Any updates on implementing fq_codel



  • Since we hit 2.4 beta, wanted to see if there was any plans for fq_codel.



  • +1

    I am waiting for this. Proper FQ_Codel would make pfSense so much better.



  • FQ-CoDel, PIE and FQ_PIE are all in FreeBSD 11.

    I would love to see them all supported.

    Any chance?



  • Everything I have seen posted is they are in development but nothing about any AQMs making it into 2.4. Their road map show it for future versions.

    Personally I am waiting for this. Currently I have an Edgerouter-X setup as a bridge between my cable modem and PfSense running their “Smart Queue” on the cable modem side.

    With I line IDS (Suricata) breaking Traffic Shapping Queues I could not come up with a good way to run Codel on my connection and still run my IDS how I wanted it to run.

    I would just love to see this become a higher priority as bufferbloat is still a problem that needs addressed and Codel seems to be the best option  for taming the problem.



  • What benefits of FQ-CoDel comparing with plain CODELQ shaper implemented on pfsense 2.3?
    Currently for eliminating bufferbloat problems I just limiting my bandwidth on both traffic shaper settings and limiters settings. If I don’t limit my bandwidth, then bufferbloat occurs on ISP side/router, not mine.
    Does using FQ-CoDel resolves this problem, you don’t need any limits of bandwidth?



  • FQ_Codel handles multiple connections much better than Limiters and our current implementation of Codel. For the last year at least I have have used Dynamic limiters to control clients and keep anyone from hogging all the bandwidth. I then used Codel in PfSense’s traffic shapper to handle queuing so that bufferbloat and latency both remained usable.

    The limiters in pfsense currently use a FIFO (First-in First-out) queue, If I remember correctly, so just the dynamic limiters is not going to handle queue delay and latency nearly as well as Codel.

    So setting codel as the queue on the traffic shapper ensures that my latency and bloat stays low regardless of how many connections are running.

    While this works it is kind of a cobbled together way of doing FQ_Codel.

    I have tried HFSC, CQB, and PRIQ with Codel as the scheduler but every single time as soon as my clients start hammering at the WAN connection latency spikes happen and bufferbloat can be seen.

    To test just fq_codel I took an Edgerouter X (https://www.ubnt.com/edgemax/edgerouter-x/) and setup a bridge between two ports. I then setup the smart queue on one of the ports. Their Smart Queue works very well and implements fq_codel, and is easy to setup. All you have to do is input your connection speed and it calculates the 95% and sets the queues accordingly.

    Since I did this I have turned off all limiters and shappers on my pfSense box and my connection has been rock solid with no issues. I have three streaming boxes streaming Netflix, Hulu, or youtube going at any given time on my network. I also have Torrents/Usenet going a lot and at no time does the connection feel sluggish.

    From what I have seen fq_codel works so well I just want to have it running in pfSense and eliminate the Edgerouter X. I do not like having it sitting between my cable modem and pfsense; I think it is silly and unreliable, but at this point the benefit to me makes it worth it.

    Sorry for the long post, I could be wrong on how I think Limiters and the Shapper work in PfSense but I based it off of my observations over the last three years of using it.



  • You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it’s HFSC with three queues where only two have codel enabled. Those are “p2p” and “everything else”. VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.



  • @w0w:

    You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it’s HFSC with three queues where only two have codel enabled. Those are “p2p” and “everything else”. VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

    This is kind of how I have ran my firewall for the last couple years. Recently In-Line filtering in Suricata has broken traffic shapping for me so I have not been able to use the setup that I prefer.

    I never had the greatest luck with HFSC but I know that in FreeBSD 11 CoDel, FQ-CoDel, PIE and FQ-PIE are supported in the Limiters/Dummynet. I think this will make the limiters much better in terms of Dynamic Limiting as instead of FiFo you could use CoDel, FQ-CoDel, PIE or FQ-PIE as the scheduler basically eliminating the need for ALTQ. Combine that with 2.4’s fix to limiters on WAN connections running NAT and you have the making for a very effective bandwidth manager.



