Possible to shape NFS traffic?
-
Hoping someone might be able to help or at least comment on this situation.
I have a NAS at Site A that exports a NFS v4.1 share. An Ubuntu server at Site B mounts this via TCP (default port 2049) over a site to site Wireguard VPN. The bandwidth between these sites is roughly 300Mbps. Both sides run pfSense Plus 22.05 (Site A is a 6100 and Site B is a 7100).
Everything works "fine" but the problem is, the NFS traffic is pretty efficient at saturating the available bandwidth.
I have other VMs running services that I need to stay responsive, so I wanted to try to shape the NFS traffic, applying FQ_CODEL or maybe even something simpler like PRIQ to cap the NFS at around 250Mbps and leave some overhead for other traffic.
I spent around 2 days on and off monkeying around with various settings, but I just can't for the life of me get this traffic to match on the floating rules, or even on the LAN rules. When I look at the state table on the Site A router, I see established "incoming" states with dport 2049 hitting the NAS but I never see any outgoing state pointing back to the NFS client at site B. So there's nothing for me to match / limit.
Is this because there's no NAT happening since this is all just static routing via the VPN tunnel? I am hoping maybe I'm overlooking something simple here, there must be a way to do this right?
-
I created a small tool luckman212/stv to help make it a little easier to debug states. In case it's useful to anyone else.