Amazon AWS Backup Shaping to lower priority queue [Resolved]

davidmoore

I have created an Alias specifying ALL of Amazon's IP ranges. I then created a floating rule specifying that alias and 443 as the destination. I selected qACK/qOtherLow to be the queues for this rule. All other 443 traffic should be qOtherHigh per a default wizard rule. As I'm performing my backup and I look at my Status>Queues page, I see qOtherHigh with utilization, but I don't see qOtherLow with utilization. I've confirmed that my floating rule exists at the top of the list, as I'm assuming order of operation matters. Also, when I view the rule, I show states are being matched to it. I'm confused as to why pfSense isn't queueing my backup traffic correctly. Is this possibly a bug? What other information can I provide for troubleshooting?

KOM

For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

davidmoore

@KOM:

For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

Okay, so I read more about this and floating rules still do topdown processing, but it will choose the last rule that matches in the list unless Quick is selected. If Quick is enabled then it will stop processing that packet and go ahead and make the match.

I have quick enabled on that rule and it's at the top of the list.

Nullity

@davidmoore:

@KOM:

For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

Okay, so I read more about this and floating rules still do topdown processing, but it will choose the last rule that matches in the list unless Quick is selected. If Quick is enabled then it will stop processing that packet and go ahead and make the match.

I have quick enabled on that rule and it's at the top of the list.

According to https://doc.pfsense.org/index.php/What_are_Floating_Rules (at the bottom of the page):

"Rules using the Queue action do not work with quick checked."

davidmoore

@Nullity:

@davidmoore:

@KOM:

For floating rules last match wins (the Quick option is unchecked), so putting your rule at the top may be part of the problem.  Also, you need to clear states before the change takes effect.

Okay, so I read more about this and floating rules still do topdown processing, but it will choose the last rule that matches in the list unless Quick is selected. If Quick is enabled then it will stop processing that packet and go ahead and make the match.

I have quick enabled on that rule and it's at the top of the list.

According to https://doc.pfsense.org/index.php/What_are_Floating_Rules (at the bottom of the page):

"Rules using the Queue action do not work with quick checked."

Thanks. I think this issue is resolved.