  • Thought I’d just chime in with my own experience. I’ve been a pfsense user for about 6 months now, prior to that all my edge routing was done with Linux stack.

    I’ve got bufferbloat sort of controlled, using CoDeL with fair queuing in pfsense. But it’s nothing compared to fq_codel. Bufferbloat is reduced but I still get spikes of latency before it seems to clamp down. With fq_codel jitter is extremely low (single digit miilliseconds) even under saturation. It’s also much easier to setup since you can limit both ingress and egress on a single interface, and just have to fill in the bandwidth values.

    So, really hoping we see the AQM fq_codel in pfsense, it is the one major thing it’s missing for me - and I’ve been sorely tempted to go back to a linux distro because of it.



  • This sure would help in remote desktop scenarios but maybe my isps are so bad nothing will help but i wont know that till i can try it and dont want to go through caning to a firewall that has it already to try vs voting for it in pfsense

    here is a feature request for it
    https://redmine.pfsense.org/issues/6620

    codel and queuing changelog
    Version 0.2.1 (17 May 2016)
    –-------------------------

    • Fixed FQ-Codel/FQ-PIE over-limit checking
    • Fixed CoDel/FQ-Codel isqrt initial value that can cause wrong isqrt guessing
    • Fixed kernel panic when unloading dummynet module while there is a busy
        PIE AQM
    • Fixed kernel panic when reconfigure busy droptail pipe to use CoDel/PIE AQM
    • Fixed mismatch FQ-Codel/FQ-PIE quantum boundaries with the technical report

    Version 0.2 (18 April 2016)

    • Added PIE and FQ-PIE AQM
    • Fixed ECN implementation of CoDel and FQ-CoDel
    • Fixed FQ-Codel perturbation bits in hash calculation
    • Fixed compilation and loading error in i386 platform
    • Fixed double increment of Dummynet io_pkt_drop counter
    • Changed default FQ-CoDel ECN to enable
    • Changed CoDel/FQ-CoDel count variable size to 32-bit
    • Changed time resolution from millisecond to microsecond
    • Changed time unit for ipfw userland AQM parameters from millisecond
        to time with units i.e. s, ms and us
    • Code clean-up and little fixes

    Version 0.1 (26 February 2016)

    • First release of CoDel and FQ-CoDel  for FreeBSD’s ipfw/dummynet
        framework.


  • Dear all,

    is there any new status on this topic, please ?



  • https://forum.pfsense.org/index.php?topic=126637.0
    Using since this topic posted, so far — I see no problems using it, even if it not supported officially. Actually, I was thinking about creating bounty for implementing this feature as package, but not sure is it necessary, because Netgate “keep eyes on it” and may be they will implement this feature  ::)



  • Thank you for your reply !



  • @w0w:

    You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it’s HFSC with three queues where only two have codel enabled. Those are “p2p” and “everything else”. VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

    I know that there is an old topic, but i’m trying to do the same setup. Would you mind sharing screenshots with your setup?



  • @dimangelid:

    @w0w:

    You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it’s HFSC with three queues where only two have codel enabled. Those are “p2p” and “everything else”. VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

    I know that there is an old topic, but i’m trying to do the same setup. Would you mind sharing screenshots with your setup?

    I am not using this scheme anymore, I am using FQ_CODEL now https://forum.pfsense.org/index.php?topic=126637.0



  • @w0w:

    @dimangelid:

    @w0w:

    You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it’s HFSC with three queues where only two have codel enabled. Those are “p2p” and “everything else”. VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

    I know that there is an old topic, but i’m trying to do the same setup. Would you mind sharing screenshots with your setup?

    I am not using this scheme anymore, I am using FQ_CODEL now https://forum.pfsense.org/index.php?topic=126637.0

    Maybe by chance have you kept your old settings?



  • Let me see tomorrow. I’ll check some backups and let you know.



