• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

problems with flexible limiters set using floating rules

Scheduled Pinned Locked Moved Traffic Shaping
29 Posts 5 Posters 3.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    AdamL @Derelict
    last edited by Sep 28, 2019, 7:55 AM

    @Derelict I will definitely test this out. Thanks!

    1 Reply Last reply Reply Quote 0
    • E
      eriknuds
      last edited by Sep 28, 2019, 3:40 PM

      I now tested with PIE and FQ_PIE, and I tested with limits above what the line can normally do (it's a WISP conection - both are actually...) and it doesn't happen anymore. I have the same firewall rules. Yes I know to reverse the queues for in/out wan rules, and I have the same setup for the other wan rules which worked all the time and I haven't changed the rules now that they work with PIE/FQ_PIE...really weird because yesterday I tried other settings than PIE and codel and none worked...I also did a state reset between the tests, not just making new connections, but it didn't fix the issue yesterday.

      A 1 Reply Last reply Sep 28, 2019, 3:46 PM Reply Quote 0
      • A
        AdamL @eriknuds
        last edited by Sep 28, 2019, 3:46 PM

        @eriknuds And what about flexible limiter? Honestly Qos(queuing) is not so important to me. Flexible limiter is...

        1 Reply Last reply Reply Quote 0
        • E
          eriknuds
          last edited by Sep 28, 2019, 3:47 PM

          Yes, it's set up as flixible now with masks on the queues and not the limiter, and it seems to work fine...

          M 1 Reply Last reply Sep 30, 2019, 9:55 AM Reply Quote 0
          • M
            manu77 @eriknuds
            last edited by Sep 30, 2019, 9:55 AM

            @eriknuds
            Hello

            Very interessant . But I don't see exactly your configuration.
            Could you please send us screenshots for :
            1 -Rules in LAN ( list view) and marking options in Rules you chose -> I m curious to see how you say to PF to mark the packet properply with two different possible gateway
            2 - Rules in Floating ( list view) and options in Rule for matching traffic -> I'm also curious to know how you match packet with 'out' direction on this step
            3 - Options chosen at this step bellow

            4a7c96b7-826f-4787-a468-43951d64a030-image.png

            thanks a lot

            E 1 Reply Last reply Sep 30, 2019, 7:34 PM Reply Quote 0
            • E
              eriknuds @manu77
              last edited by eriknuds Sep 30, 2019, 7:36 PM Sep 30, 2019, 7:34 PM

              @manu77

              FW Rules:
              d439db35-9b1d-4963-a5fb-c3d2719161c4-image.png

              The gateway is the gateway group (Loadbalance) in all the rules. To test each wan connection separately I just select another Tier in the gateway group so only one gateway is used.

              I only have the 4 floating match rules related to Limiters/queues. None for the LAN interface.

              5984d182-e2bb-4718-ba9d-49f7c5c76666-image.png

              Not sure if I have done everything right, but it seems to isolate the traffic and not disturb other hosts even though I exhaust the line with speed checking...and the isolation is really all I need. AQM etc is not a requirement. My wan connections are pretty symmetric, though not very high bandwith, WISP connections. But I would really like triple isolation like in CAKE. It really sucks that OpenWRT have had CAKE functionality for so long and pfsense seem to be no closer to getting it.

              1 Reply Last reply Reply Quote 0
              • M
                manu77
                last edited by Oct 1, 2019, 8:09 AM

                @eriknuds
                Thanks to take time for showing us your conf. I will test it and tell you .
                I've a lab here with 6 firewalls to emulate multiwan. so we will see.

                E 1 Reply Last reply Oct 1, 2019, 2:18 PM Reply Quote 0
                • E
                  eriknuds @manu77
                  last edited by Oct 1, 2019, 2:18 PM

                  @manu77

                  Great stuff, let me know if you need more details:-)

                  Regards,
                  Erik Knudsen

                  1 Reply Last reply Reply Quote 0
                  • M
                    manu77
                    last edited by Oct 3, 2019, 11:53 AM

                    Hello All,

                    I confirm this configuration works and works well. Each time the gateway changes, the Pipe is well affected too with 10 secondes of floating bandwitdth ( no traffic )
                    Now I must go further to see how to add specific traffic in a specific queue and described from WAN ! because the floating rules for this test are set up as you post , I mean from * to *

                    nice day

                    1 Reply Last reply Reply Quote 0
                    • E
                      eriknuds
                      last edited by Oct 3, 2019, 2:36 PM

                      @manu77 ,

                      I have selected the appropriate wan interface in each rule (in-rule and out-rule for each wan interface) - in the WanIn/Out rules I have selected only the wan interface, and in the corresponding wan2 rules I have selected only the wan2 interface.

                      Good luck with any further testing:-)

                      1 Reply Last reply Reply Quote 0
                      • T tumbleweedcity referenced this topic on Feb 5, 2023, 3:52 PM
                      29 out of 29
                      • First post
                        29/29
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received