Only reason I have it as floating is because I have 6 vlans. I will set it one by one in each vlan and hope this goes away.

Yea, I hear you. Floating is much more convient. I have 5 local nets, although using interface specific rules I only bother with 4 of them. The last network is very low traffic and I don’t want to drop packets there anyway.

strangegopher · May 13, 2018, 4:18 AM

Just finished setting up the rules and traceroute is fixed now. :)

matt_ · Jun 4, 2018, 9:07 PM

https://github.com/pfsense/pfsense/pull/3941

PR was accepted and needs to be tested now.

zwck · May 17, 2018, 8:26 PM

! amazing !

strangegopher · May 17, 2018, 11:18 PM

@matt_:

https://github.com/pfsense/pfsense/pull/3941

PR was accepted and needs to be tested now.

Sorry I am not on development releases but has limiter info page also been updated to show schedulers information?

like suggested earlier in this thread:

@w0w:

Patch for Limiter Info page with schedulers information and refresh interval of 500ms


--- diag_limiter_info.php	Wed Sep 07 00:26:47 2016
+++ diag_limiter_info.php	Sun Oct 01 08:20:33 2017
@@ -40,5 +40,5 @@
 	echo $text;
-	$text = `/sbin/ipfw queue show`;
+	$text = `/sbin/ipfw sched show`;
 	if ($text != "") {
-		echo "\n\n" . gettext("Queues") . ":\n";
+		echo "\n\n" . gettext("Shedulers") . ":\n";
 		echo $text;
@@ -72,3 +76,3 @@
 	events.push(function() {
-		setInterval('getlimiteractivity()', 2500);
+		setInterval('getlimiteractivity()', 500);
 		getlimiteractivity();

matt_ · May 21, 2018, 12:15 PM

Not yet, that's gonna need to be a separate PR. I'm thinking of maybe making a Queue-like page for that instead of text-based readouts.

strangegopher · May 26, 2018, 3:49 AM

any idea when this will show up in 2.4 development snapshots?

areynot · May 28, 2018, 4:50 PM

Can someone please guide me how to setup the shellcmd if Im using more than 1 queue per pipe as in:
(I have placed different weights to identify where queues are placed)

pipe 1 config  bw 5000Kb
queue 1 config pipe 1 weight 10 mask src-ip6 /128 src-ip 0xffffffff
queue 2 config pipe 1 weight 20 mask src-ip6 /128 src-ip 0xffffffff
 

pipe 2 config  bw 1024Kb
queue 3 config pipe 2 weight 30 mask dst-ip6 /128 dst-ip 0xffffffff
queue 4 config pipe 2 weight 40 mask dst-ip6 /128 dst-ip 0xffffffff

using the setup above i get this when running ipfw sched show

[2.4.3-RELEASE][root@pfTest.localdomain]/root: ipfw sched show
00001:   5.000 Mbit/s    0 ms burst 0 
q00001  50 sl. 0 flows (256 buckets) sched 1 weight 10 lmax 0 pri 0 droptail
    mask:  0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
 sched 1 type FQ_CODEL flags 0x0 0 buckets 0 active
 FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN
   Children flowsets: 2 1 
00002:   1.024 Mbit/s    0 ms burst 0 
q00002  50 sl. 0 flows (256 buckets) sched 1 weight 20 lmax 0 pri 0 droptail
    mask:  0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
 sched 2 type FQ_CODEL flags 0x0 0 buckets 0 active
 FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ECN
   Children flowsets: 4 3

If you pay close attention you can see that the queues 1 and 2 from pipe 1 are assigned to sched 1 and 2... look for the weight value and youll see better.

im using this command:

ipfw sched 1 config pipe 1 type fq_codel && ipfw sched 2 config pipe 2 type fq_codel

hope you guys can help me!

cplmayo · Jun 4, 2018, 9:07 PM

@matt_ said in Playing with fq_codel in 2.4:

https://github.com/pfsense/pfsense/pull/3941

PR was accepted and needs to be tested now.

Could I download this to my box for testing, or to a test VM? I am super excited to have a less hacky way to implement fq_codel.

w0w · Jun 5, 2018, 3:45 AM

@cplmayo
Yes, you can. What is your pfSense version?

cplmayo · Jun 5, 2018, 1:33 PM

@w0w I am on the latest release

w0w · Jun 5, 2018, 2:43 PM

@cplmayo
Install System_Patches package, go to System->Patches, Press Add New Patch button and copy-paste URL https://github.com/pfsense/pfsense/compare/RELENG_2_4_3...mattund:RELENG_2_4_3.diff into URL/Commit ID field.
Also, write something into description field, press SAVE button. After that you will see you newly created patch in the list and Fetch button on the right, press it, then press appeared Test button, you should see

Patch can be applied cleanly (detail)
Patch can NOT be reverted cleanly (detail)

If you see that, then you can press Apply button and enjoy your new Limiters

SlowGrind · Jun 14, 2018, 9:22 AM

So after applying the patch do you just fill in the settings under limiters?

login-to-view

New here to traffic shaping so just looking for an easy way to decrease latency. Thanks.

w0w · Jun 14, 2018, 9:22 AM

@slowgrind
Generally yes, but I prefer to share bandwidth between all users evenly.
Unfortunately looks like foxale08 guide is broken, it was here but now it's completely gone :(
I'll provide some guide later, if you want it.

SlowGrind · Jun 14, 2018, 11:00 AM

@w0w

Thank you and I just have a simple network setup. 1 wan and 1 lan with 1000 Mbps download and 50 Mbps upload.

mattund · Jun 14, 2018, 6:15 PM

I'm testing my patch, and I am seeing some unexpected behavior (maybe intentional).

pipe 2 config  bw 122800Kb queue 100 buckets 256 droptail
sched 2 config pipe 2 type fq_codel target 35ms interval 35ms quantum 1514 limit 10240 flows 1024 noecn
queue 1 config pipe 2 queue 100 droptail

pipe 1 config  bw 12000Kb queue 100 droptail
sched 1 config pipe 1 type fq_codel target 5ms interval 10ms quantum 1514 limit 10240 flows 1024 noecn
queue 2 config pipe 1 queue 100 droptail

Using the above generated ruleset, if I start a speedtest, and have an ICMP ping up at the same time, upon reaching the ceiling of ~120Mbps, pings drop completely. Not bufferbloat, but full drops. Now, of course that would happen, the limiter is supposed to limit the bandwidth. However, is there a way around this? I figured burst might help, but it doesn't appear to -- FQ_CoDel assumes the new burst value as part of the total bandwidth share and doesn't kick in.

It's almost as though FQ_CoDel isn't active, and the limiter is putting itself into the drop state before CoDel can say, "hey, this teeny tiny little ICMP packet isn't part of a busy flow, so let's let that through". Unless I am mistaken on something.

What I want:

Small flow traffic to not get dropped (think my little ping)
Busy flow traffic to be shaped (dropped) appropriately
Not allow the limiter pipe drop packets before FQ_CoDel has a chance to process them (?)

I was under the impression FQ_CoDel was designed around those objectives. Am I doing this right?

cplmayo · Jun 14, 2018, 6:17 PM

@mattund said in Playing with fq_codel in 2.4:

I'm testing my patch, and I am seeing some unexpected behavior (maybe intentional).
pipe 2 config  bw 122800Kb queue 100 buckets 256 droptail
sched 2 config pipe 2 type fq_codel target 35ms interval 35ms quantum 1514 limit 10240 flows 1024 noecn
queue 1 config pipe 2 queue 100 droptail

pipe 1 config  bw 12000Kb queue 100 droptail
sched 1 config pipe 1 type fq_codel target 5ms interval 10ms quantum 1514 limit 10240 flows 1024 noecn
queue 2 config pipe 1 queue 100 droptail
Using the above generated ruleset, if I start a speedtest, and have an ICMP ping up at the same time, upon reaching the ceiling of ~120Mbps, pings drop completely. Not bufferbloat, but full drops. Now, of course that would happen, the limiter is supposed to limit the bandwidth. However, is there a way around this? I figured burst might help, but it doesn't appear to -- FQ_CoDel assumes the new burst value as part of the total bandwidth share and doesn't kick in.

