How to get 100% bandwidth use with traffic shaping enabled?

nabsltd · Feb 19, 2009, 2:36 AM

I want a configuration such that packets can use 100% of the bandwidth as long as no higher priority packets arrive. How can I set this up?

The long backstory: recently, I realized I needed to replace my existing firewall because it cannot handle the load if my 30/30Mbps connection is running more than about 25Mbps total (inbound plus outbound).

So, I created a VMware simulator of about the same specs as a Soekris 5501 to see if that sort of system could handle the load. The good news after running some benchmarks is that it would definitely handle the load (and did a better job than the current version of m0n0wall), as seen in the total throughput numbers below:

m0n0wall, traffic shaper: off                                 132.16 Mbps
m0n0wall, traffic shaper: on, no rules                        132.32 Mbps
m0n0wall, traffic shaper: wizard 1000/1000Mbps, no options    115.04 Mbps
m0n0wall, traffic shaper: wizard 100/100Mbps, no options       56.00 Mbps

pfSense, traffic shaper: off                                  154.40 Mbps
pfSense, traffic shaper: wizard 1000/1000Mbps, VoIP priority  124.16 Mbps
pfSense, traffic shaper: wizard 100/100Mbps, VoIP priority     68.97 Mbps
pfSense, traffic shaper: wizard 30/30Mbps, VoIP priority       28.80 Mbps

The bad news is that merely enabling the traffic shaper causes a significant loss of throughput.

It's pretty easy to see that about 130-150Mbps total upstream plus downstream bandwidth is the limit of this hardware configuration. That's more than enough to handle the 40Mbps that I need.

I expected that the traffic shaper wouldn't slow anything down significantly unless there was higher-priority traffic. But, when using the wizard and only selecting "prioritize VoIP", there is a large slowdown, even though I had no VoIP (or any other) traffic during these tests.

Since the system can obviously pass packets at much higher speed than a 30/30Mbps connection, I don't understand why I'm only getting about 50% of max throughput during my tests.

The various docs on the BSD packet shaper don't really explain much of anything very well (they assume you already have a fairly good understanding of how it works), and fiddling with the queues doesn't seem to change anything, except trigger syntax errors as described here.

Any ideas on how to make traffic shaping work as it intuitively should?

nabsltd · Mar 2, 2009, 9:43 PM

So, basically, nobody else knows how to configure traffic shaping to all full use of all the physical bandwidth, either?

And, nobody else can explain why hardware that can pass 75/75Mbps can't manage to pass 30/30Mbps if you tell the traffic shaper wizard that the root bandwidth is 30/30Mbps?

Monoecus · Mar 2, 2009, 10:35 PM

Maybe ermal will have a word on that. He has created the new traffic shaper in version 2.

eri-- · Mar 4, 2009, 11:50 AM

You cannot tweak queues on the 1.2 shaper version to suit your needs.
As is said for the 100th time on this forum you have to use 2.0 if you need the shaper.

And NO i am not going to give instrunctions on how to tweak the shaper on either versions, search the forums i have said more than enough already.

nabsltd · Mar 4, 2009, 6:53 PM

@ermal:

You cannot tweak queues on the 1.2 shaper version to suit your needs.
As is said for the 100th time on this forum you have to use 2.0 if you need the shaper.

And NO i am not going to give instrunctions on how to tweak the shaper on either versions, search the forums i have said more than enough already.

I guess I just misunderstand the concept of a traffic shaper, which I thought was to generally not limit the bandwidth unless that is done explicitly by a rule. It just doesn't make any sense to me that the wizard creates default rules that causes the maximum bandwidth of the link to be limited to 50% of the number entered into the wizard.

There seem to a few people who have no problem using the traffic shaper on 1.2, but none of them seem to be using high-speed symmetric connections. But, if what you say is true, basically the whole traffic shaper interface in 1.2 was just a "preview", and doesn't really work. And, since it's not recommended to use 2.0 in a production environment, it's impossible (by your statement) to use the traffic shaper at all. So, why is there a user-interface for it in the 1.2 line?

Also, I have searched the forum, and there are no instructions anywhere that say something like "if you have 20/20Mbps line you have to lie to the traffic shaper wizard and tell it you have a 50/50Mbps line so that it will actually make all 20Mbps available". As a matter of fact, there is really no documentation whatsoever on the traffic shaper…unless you count high-level overviews like the Traffic Shaping Guide on the wiki. A simple "enter the following values in the wizard to get good defaults" would be nice, but like many open source projects, the pfSense developers appear to have the attitude of "a smart person will know how to use this with no documentation".

eri-- · Mar 4, 2009, 7:57 PM

Well the answer i gave you is concerning how to configure the shaper to an optimal performance.
Regarding why the traffic shaper limits your connection even in case there are no explicit rules is regarding to the way it works. It will limit the traffic to the speeds you enter that is how ALTQ works.
But you cannot tweak it behave correctly with the interface present in 1.2.
By correctly i mean for such high symmetrical traffic you need to tweak some aspects that are not exposed to the GUI in 1.2; other than that the 1.2 shaper work as expected.

billm · Mar 6, 2009, 2:48 AM

@nabsltd:

So, basically, nobody else knows how to configure traffic shaping to all full use of all the physical bandwidth, either?

And, nobody else can explain why hardware that can pass 75/75Mbps can't manage to pass 30/30Mbps if you tell the traffic shaper wizard that the root bandwidth is 30/30Mbps?

ALTQ is very CPU intensive. Can you tell me why a box that can route at >1gbit can only pass 300mbit with ALTQ enabled and NO rules (everything falls into default queue)? One hint - ALTQ inspects and timeslice queues EVERY packet going through the box. It takes CPU…if you can only pass 75Mbit, you don't have any CPU. Get a bigger box.

--Bill

eri-- · Mar 6, 2009, 8:56 PM

Or it is dropping cause the queues are too short.
Without proper analysis nobody can give a propper answer.

You cannot really say that a box routes 1Gbit traffic is overloaded by ALTQ, i would just say that there is no complete information to say anything. Beaware that HZ might need to be tweaked too to handle the load.

billm · Mar 7, 2009, 1:37 AM

@ermal:

Or it is dropping cause the queues are too short.
Without proper analysis nobody can give a propper answer.

You cannot really say that a box routes 1Gbit traffic is overloaded by ALTQ, i would just say that there is no complete information to say anything. Beaware that HZ might need to be tweaked too to handle the load.

cough Yes I can.

–Bill