  • It was something like that, you must use floating rules with pass and quick apply option. WAN/LAN is using the same shaper parameters as I have symmetrical bandwidth.














  • @w0w:

    It was something like that, you must use floating rules with pass and quick apply option. WAN/LAN is using the same shaper parameters as I have symmetrical bandwidth.

    Thank you very much for your feedback! My main concern is how did you implement Also I have dynamic limiter that set to equalize bandwidth between IP addresses

    I have setup HFSC and it works good, but the bandwidth between devices when the traffic goes to the same queue, is not shared evenly.

    I have setup my floating rules with Action: Match and Quick Pass for assigning traffic to HFSC queues and it is assigned perfectly. I have also setup a firewall rule at LAN interface, for all traffic except the traffic in my local network, and i assign the traffic to In/Out pipes in order to share the bandwidth evenly between devices.

    When the LAN rule is active the bandwidth is shared evenly between devices, but the traffic shapping is not working as it should. I have setup my torrents queue to have maximum bandwidth 50kb/s when an HTTP/FTP download occurs at the same time. When i start a torrent download from one computer and an HTTP download from another, the bandwidth is shared evenly between the computers, instead of limiting the torrents to 50kb/s and letting HTTP to download at full speed.

    When i turn off the LAN rule, the torrents are almost instantly limited to 50kb/s. I have attached screenshots for the Pipe settings. Do you have a suggestion for combining correctly HFSC queues and Pipes, in order to share evenly bandwidth between devices and at the same time my HFSC queues do their job according to my setup?














  • I have used https://forum.pfsense.org/index.php?topic=63531.0 this guide for evenly sharing.

    Limiters is not the right thing you are looking for, you should do proper traffic sorting on shaper side, ex using HFSC and your torrent and http download must not share one queue, then you can set link share percents or bandwidth limits under service curve, for example setting 1% for torrent queue [qlow and qacklow in my sample setup] will limit this queue to 1% of overall bandwidth if any other queue wants full speed at the same time.



  • @w0w:

    I have used https://forum.pfsense.org/index.php?topic=63531.0 this guide for evenly sharing.

    Limiters is not the right thing you are looking for, you should do proper traffic sorting on shaper side, ex using HFSC and your torrent and http download must not share one queue, then you can set link share percents or bandwidth limits under service curve, for example setting 1% for torrent queue [qlow and qacklow in my sample setup] will limit this queue to 1% of overall bandwidth if any other queue wants full speed at the same time.

    Hello,

    If by using HFSC and your torrent and http download must not share one queue you mean to have queue qOthersHigh for http and qP2P for my torrents, then my setup is like that.

    In my qP2P queue i have set 50Kb at Linkshare, so to limit torrents to 50kb/sec when other queue with more bandwidth requests it.
    My traffic is assigned to queues with Floating Rules.

    Also at the queues i have not enabled any option like RED or ECN. I have enabled Codec at qOthersHigh and at qDefault (traffic that does not match any floating rule is assigned there).

    Let’s say i download some torrents from one computer and a file from HTTP at another computer:

    If i don’t enable the rule at LAN interface, which assigns the traffic to the Limiters (in order to share bandwidth evenly between devices), then the torrent is throttled almost perfectly.

    If i enable the LAN rule, then for some seconds the bandwidth is throttled down to the limit set at qP2P queue and for some other seconds is shared evenly between devices. So the qP2P limit is not being applied all the time.

    If i do not enable the LAN rule, i download 1 HTTP file from one computer and more than one HTTP files from another (both downloads belong to the same queue) then the bandwidth is not evenly shared between the two computers.

    So i’m looking for a setup that does the following:

    1. Correctly applying any speed limit set to a queue

    2. Evenly share the bandwidth between devices, for downloads that belong to the same queue



  • Since I don’t use this setup anymore I can not comment problems you are facing now. I just know that shaper working on pf side and limiter is working on ipfw side, since it’s two different firewalls there may be conflicts in their work.

    I suggest you to create new topic in https://forum.pfsense.org/index.php?board=26.0


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy