4. Amazon AWS Backup Shaping to lower priority queue [Resolved]

Amazon AWS Backup Shaping to lower priority queue [Resolved]

  • D

    I have created an Alias specifying ALL of Amazon's IP ranges. I then created a floating rule specifying that alias and 443 as the destination. I selected qACK/qOtherLow to be the queues for this rule. All other 443 traffic should be qOtherHigh per a default wizard rule. As I'm performing my backup and I look at my Status>Queues page, I see qOtherHigh with utilization, but I don't see qOtherLow with utilization. I've confirmed that my floating rule exists at the top of the list, as I'm assuming order of operation matters. Also, when I view the rule, I show states are being matched to it. I'm confused as to why pfSense isn't queueing my backup traffic correctly. Is this possibly a bug? What other information can I provide for troubleshooting?

    0

  • For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

    0
  • D

    @KOM:

    For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

    Okay, so I read more about this and floating rules still do topdown processing, but it will choose the last rule that matches in the list unless Quick is selected. If Quick is enabled then it will stop processing that packet and go ahead and make the match.

    I have quick enabled on that rule and it's at the top of the list.

    0
  • N

    @davidmoore:

    @KOM:

    For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

    Okay, so I read more about this and floating rules still do topdown processing, but it will choose the last rule that matches in the list unless Quick is selected. If Quick is enabled then it will stop processing that packet and go ahead and make the match.

    I have quick enabled on that rule and it's at the top of the list.

    According to https://doc.pfsense.org/index.php/What_are_Floating_Rules (at the bottom of the page):

    "Rules using the Queue action do not work with quick checked."

    0
  • D

    @Nullity:

    @davidmoore:

    @KOM:

    For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

    Okay, so I read more about this and floating rules still do topdown processing, but it will choose the last rule that matches in the list unless Quick is selected. If Quick is enabled then it will stop processing that packet and go ahead and make the match.

    I have quick enabled on that rule and it's at the top of the list.

    According to https://doc.pfsense.org/index.php/What_are_Floating_Rules (at the bottom of the page):

    "Rules using the Queue action do not work with quick checked."

    Thanks. I think this issue is resolved.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy