Traffic shaper changes [90% completed, please send money to complete bounty]

djmizt

ok i commented line 61 on that file and I can use the wizard now;

I'm trying to do multiple wan/multiple LAN and everytime the wizard finishes I only have the shaper on the WAN interface  ..my other interfaces (opt1,2,3) do not have any queues in them!

I tried manually adding queues on each interface and it's not doing it

I tried cloning the queues from WAN and no luck there either

Maybe I dont have the latest files?? Can Ermal pm me the lastest cvs file location again? Thanks.

SlickNetAaron

Hi all,

It looks like you guys have put some good time and effort into getting the traffic shaper what it needs to be.  Hopefully this bounty is of value to me and I can throw in $50-100 for it.

It sounds like this is possible to do, but I just wanted to verify.

I have 1 wan (probably 2 in the future) on pfSense. It's about a 12/2meg connection. 
LAN has a local router and also 2 access points.  I would like to split/share the bandwidth amongst these 3 devices attached to the LAN.  The trick here is that I need to have more than 2 layers of queues

wan > pf (10.0.0.1) > switch > AP1           > customer router1(10.5.x.1) (Linksys Tomato)
                                                            > customer router 2(10.5.x.1)

                                         > AP2          > customer router 3(10.6.x.1)
                                                               > etc(10.6.x.1)
                                         >local router  > Local PCs             

Sorry that diagram isn't working well. Basically - the AP1, AP2 and local router are attached to pfSense by a switch.  Then customer routers are static routed networks off of pf.

The caveat is that each AP is only capable of about 5-6mbps of total traffic.  I would like to  let customers share the full-speed of the bandwidth from the AP.  Also, there may be some customers that would get less than an even share (penalty box per customer?)

At the same time, we obviously need to prioritize VoIP, http, DNS and set everything else to a lower priority.

So, I believe what I need to do is:
1. Ident traffic type (flags in new shaper?)
2. Setup multiple queues within queues?
    a. WAN queues > b. queues for the individual APs (1 for the 10.5.xxx network and 1 for 10.6.xxx network) >
    c. within the queues for the individual APs: queues or rules for traffic types (http, dns, etc)?
    d. a way to limit individual customers (ie 10.5.3.x network gets limited to 512k but the rest of 10.5.xxxx gets to share the full bandwidth of the AP)

Does that make sense? Will the new shaper allow me to do this?  I think it's just multiple layers of queues?  I do have outbound traffic shaping on the customer routers so they can't saturate the AP.  Customer routers inbound shaping is limited to dropping packets -  I don't want to use that option on the customer routers.

Thanks for your input.  I would love if I can throw in some cash to the pot and get access to the new shaper if it will work for me.

Regards,
Aaron

eri--

Yeah it can do multiple level of queues and all of what you describe.

SlickNetAaron

Great! Thank you!  I just sent $75 to Chris.

@ermal:

Yeah it can do multiple level of queues and all of what you describe.

SlickNetAaron

So I guess I need to know how to access and install this.  I will get a PM?  This is an embedded install on ALIX.2C3

Regards,
Aaron

@SlickNetAaron:

Great! Thank you!  I just sent $75 to Chris.

eri--

@SlickNetAaron:

So I guess I need to know how to access and install this.  I will get a PM?  This is an embedded install on ALIX.2C3

Regards,
Aaron

@SlickNetAaron:

Great! Thank you!  I just sent $75 to Chris.

Yes, pretty soon.

NateDavis

If this is the place for tech support questions with the new shapper than great. Otherwise, please direct me where these should go.

I have been playing aorund with the new shapper and either I am really dense, and can't figure it out or I don't understand QoS Properly…  Who Knows...

Anyway, I am trying to prioritize VoIP traffic. This traffic runs over my OpenVPN connection setup in the pfSense. I am having a real problem getting the traffic to register in the voip queue (using the wizard and then modifying the floating tab in rules). Is there anything special I am suppoed to do? I thought about trying to prioritize the openvpn traffic, but couldn't get that to work either. Everything just goes to the default queue.

This is an Avaya ip office setup. I have traffic being tagged with difserv-  DSCP 46, DSCP Mask 63, and SIG DSCP as 0. I tried setting the diffserv in the floating rule to 46, but it still didn't put that traffic in the queue. Any help would be appreciated.

Thanks!
Nate

hoba

Shaping inside openvpn tunnels is not yet supported afaik, inside IPSEC should work though.

eri--

It is the default LAN rule that is botching it.
Just make it specific or create the rules for the in the LAN tab over the default one supplied by pfSense.
And please try disabling the antilockout rule.

With the new update things should be better(a matter of days since some issues have been fixed).

SlickNetAaron

Hi, I don't mean to be impatient.  Just wondering when I may get access to the new shaper.  I can wait for the new update if it is just a couple days.

Regards,
Aaron

@ermal:

With the new update things should be better(a matter of days since some issues have been fixed).

sullrich

Should be soon.

eri--

For all the bounty contributors.
In the same link as before will find the updated images with several problem fixed.

eri--

Get the one with the highest date on it. as -20080324 ;)

songus

Ill add 50 to the bounty, should i send them now? when will the image be available¿?

hoba

@songus:

Ill add 50 to the bounty, should i send them now? when will the image be available¿?

All bountysupporters get exclusive access to the testingimages and are welcome to testdrive and report back. All others will have to wait for now until there are official builds including the changes. Feel free to send the money in right now.

eri--

I explained it a page before:
http://forum.pfsense.org/index.php/topic,2718.180.html

the queue wizard is really a work in progress. the first part is difficult to understand and has text labels in code style. the second part, the one with traffic type prioritization, is an heritage of the old shaper wizard but has no reason to exist, 'cause is not applied anywhere and there's no interface to edit. It seems that now the assignment of traffic type to queues is done within each firewall rule.

Well you do not need any interface to choose since it applies to all interfaces.
Read my explanation of the Floating Tab.

As for the names i will make them more friendly.

BTW, since you are a user what part of the first part you didn't understand?

k3rmit

sorry, i just found your 1st explanation, that's why i deleted my post…

i'll try apply the rules as by your tutorial and in case get back to you with a good feedback.

to answer your question, if for example i click on the "single wan multi lan" wizard, i'm asked for the number of connections: in my understanding this should be the LAN and the DMZ, but in the next step i have WAN and OPT1 (DMZ) grouped in the "setup connections speed" section, like if we were talking about two WANs, while the DMZ has to be considered like a LAN section.
i'm puzzled here because given i'm configuring multiple lans, as by wizard name, i should be asked just for the wan bandwidth and then describing the lan part. this could be a limit of my understanding of the shaping mechanism within pf, but i have to admit that the wizard isn't a lot descriptive about what am i doing with the info i'm entering and the options i'm choosing.

i just want to avoid traffic shaping between the LAN and DMZ and meanwhile shape all traffic from all interfaces to WAN: from your tutorial i understand that i just need to assign floating rules to queues. i have a solid heritage of rules assigned to each interface, so i think it will take time to make it work correctly. is there any monitoring/debugging application for pf out there?

btw, thanks for the prompt answer.

eri--

Oh for the Multi Lan wizard i might have missed some labels changes.
Though it really asks you for the number of LAN's. As i can not guess what interfaces are considered LAN in your cases.
You see WAN in there since i need to know on which interface is the internet connection connected.

If you do not want to shape traffic between DMZ and LAN, on the traffic shaper config:
1- Click the lan root node on the tree. Set its interface bandwidth to the same as you Network card speed(i.e. 100Mb)
2- Delete the traffic shaper config on both LAN and DMZ
3- Create a queue called qInternet in both the LAN and DMZ interface and setup it with the download speed of your internet connection.
If you have choosen HFSC scheduler make its linkshare m1=m2=link download speed and d =something.
4- Create a DMZ queue on both the LAN and DMZ interface. Setup its bandwidth = Lan root speed - speed of qInternet queue
5- Under the qInternet queue replicate the queues that gets created by the wizard, so that the internet shaping for LAN and DMZ works ok.

Than create a rule that matches local traffic(traffic between LAN and DMZ) and sends it to the qDMZ queue so it does not have limitations from the shaper.

I am testing this setup and will make the changes for the Multi Lan wizard, at least, to produce the above automatically.

You will get it with the next update which fixes the other reported issues.

Just a stupid text illustration of the above is:
WAN
–-qACK
---qDefault
---qP2P
---qVoIP
---qOthersHigh
LAN
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ
DMZ
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ

On the floating rules tab make a rule:
1- pass
2- select LAN and DMZ interface
3- Direction any
4- from any  (though you might consider only the ports to the DMZ services)
5- to any (though you might consider only the ports to the DMZ services)
6- queue qDMZ

And done.

Another more advanced scheme might be:
WAN
---qACK
---qDefault
---qP2P
---qVoIP
---qOthersHigh
LAN
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ
----------qDMZACK
----------qDMZDefault
----------qDMZP2P
----------qDMZVoIP
----------qDMZOthersHigh
DMZ
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ
----------qDMZACK
----------qDMZDefault
----------qDMZP2P
----------qDMZVoIP
----------qDMZOthersHigh

And propper rules in place.

sullrich

LANs are easy to determine.  Walk the configuration and look for interfaces without a gateway attached to them.

SlickNetAaron

Hi Ermal,

Thanks for allowing access to the new shaper.  I see you are continuing to work on it.

I'm having a very hard time trying to figure out how to set this up.  I am unable to add queues to interfaces (I got it to succeed only once!) I'm totally not understanding how this shaper is laid out - it just does not seem intuitive.

My setup was explained here: http://forum.pfsense.org/index.php/topic,2718.195.html
If you can help me understand how to set this up, I would be grateful.  I would even be willing to write up a HowTo to try to explain the new shaper as well as help form the GUI with you.

Regards,
Aaron