Traffice Shaping / Limiters do not work on 22.05 after upgrade
-
Hi all,
I am not sure if my scenario also falls under
https://forum.netgate.com/topic/171158/qos-traffic-shaping-limiters-fq_codel-on-22-05
https://redmine.pfsense.org/issues/13026
as that cases describes that limiters do not work at all after the upgrade and it sounds specific to a certain scheduler.For my scenario:
- currently pfSense 22.5, before 22.1, which we upgraded directly to 22.5 via web gui update functionality
- before the upgrade limiters worked, after upgrade the limiters (without having them changed) only worked only for downloading, not for uploading any more. Upload only lets pass very little data (e.g. some kbit/s to max 1 Mbit/s), most of the time it fails completely. Also ping packets get lost.
- we have one limiter per one firewall rule per direction (in/out), they are all set to > 10 MBit/s up to 1000 MBit/s
- when I remove the limiters from the in / out settings of the firewall rule everything is running perfectly fine (up to 1Gbit/s up and down)
- I tried changing all kind of settings in the limiters to investigate if it's just my limiter configuration, but I had the same experiences with all combinations I've tested.
- we also use captive portal enabled on this pfsense ha cluster (consisting of 2 pfsense Firewalls with netgate Hardware (system info shows them as Super Micro 1537)
- we have setup about 20 interfaces (most are VLAN-interfaces)
- we have setup about 80 limiters for different bandwidth limitations that we have to change from one use case to another (we are a convention center and have lots of changing requirements)
I am happy to share any kind of additional information (logfiles, config settings, whatever is helpful) - just let me know what is required for deeper analysis.
Thanks a lot
Thomas -
I am seeing the same behavior as well. I just have a single simple limiter setup. It no longer matches traffic after upgrade to beta.
Netgate 6100
22.05-BETA (amd64)
built on Fri May 20 06:20:45 UTC 2022 -
You might post in https://forum.netgate.com/category/28/development and/or if you can replicate enter it in redmine.pfsense.org.
If you disable captive portal does it work? There were issues in 22.01 with that setup with limiters.
-
Hey Steve, Thanks for the reply. Not using the captive portal. The limiters are applied to a floating rule in the firewall.
-
B BNetworker referenced this topic on
-
B BNetworker referenced this topic on
-
@bnetworker Have you tested on the latest snapshot betas? The redmine issue claims it's fixed.
-
@luckman212 Hey! yes, I can confirm it has been working in 22.05.b.20220524.0600 +
Currently on 22.05.b.20220527.0600 and still working.
-
Hey,
After upgrading to 22.05, I'm also facing an issue where the limiters are only being applied to the download and not the upload.
I have the limiters applied on a LAN rule with a !RFC1918 destination. It was working fine before the upgrade.
Thanks
-
@a2theziz said in Traffice Shaping / Limiters do not work on 22.05 after upgrade:
After upgrading to 22.05, I'm also facing an issue where the limiters are only being applied to the download and not the upload.
I'm having/seeing this as well, beeing on 22.05, and not using captive portal.
In the FW-rule setting the limiters, i've also set a specific gateway pointing to a gatewaygroup containing two gateways. (to act as failover). I found out, when i restore this setting to "default", the upload limiter starts to work again.
Not sure if this should be posted in /development, i hope someone can replicate the issue and resolve it.
-
@bnetworker I've been struggling for days implementing a simple Tail Drop Traffic limiter on 2.6.0; if I enable the traffic limiter, it works for a few seconds, then traffic is blocked to the interface - or in some cases, at a very very low speed.
I'm not sure if this is related, but I followed all the tutorials online and it seems odd that even a simple traffic limiter with 2.6.0 won't function correctly?
-
Yeah, I'm using gateway groups as well.
What I ended up doing is use the "Tag" option in my LAN rule (under the Advance Options) to tag traffic leaving the interface , and apply the limiters as a floating rule by using the "Tagged" option with matching tags.
This worked quite well, but note I had to create a floating rule for each gateway in my gateway group.
-
Exact thing happen to me. Upload limiter only works on default gateway. Any solution or workaround yet?
-
@a2theziz Can you give us exact details on how to implement this workaround?
-
T tumbleweedcity referenced this topic on
-
Any solution to it yet? I upgraded to latest pfsense+ version but still the upload speed isn't limited if a gateway group is selected
Downgrading to 22.01 fixes the issue -
@ahmed20n8 keep on pfSense on 22.01 there is a "workaround" using floating but this doesn't work for me either.
redmine.pfsense.org/issues/14039 -
There is a working-around;
Tag the traffic in the rule(s) you normally apply the shaping to, and instead, do the shaping as seperate rules on the floating tab, based on the tags set.
That said; I agree, this should be resolved as the original bug is still there in latest firmware.
-
@level4 I tried doing it, but it didn't work
Would you mind sharing a screenshot of the rules -
@solarizde Yup that's what I am currently using on other devices, 22.01 works fine with limiters this issue is with the newer versions only, there are some improvements over newer releases which is why I had to upgrade
-
Sure;
Floating rule, direction "Out";
Valid for tag;
Having GW and limiter set; (not sure if GW is needed here actually. I dont think so)
--
On any interface rule, only set the tag.
And the gateway. (you need a limiter for each GW, if multiple need a limiter)
Works like a charm on 23.01
-
@level4 Thankyou, it worked
