Traffic Shaping (CODEL/FQ_CODEL) kills all traffic, no internet access



  • As the title states, when I create the Limiter and Queues for WAN Download and WAN Upload, then create and apply the 2 floating rules (IPv4 and IPv6) on WAN interface, I lose all internet access. If I disable the FW rules, everything comes back.

    I'm a dangerous IT Sys Admin that has very little network training, so I may be my own worst enemy here. Please don't assume that my setup is correct, so please ask questions and I will do my best to oblige.

    Not that I am running it, but I understand that Suricata running in inline mode doesn't work with traffic shaping, is that potentially the case I have here with pfBLockerNG-devel?

    pfsense:
    2.5.0-DEVELOPMENT (amd64)
    built on Thu Sep 10 01:03:22 EDT 2020
    FreeBSD 12.2-PRERELEASE

    Hardware:
    Hyper-V VM, dual NIC
    4GB RAM
    3 CPU Cores
    Disk: plenty.

    Packages:
    HAProxy: 0.60_4
    pfBlockerNG-devel: 2.2.5_34
    Telegraf: 0.9_4

    Gigabit internet by xfinity (1Gb/41Mb)
    4 VLANS (LAN, Gaming, IOT, DMZ. More info on request.

    Limiters/Queues:
    Name: WAN-Download
    Bandwidth: 1024 Mbit/s
    Mask: None
    Queue Management Algorithm: CoDel
    Scheduler: FQ_CODEL
    Queue length: 10000
    ECN: checked

    • Name: WAN-Download-Q
    • Mask: None
    • Queue Management Algorithm: CoDel
    • ECN: checked

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    Name: WAN-Upload
    Bandwidth: 41 Mbit/s
    Mask: None
    Queue Management Algorithm: CoDel
    Scheduler: FQ_CODEL
    Queue length: 4000
    ECN: checked

    • Name: WAN-Upload-Q
    • Mask: None
    • Queue Management Algorithm: CoDel
    • ECN: checked

    Firewall Rules:
    Floating
    I've tried adding to the top or bottom to no avail.
    a46ccca0-550e-449b-a85d-5f1c1b25a4c2-image.png
    For both ipv4/6...
    Action: Pass
    Quick: checked
    Interface: WAN
    Direction: Out
    Address Family: IPv4 or IPv6 depending on rule
    Protocol: Any
    Source: Any
    Dest.: Any
    Gateway: WAN_DHCP or WAN_DHCP6 depending on rule
    In / Out pipe: WAN-Upload-Q / WAN-Download-Q


  • LAYER 8

    yes it's not working on 2.5.0
    https://redmine.pfsense.org/issues/9643



  • @kiokoman said in Traffic Shaping (CODEL/FQ_CODEL) kills all traffic, no internet access:

    yes it's not working on 2.5.0
    https://redmine.pfsense.org/issues/9643

    Thanks for info, I keep forgetting about the bug tracker. Watching that one now.


Log in to reply