Playing with fq_codel in 2.4
-
@w0w:
Yes it's need to be rebooted or reloaded with```
/etc/rc.reload_allAfter you did that run the following command``` ipfw sched show ```and you should see something like``` 00001: unlimited 0 ms burst 0 ```for the both pipes you have.
Yes, all relatively simple and you've been great at walking through the steps you put in place.
I'm getting this for both pipes.
00003: unlimited 0 ms burst 0
00004: unlimited 0 ms burst 0
Yet I can't get better than a B rating for bufferbloat, which is the same if I literally do nothing at all….
-
But what about VPN bandwidth? Are you still getting 120Mbps?
-
That part HAS improved, looks like it does get about 145-ish or so which is about right. It just does nothing for bufferbloat.
-
Can you post the full output of```
ipfw sched show -
I'd like to look at implementing this, but I was wondering
Anyone know the status of pfsync + limiters?
-
I'd like to look at implementing this, but I was wondering
Anyone know the status of pfsync + limiters?
What was the last status you know? :D
-
The last status I know is that the pfsense book says not to use pfsync and limiters together, but doesn't explain why
-
The last status I know is that the pfsense book says not to use pfsync and limiters together, but doesn't explain why
This is actual. https://redmine.pfsense.org/issues/4310 have 0% progress.
-
@w0w:
The last status I know is that the pfsense book says not to use pfsync and limiters together, but doesn't explain why
This is actual. https://redmine.pfsense.org/issues/4310 have 0% progress.
D=
-
Is there any chance fq_codel will make it into the 2.4 GUI in limiters?
-
Definitely not!
They are keeping eyes on it, but currently no plans, no moves, AFAIK. -
Darn. I'm thinking about switching back to pfSense but I really want fq_codel.
-
fq_codel, the ZFS of AQMs, or nearly. Cake aims to be the "ZFS", but close enough.
-
Is the command of "ipfw sched 1 config pipe 1 type fq_codel && ipfw sched 2 config pipe 2 type fq_codel" the same if I only have 2 root limiters? Both of them are root limiters one has a mask of source and the other has a mask of destination.
I would like to try this out but wondering if the command is different for just root limiters without "child" queues. Obviously I am highly dependent on the gui I am a bit confused with the ipfw command since it references both sched and pipe.
Thanks for any reply!
-
TS sample is for the root limiters also, if you have some troubles understanding, post the content of your /tmp/rules.limiter
-
here is the content of my /tmp/rules.limiter
pipe 1 config bw 100Mb mask dst-ip6 /128 dst-ip 0xffffffff
pipe 2 config bw 10Mb mask src-ip6 /128 src-ip 0xffffffff
I need help with the ipfw command to enable fq_codel on pipes 1 and 2 because i don't have any child queues.
thanks in advance
-
According to documentation posted in this thread you need to configure sheduler at least to make things work.
pipe 1 config bw 100Mb mask dst-ip6 /128 dst-ip 0xffffffff sched 1 config pipe 1 type fq_codel pipe 2 config bw 10Mb mask src-ip6 /128 src-ip 0xffffffff sched 2 config pipe 2 type fq_codel
EDIT:
Tested, it will not work. You need to configure child queues and use them in ruleset, exactly as described by TS. Default automatically created pipe queue always uses FIFO sheduler and I am not sure it is possible to change this.So after changes made in GUI also, you must edit and create your own rules.limiter that should look like this.
pipe 1 config bw 100Mb sched 1 config pipe 1 type fq_codel queue 1 config pipe 1 mask dst-ip6 /128 dst-ip 0xffffffff pipe 2 config bw 10Mb mask sched 2 config pipe 2 type fq_codel queue 2 config pipe 2 mask src-ip6 /128 src-ip 0xffffffff
So the right answer is no you can not shape with fq_codel using only root limiters.
-
Thats really too bad. We use PFsense primarily to "specify bandwidth limits per host." for a small ISP.
I really wish I could find a way to limit a subnet to say 100Mbs and then limit each ip host address in the subnet to 5 Mbs. And then have each IP address dynamically shaped if the overall link was approaching the 100Mbs total.
Is it possible to combine and use ALTQ and Dummynet at the same time? Has anyone tried that or have a config example?
I guess I could use limiters on 2 PFsense boxes. First one limiting each host to 5 Mbps using limiters with a destination/source mask. And the second limiting the entire subnet to 100Mbs using limiters without a mask and changing the type from WF2Q+ to FQ_Codel by issuing the command "ipfw pipe 1 config bw 100Mb type fq_codel"
I hope thats not too confusing. Anyone have a more eloquent way of trying this?
As always, thank you for any reply.
-
Yes it's possible, but you will have some overheads and losses, you can try it at least, I think. Just set your per host limits on ALTQ shaper side and do your evenly shared FQ_CODEL enabled limiters exactly as TS described for you entire subnet.
I am sure it is possible to build ipfw only shaper model that works like you want it to work, but it would be complicated not only with pfSense and can cause some errors on pfSense. -
Got this setup! Thank you so much! I have been waiting for a way to run FQ_Codel on my pfsense box for a while now. Granted it had to be hacked on but it worked!
Has anyone been running Suricata with 2.4 and fq_codel? Until I removed the suricata package my connection would keep dropping and I had lots of issues. So far so good.
I also had to enable Hardware checksum offloading and TCP Segmentation offloading. I may have to re-enable these at some point but at the moment everything is going well.
My last speed test.