The current state of knobless limiters
-
I read a post saying as of 2.4.4 Fq_Codel broke and AFAICT it still is. And that some have moved back to 2.4.3. Running 2.4.5 and need per-ip limiting. Up til now I've used Taildrop/Fq_Codel but I no longer see individual ip's reported in limiter info although it does report 256 buckets child queues. I read a post that currently only Codel/RR works to provide per-ip. Tried it and does limit properly, src/dst ips show in limiter info, however it occasionally syslog's a "kernel: config_aqm Unable to configure flowset, flowset busy!" Anyone have a good handle on the current state of which knobless limiters are fully functional, report properly, and share bandwidth evenly across all ip's in a subnet in ver 2.4.5p1? Any work happening on this in 2.5.0? Thanks.
-
@markn6262 If dynamic limiting wasn't working i can guarantee you that more would have been writing about it in the forums. I haven't been using limiters before 2.4.4 but no IP addresses have been shown in limiter info in either 2.4.4, 2.4.5 or 2.4.5-p1. To remove "Unable to configure flowset" from the logs set active queue management to tail drop in the limiter and the queue. Fq-codel is designed to minimize bufferbloat and is not an evenly share per IP algorithm, if you want to know more about fq-codel and how it works you can read this.
-
@bobbenheim I read that in 2018. Been using PfSense and Limiters for a decade now in a commercial capacity. I'm almost sure Fq_Codel use to do dynamic limiting. And yes, some limiters do show Ip addresses in limiter info, namely Codel/Taildrop or Codel/WFQ2+. I was trying to assess which QMA/Scheduler combo's currently do dynamic limiting without syslog spam. Just switched from the former to the latter. So far it appears the latter eliminates spam. I'm working from this post.
Perhaps I could run Fq_Codel at the headend router, for bufferbloat, in concert with a dynamic limiter at the distribution router for per-ip balancing. Just not big on running consecutive limiters not knowing how they interact. Could get tricky sizing the bandwidth values. Got some clients that consume 100mbps from a 1G pipe and others that struggle to squeek out 2mbps. So balancing is the most important. Buffer bloat is solved (latency low) by Codel alone but throughput is not ideal. With Fq_Codel any unused bandwidth gets distributed. With Codel the most a single connection can get is about 60mbps.
May have to settle with Codel/WFQ2+ alone.
-
@markn6262 First, fq-codel works just fine and it has nothing to do with dynamic limiters in pfsense and if you want to know how fq-codel works you can press the link i posted previously. The problem in that forum thread has been fixed long ago which is also mentioned at the bottom if you read all of it. Why you would want more firewalls to do fq-codel and dynamic limiters at the same time makes no sense as they are not implemented on the same interface. Are you having a problem with something? because that is not at all clear from your posts so far.
-
@bobbenheim I was quite clear in my first post asking "...which knobless limiters are fully functional, report properly, and share bandwidth evenly across all ip's in a subnet in ver 2.4.5p1?" One option is Codel/WFQ2+ as I suggested in my last post. There may be others but I haven't had time to test the other options.
-
@markn6262 May i ask for what use case do you need evenly shared bandwidth between IP's?
The solution you mentions with Codel/WFQ2+ doesn't care about the performance of individual applications, with that i mean every single IP is a queue/flow with that solution.
With fq-codel every connection established gets it's own queue/flow, depending on the limit of flows set in settings, which makes it able to prioritize latency sensitive traffic no matter what host it comes from and make sure that no host can starve the connection for bandwidth.
The point i am getting at is that trying to share bandwidth evenly between IP addresses doesn't guarantee optimal performance for low latency applications, fq-codel tries to, so when you are having several host trying to do large downloads they still get priority for other applications like VoIP, gaming or just streaming netflix if using fq-codel. The thing your going for was smart 15 years ago but only because there was nothing better.