fq_codel for a Dual WAN
-
@trumee if you do not care about which WAN your LAN is utilizing were back to Gateway groups. How to setup shaping on individual lines in a gateway group i am not sure if it is as simple as setting Gateway in your floating rules to your Gateway group, remember to remove tagging if you try it out. For your speed problem can you try and set "Queue Management Algorithm" to CoDel and "Scheduler" to fq-CoDel in your limiters and keep tail-drop in your queues.
-
@bobbenheim said in fq_codel for a Dual WAN:
How to setup shaping on individual lines in a gateway group i am not sure if it is as simple as setting Gateway in your floating rules to your Gateway group
I dont think i can use this since WAN1 and WAN2 have different link speeds.
@bobbenheim said in fq_codel for a Dual WAN:
For your speed problem can you try and set "Queue Management Algorithm" to CoDel and "Scheduler" to fq-CoDel in your limiters and keep tail-drop in your queues.
I changed to these setting for my PPPOE based WAN2. It made no difference.
/tmp/rules.limiter
pipe 3 config bw 90Mb codel target 5ms interval 100ms ecn sched 3 config pipe 3 type fq_codel target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ecn queue 3 config pipe 3 codel target 5ms interval 100ms noecn pipe 4 config bw 90Mb codel target 5ms interval 100ms ecn sched 4 config pipe 4 type fq_codel target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 ecn queue 4 config pipe 4 codel target 5ms interval 100ms noecn
I suspect limiter doesnt work on PPPOE based WANs?
-
@trumee you should be able to choose the interface for WAN1 and WAN2 within your floating rule however if that still apply if you create a gateway group i am unsure of.
I don't think that PPPoE should be a problem at those speeds, can you try setting the limit at 200 Mbit for the upload. What hardware are you using and which version of Pfsense? -
@bobbenheim I am using Supermicro C2758 motherboard with newly released pfSense 2.4.5
With 200mbps, I am now getting the full line speed as shown by speedtest.net (DSL reports shows a decrease in speed though). I dont understand why i need to specify a higher upload speed in Codel though? Also, is Codel actually working now with this artificial upload speed?
On WAN2
Without Codel
With Codel
file:///tmp/with_codel.pngMaybe i dont need Codel on WAN2.
-
@trumee since you are seeing the same problem with tail drop it is highly unlikely to be a CoDel problem. If you go to Diagnostics/Limiter Info you can see if traffic is going to the queues when you run a speedtest. Can you try a speedtest with the limiter set to 150 Mbps. Have you done any tweaking on Pfsense?
-
I'm experiencing the same problem. Two locations. One is SG-3100, fiber as WAN1, cable as WAN2. Second location SG-1100, cable as WAN1, DSL as WAN2. WAN1 is never affected, it does work as expected. No matter what I do WAN2 speed is affected as soon as I enable limiter/rule. I was not able to find any reason why and no workaround. Both systems are production systems, but now being at home more I will try to replicate that with my Intel Atom platform and see if I can find out why.
-
For sure something is wrong. Not using any gateway groups, I removed that, just simple policy based routing. If both WANs are up one of the WANS will not work properly. If one is down the other one is OK in that case. I tried to reorder rules, no changes. I switched limiters between WAN1 and WAN2 with no changes. If I bring WAN1 down then WAN2 works fine. It looks like a bug and very easy to replicate.
-
@crotechnologies just out of curiosity are any of your WAN's PPPoE?
-
No. I don't think that cable is, fiber is DIA from ATT, and DSL (UVerse) is IPoE. All interfaces are configured with either static IP or DHCP. I might do iperf test today with local server if I have time.
-
@crotechnologies how does your rules look like?
-
I tried so many different combinations and nothing worked. I just disabled rules for WAN2. I give up. I tried iperf on WAN2 and that works just fine. As soon as WAN2 is internet connection it doesn't work. Maybe I'll try if I have a chance to go to one of the sites and try to switch WAN1 and WAN2. I'll make cable WAN1 and DIA Fiber WAN2.
-
@crotechnologies it is impossible for anyone to help if you don't provide any details of what you have done. How does your Rules > LAN and NAT > Outbound looks like when it works and don't?
-
I have a similar problem. I have 1 500/100 Mbit/s Fiber thru vlan connection and a floating rule for limiters with interface wan and wan gateway, match, out.. I'm using this wan gateway in every out connection rule except one where I use a vpn gateway. As soon as I connect the VPN, my WAN only does 50 ish mbit/s upload. If I disable the floating rule, it returns to normal. If I disable the VPN, with floating ruleon, it returns to normal.
2.4.4-RELEASE-p3 (amd64)
built on Wed May 15 18:53:44 EDT 2019
FreeBSD 11.2-RELEASE-p10Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
4 CPUs: 1 package(s) x 4 core(s)EDIT: Forgot to say that I solved my problem adding the queues in the rules and not using the floating rule.