Limiting traffic for Backblaze



  • pfSense Release 2.3.4-Release-p1 / Netgate SG-2200

    So my parents have DSL with an abysmal uplink speed.  I'd like to de-prioritize BackBlaze traffic, but otherwise let Backblaze have at it or it never catches up.

    They publish a list of the subnets their servers are located on here, and I created an Alias with all of those subnets in it.

    I ran the Traffic Shaper Wizard and picked 1 WAN, 1 LAN - no VOIP or penalty box, upped priority on DNS and HTTP - a few other minor tweaks.

    Once the shaper completed, I took one of the existing floating rules for a low priority and cloned it, then changed the settings around to match the screen shots below.

    I've tried changing all sorts of things around (and yes, reset states with each rule change) and the rules never seem to pick up any traffic.

    I created a LAN rule with Pass and it catches some traffic, but not everything.  I'm running netted on the Mac that's uploading to Backblaze and all the IP's the Backblaze client are talking to fall within the subnets defined in the alias.

    Heck I made individual rules, one per subnet at one point trying to see if it was just an alias problem but that didn't make any difference either.  Ugh!  I could of sworn this worked at one point!

    I've searched for examples of traffic limiting to specific subnets and can't find anything - the only examples I can find are port based, like what the wizard kicks out.

    If anyone can tell me what I'm missing I'd really love it!

       



  • Well, I rebooted the firewall and the LAN PASS rule seems to have captured the traffic.  I see 4 states being affected by the rule (I have four threads for Backblaze at the moment, so their are four active connections) and the traffic counter on the rule seems to be incrementing properly.

    The Interface WAN/qOthersLow seems to also be showing all the traffic too so I guess the LAN rule is the way to go and forget the floating rules.



  • What is the upload bandwidth? More than 1Mb/s? May just be able to use CodelQ or FairQ+Codel.



  • @Harvy66:

    What is the upload bandwidth? More than 1Mb/s? May just be able to use CodelQ or FairQ+Codel.

    750 Kbs at the moment  :o

    They should be getting bonded DSL to double that - be still my heart.

    I fell back to CodelQ only right now to deal with the horrible buffer bloat, but I'd still like to shape the BackBlaze traffic too if I can.  I tried FairQ+Codel but the buffer bloat was horrible - the only thing that seemed to touch the buffer bloat was CodelQ only.

    Good grief the traffic shaper is a complex, convoluted mess!  If you have a FairQ+Codel example I'd love to see it.  I've lost count at the number of forum threads I've browsed the last couple of days.  What's really annoying is having to first figure out how old the thread is and if it's still applicable to the current release or not.

    It looks like fq_codel is finally coming to pfSense in the 2.4 beta, but if I have to resort to the command line I'll just swap out pfSense for an EdgeRouter.  Indeed, I'm rather miffed at myself I just didn't bring a spare one I had with me on this trip - I guess I hadn't really checked that thoroughly into the traffic shaping I thought pfSense was doing but turns out it wasn't.

    Anyway thanks again for the comment.  If I have time later today I'll see if I can find something around FairQ+Codel


  • LAYER 8 Netgate

    Codel only helps if the node running codel is the node doing the buffering/queueing.

    Your only recourse if the buffering/queueing/bloat is upstream is to send at a slower rate.

    Any of the queueing mechanisms can do that, with or without codel. Set a lower speed limit.



  • I would not use Codel for below 1Mb/s. You're on the fence, try it, but it may not be a good fit. I would just use FairQ. The default queue size is 50 packets, which is too much for your upload bandwidth. 50 1500 byte packets is nearly 1 second of bloat. A queue size of 8 would be about 120ms max latency before packets get dropped.

    I would recommend a separate ACK queue.


Log in to reply