FQ_CoDel QOS breaks Traceroute
-
IS this normal behavior of FQ_CoDel?
The top output is with the floating rules enabled, the bottom output is with the floating rules disabled.
It's a standard FQ_CoDel config exactly like this video.
https://www.netgate.com/resources/videos/pfsense-244-short-topics.html -
Have you found a resolution for this yet?
I've been poking/searching around this morning without any luck.
I am seeing exactly the same results from an Arch Linux PC.
At least we know now it's not a Windows or Linux thing.
As a workaround, I am NOT shaping ICMP and use traceroute with -I for now.
You can see the difference below.$ traceroute 8.8.8.8 -n traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 192.168.11.254 0.343 ms 0.336 ms 0.387 ms 2 8.8.8.8 7.545 ms 7.590 ms 7.584 ms 3 8.8.8.8 9.962 ms 10.012 ms 10.091 ms 4 8.8.8.8 14.864 ms 15.023 ms 15.144 ms 5 8.8.8.8 14.443 ms 14.488 ms 14.434 ms 6 8.8.8.8 15.169 ms 15.613 ms 14.887 ms 7 8.8.8.8 14.668 ms 11.867 ms 12.128 ms 8 8.8.8.8 11.811 ms 10.859 ms 10.557 ms
$ sudo traceroute 8.8.8.8 -n -I traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 192.168.11.254 0.288 ms 0.284 ms 0.284 ms 2 10.178.192.1 6.773 ms 6.777 ms 6.776 ms 3 207.44.122.61 8.194 ms 8.197 ms 8.283 ms 4 207.44.112.97 10.741 ms 10.826 ms 14.479 ms 5 207.44.112.2 14.470 ms 14.474 ms 14.474 ms 6 108.170.248.97 14.806 ms 14.507 ms 14.504 ms 7 216.239.62.151 14.495 ms 11.860 ms 11.861 ms 8 8.8.8.8 11.740 ms 12.297 ms 12.298 ms
-
I guess if this is related with this issue https://redmine.pfsense.org/issues/9024 as it also drops ping traffic for ping under heavy load.
You can try workarounds described here https://forum.netgate.com/topic/141682/fq_codel-limiter-queues-causes-nearly-complete-ping-packet-loss-when-limiting/2 but I can't guarantee that it will work (but it works for me :) )
-
No fix for it, my research has concluded that it has to do with how the QOS is handled, and that there is no workaround other than to setup a firewall rule that makes ICMP bypass the QOS.
-
Thank you both for your responses, I guess it is what it is for now.
Heavy load/congestion definitely wasn't my problem, it still happens even when I am the only one on the network. -
@Digital-Storm said in FQ_CoDel QOS breaks Traceroute:
there is no workaround other than to setup a firewall rule that makes ICMP bypass the QOS.
Can you screenshot how you have this rule set up? Is it a floating rule to match ICMP at the very top with "quick" enabled?
-
In the floating rule I have protocol "tcp/udp" instead of protocol "any".
-
This post is deleted! -
What you are running into is this: https://docs.netgate.com/pfsense/en/latest/routing/troubleshooting-traceroute-output.html
Not specific to the use of FQ-CoDel but rather the use of policy routing in your egress floating rules. Use this guide and you should be good to go:
https://forum.netgate.com/post/807490