It's almost as though FQ_CoDel isn't active, and the limiter is putting itself into the drop state before CoDel can say, "hey, this teeny tiny little ICMP packet isn't part of a busy flow, so let's let that through". Unless I am mistaken on something.

Am I doing this right?

I applied your patch to my install and so far it is working as intended. I haven't noticed any huge difference between it and manual approach I have been using for months.

I did noticed that when I tried setting weights for different queues and if I set the scheduler in the queues no traffic would pass. I went back and reread your instructions on GitHub and once I removed the weights and scheduler options from the queue it works.

I am still doing some testing to see results in dslreports but so far your interface is simple and just seems to work.

Great job!

mattund · Jun 14, 2018, 6:50 PM

@slowgrind said in Playing with fq_codel in 2.4:

So after applying the patch do you just fill in the settings under limiters?

Here's what I'm doing. This might be a little more than what you need, but I figure I would share my configuration in case others have a crazy Multi-WAN multi-LAN setup like I do. I've constructed a series of limiters, one for download and one for upload, each with its own associated queue (you can make the queue with the "+ Add new Queue" button on the bottom of a Limiter's settings page) :
login-to-view

(I have more for my second ISP following that naming scheme: lINTERFACEDownload/lINTERFACEUpload and qINTRERFACEDownload/qINTERFACEUpload children)

I'm assigning FQ_CoDel to the scheduler on the parent limiter and leaving everything else alone. You can either edit the parameters, or leave them at default if you have a typical connection (FQ_CoDel is supposed to be "knobless" after all).

According to the following diagram, this is how the traffic will flow inside dummynet:

			    (flow_mask|sched_mask)  sched_mask
		    +---------+	  weight Wx  +-------------+
		    |	      |->-[flow]-->--|		   |-+
	       -->--| QUEUE x |	  ...	     |		   | |
		    |	      |->-[flow]-->--| SCHEDuler N | |
		    +---------+		     |		   | |
			...		     |		   +--[LINK N]-->--
		    +---------+	  weight Wy  |		   | +--[LINK N]-->--
		    |	      |->-[flow]-->--|		   | |
	       -->--| QUEUE y |	  ...	     |		   | |
		    |	      |->-[flow]-->--|		   | |
		    +---------+		     +-------------+ |
					       +-------------+

via: https://www.freebsd.org/cgi/man.cgi?query=ipfw&manpath=FreeBSD+9-current&format=html

Dissection: firewall traffic is assigned to a queue, which then generates flows defined by the mask, which pipe into the scheduler (set to FQ_CoDel), which then outputs to the pipe/link at the specified max bitrate.

To assign your traffic to queues, you could do something like I did, which is to use floating rules. I have two WANs, and I need independent shaping and all that, so if you're on a single WAN it may be different for you/you may have better options.

login-to-view

How I set the rules up:

Interface: WAN A or B interface
Direction: out
Address Family: IPv4 or IPv6; I had to do two rules, one for each IP version
Gateway: Select the applicable IPv4 or IPv6 gateway consistent with how traffic should be routed on that IP stack
In / Out pipe: qCHARTERUpload / qCHARTERDownload

I have some filtering rules in play here as you can see in my screenshot, but that's only since I'm testing some issues I mentioned previously. It's up to you if you want to match certain protocols/ports, etc.

mattund · Jun 14, 2018, 7:12 PM

@mattund said in Playing with fq_codel in 2.4:

I'm testing my patch, and I am seeing some unexpected behavior (maybe intentional).

This stopped happening as soon as I enabled masks on the offending download queue correlating to the one ICMP traffic was being dropped on. Not sure why.