Unable to get download limiter to work consistently – Resolved

  • My Internet connection is 15/150 but consistently tests at 16/178 using http://speedtest.shaw.ca.

    In PFSense 2.3.4-RELEASE-p1 I've created two Limiters, UploadLimiter and DloadLimiter. They've each been set to 15 Mbit/s and 150 M/bit, respectively.

    I used the instructions found at http://www.iamasuperuser.com/limit-download-upload-speed-using-pfsense/ but set the Firewall LAN rule "Default allow LAN to any rule" and it's "In / Out pipe" set appropriately (UploadLimiter and DloadLimiter) instead of creating a new standalone rule.

    When testing the speed the upload is being limited appropriately, but the download is maxing out at 91 M/bit and not at 150 M/bit as set.

    I've checked the Diagnostics/Limiter info:

    | Limiters: 00001: 150.000 Mbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail sched 65537 type FIFO flags 0x0 0 buckets 0 active 00002: 15.000 Mbit/s 0 ms burst 0 q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail sched 65538 type FIFO flags 0x0 0 buckets 0 active |

    I'm using a Zotac CI323 (Realtek NIC's) with the recompiled Realtek driver added to /boot/loader.conf that fixed the stability issues (https://forum.pfsense.org/index.php?topic=103841.msg684436#msg684436). I've verified that the recompiled kernel module fixes the random dropouts and makes the unit rock-stable thus far.

    If I set the limiter to 200M/bit, then it seems to keep the incoming data flow to 150M/bit. However, it seems to be accurate though until a setting of 80M/bit, then it starts to diverge, increasingly so as the limit is increased.

    I've tested various values for the upload and it is consistently working.

    There are no child queues for either limiter.

    Anyone have any ideas?

  • Does the limiter give an option of setting the queue size? You probably want it sizes to 5ms-10ms worth of traffic assuming the average packet size of ~600 bytes.

    150Mbit/s = 18.750Mbytes/s, times 5ms (0.005sec) = ~94,000 bytes per 5ms, giving ~155 600 byte packets.

    If your queue is too small, you will drop packets, but if your queue is too large, you will get buffer bloat, which is typically considered worse and loss.

    Queues are very important because not only is network traffic bursty in the logical sense, but it is very bursty in the implementation sense because few network stacks have packet-pacing to smooth out the transmission. For example, 100pps could be one packet every centi-second or 100 packets in one millisecond and a 999ms pause until the next burst.

  • In the steps you are following if I am reading correct he has in/out switched . Firewall rule > IN should be the upload and out should be the download

  • I fixed the issue. The number of slots in the bucket needed to be updated. I set it to 250 and it can handle the full stream at 180M/bit without issue.

    Thank you :)