FQ_CoDel QOS breaks Traceroute
Digital-Storm last edited by
IS this normal behavior of FQ_CoDel?
The top output is with the floating rules enabled, the bottom output is with the floating rules disabled.
It's a standard FQ_CoDel config exactly like this video.
Have you found a resolution for this yet?
I've been poking/searching around this morning without any luck.
I am seeing exactly the same results from an Arch Linux PC.
At least we know now it's not a Windows or Linux thing.
As a workaround, I am NOT shaping ICMP and use traceroute with -I for now.
You can see the difference below.
$ traceroute 188.8.131.52 -n traceroute to 184.108.40.206 (220.127.116.11), 30 hops max, 60 byte packets 1 192.168.11.254 0.343 ms 0.336 ms 0.387 ms 2 18.104.22.168 7.545 ms 7.590 ms 7.584 ms 3 22.214.171.124 9.962 ms 10.012 ms 10.091 ms 4 126.96.36.199 14.864 ms 15.023 ms 15.144 ms 5 188.8.131.52 14.443 ms 14.488 ms 14.434 ms 6 184.108.40.206 15.169 ms 15.613 ms 14.887 ms 7 220.127.116.11 14.668 ms 11.867 ms 12.128 ms 8 18.104.22.168 11.811 ms 10.859 ms 10.557 ms
$ sudo traceroute 22.214.171.124 -n -I traceroute to 126.96.36.199 (188.8.131.52), 30 hops max, 60 byte packets 1 192.168.11.254 0.288 ms 0.284 ms 0.284 ms 2 10.178.192.1 6.773 ms 6.777 ms 6.776 ms 3 184.108.40.206 8.194 ms 8.197 ms 8.283 ms 4 220.127.116.11 10.741 ms 10.826 ms 14.479 ms 5 18.104.22.168 14.470 ms 14.474 ms 14.474 ms 6 22.214.171.124 14.806 ms 14.507 ms 14.504 ms 7 126.96.36.199 14.495 ms 11.860 ms 11.861 ms 8 188.8.131.52 11.740 ms 12.297 ms 12.298 ms
tomashk last edited by
I guess if this is related with this issue https://redmine.pfsense.org/issues/9024 as it also drops ping traffic for ping under heavy load.
You can try workarounds described here https://forum.netgate.com/topic/141682/fq_codel-limiter-queues-causes-nearly-complete-ping-packet-loss-when-limiting/2 but I can't guarantee that it will work (but it works for me :) )
Digital-Storm last edited by
No fix for it, my research has concluded that it has to do with how the QOS is handled, and that there is no workaround other than to setup a firewall rule that makes ICMP bypass the QOS.
Thank you both for your responses, I guess it is what it is for now.
Heavy load/congestion definitely wasn't my problem, it still happens even when I am the only one on the network.
luckman212 last edited by
there is no workaround other than to setup a firewall rule that makes ICMP bypass the QOS.
Can you screenshot how you have this rule set up? Is it a floating rule to match ICMP at the very top with "quick" enabled?
In the floating rule I have protocol "tcp/udp" instead of protocol "any".
This post is deleted!
uptownVagrant last edited by
What you are running into is this: https://docs.netgate.com/pfsense/en/latest/routing/troubleshooting-traceroute-output.html
Not specific to the use of FQ-CoDel but rather the use of policy routing in your egress floating rules. Use this guide and you should be good to go: