Traffic Shaper seems to be broken

podilarius

I noticed that after the latest update, my traffic was going into the wrong queues. In the past, I just removed the shaper and re-run the wizard. Now when I re-run the wizard, it only populates the WAN section and not the LAN with queues. I am running:

Current version: 2.0-BETA5
      Built On: Mon Jan 10 22:34:12 EST 2011

I didn't see any commits since that time dealing with the shaper.
Can anyone else verify this behavior?
I don't see any errors in the logs.

eri--

Its normal. The wizards have been changed to do that.

podilarius

Thank you for letting me know.
So inbound and outbound go through the same queues or is there something that expands out from the config?

Edit:
Also, I have an asymmetric DSL link and I don't see where it handles download prioritization or traffic control. I think if I use this … I will limit my DL speed to my slow side. Is this the case?

Liath.WW

It shouldn't limit the downloading, from the new wizard.  Only the uploading.  If you want to limit the download you'll have to create queues manually.  But, the shaping of incoming traffic has always been one of those things that many people argue that it doesn't make much sense to do, since you can't control the actual data that is being sent to your link by the rest of the internet – you can only really 'control' what goes out of your own network.

The biggest issue you may face is that the new traffic shaper doesn't seem to put traffic into the correct queues.  I've put rules that I know should be firing into both the lan and the floating rules sections, and it doesn't seem to be filtering all of the traffic into the correct queues.  I'm not sure what is wrong, but from what I've read here, experienced with 1.2.3, what I've read from several sources, and understand of the way traffic shaping works, the rules SHOULD be working fine.

So with the new shaper your success may be limited.  If you do manage to get it to behave properly, please feel free to enlighten us as to how you got it to behave though!

podilarius

I realize this is debated. The other side of the coin is that while you cannot control what shows up at the interface, you can control whether or not its dropped and asked to be resent. This should cause the sender to slow how fast it is sent. So there is some measure of control while not being a total control. It is curious thought that it would be removed from pfSense even if it only provided small level of control, but would give network admins a feeling of more control than nothing.

Does it have a large impact on performance or something?
Just looking for a reason it was changed to work like this?

eri--

Because it is more trouble to control inter-lan traffic rather than just shaping upload.

The old traffic shaper wizard impacted inter-lan traffic and made them 'slow' without proper configuration.
While the argument of stopping sender side you can just slow down the return ACK packet and that will do for it.

podilarius

@Liath.WW:

It shouldn't limit the downloading, from the new wizard.  Only the uploading.  If you want to limit the download you'll have to create queues manually.  But, the shaping of incoming traffic has always been one of those things that many people argue that it doesn't make much sense to do, since you can't control the actual data that is being sent to your link by the rest of the internet – you can only really 'control' what goes out of your own network.

The biggest issue you may face is that the new traffic shaper doesn't seem to put traffic into the correct queues.  I've put rules that I know should be firing into both the lan and the floating rules sections, and it doesn't seem to be filtering all of the traffic into the correct queues.  I'm not sure what is wrong, but from what I've read here, experienced with 1.2.3, what I've read from several sources, and understand of the way traffic shaping works, the rules SHOULD be working fine.

So with the new shaper your success may be limited.  If you do manage to get it to behave properly, please feel free to enlighten us as to how you got it to behave though!

As others have said in other topics in the forums, if you remove the shaper and then go into the config.xml and remove the shaper section, it seems to work just fine. I did manually re-add the LAN rules I like so much. Everything seems to be going into the correct queues.

pki

Can anyone post some "good" rules for shaping the WAN->LAN direction? (download)

I am using a multiWAN setup with two WAN's, oen is 4Mbit the second is 2Mbit download.

Thx

eri--

Go to firewall->traffic shaper

• Choose by queue view
• Click any of on the WAN interfaces
• For the LAN listed there click 'clone shaper/queue on this interface'
• Go to the  By interface view
• Click LAN interface
• Change the scheduler type to PRIQ
• Change the bandwidth to the interface speed (100Mbit/s ….)
• Click save
• Apply settings

pki

OK, i have added this as You described. The traffic is sorted correctly into the queues. But starting a simple download it brings the connection to the limit, RTT time to the gateway rise to above 500ms.

eri--

I am sorry but that is something related to your policy!

The 500ms you post here is relevant at what it means:

• Does it mean that ping says 500ms(Have you put ping on a priority queue?)
• Does it mean that your …...?(my crystal ball crashed here :) )

pki

Hmm… with "as You described" i mean this:

Go to firewall->traffic shaper

• Choose by queue view
• Click any of on the WAN interfaces
• For the LAN listed there click 'clone shaper/queue on this interface'
• Go to the  By interface view
• Click LAN interface
• Change the scheduler type to PRIQ
• Change the bandwidth to the interface speed (100Mbit/s ….)
• Click save
• Apply settings

Yes I have ICMP on the high priority queue.

loftyDan

@ermal:

Go to firewall->traffic shaper

• Choose by queue view
• Click any of on the WAN interfaces
• For the LAN listed there click 'clone shaper/queue on this interface'
• Go to the  By interface view
• Click LAN interface
• Change the scheduler type to PRIQ
• Change the bandwidth to the interface speed (100Mbit/s ….)
• Click save
• Apply settings

I've followed these directions, substituting my actual downlink speed (since I'm using single WAN, and no other local interfaces) and it has restored my downlink shaping as it was in earlier builds.

pki

Have you entered your download speed instead of the 100Mbit in the quote?

loftyDan

I did.  But with you having multi-wan, you'd have to combine the downlink speeds, and as far as I understand, that would do nothing to prioritize one link as it got utilized (ie 1 low priority download taking up all of the 4 mb link and a 2nd high priority session on that same link wouldn't take priority because it would appear you still have 2 mb of bandwidth left).

pki

So how to set-up the shaper it does not exceed the down-rate on each wan interface?

eri--

There are different ways.
One i limiters to enforce on each wan the limits provided by your ISP and shaper to prioritize the upload.

You can create a set of queues on LAN as:

• main link 100mbit
  –WAN1 x mbits/s
  ----1stprio queue
  ----2ndprio queue
  --WAN2 y mbit/s
  ----1stprio queue
  ----2ndprio queue

and on each link categorize the traffic.

pki

You can create a set of queues on LAN as:

• main link 100mbit
  –WAN1 x mbits/s
  ----1stprio queue
  ----2ndprio queue
  --WAN2 y mbit/s
  ----1stprio queue
  ----2ndprio queue

Do you mean this on limiter or in shaper?

I can't create the sub-queues on LAN with specified mbit/s :-/

eri--

Shaper and depending on your need change the shaper type to something else than PRIQ to enter bandwidth.

pki

OK, I have tried, I am not able to configure it.

I will give $20 for anyone who write a walkthrou how to configure the shaper to do download shaping on a one-LAN, two-WAN setup.