Traffic shaper problems in 2.0



  • Hello guys

    I've two problems with the ttraffic shaper, but first of all, I will explain to you my setup:
    WAN = 50/5mbit cable connection
    LAN = 1GBit LAN

    I've created some traffic shaper rules (cbq) with the wizzard. I selected that P2P is the defaul queue for all traffic.
    I priorized some protocols, one is MS RDP (port 3389 TCP), ICMP is another protocol wich I've priorized.

    1. problem (one floating rule doesn't work):
    I've created a rule like this which is on the top of the floating rules:

    On the server with the IP 10.0.0.11 is a OpenVPN Client installed, which connect over UDP to a server in the internet. If the server which the client is conencted to, loads some files, it's not going into the specified queue (se001_UPlimit). The traffic will be assigned to the P2P queue, why?

    2. problem (priorizing not fast enough)
    As described I priorized ICMP and MS RDP.
    If a client is uploading a file at full speed (traffic is assigned to P2P queue which is OK) ping is OK (idle ping time is ~8ms, when the client is upping something it is ~15ms).
    Now when I create a rdp session from a external host all seems to be good (traffic is allocated to the "high" prio queue). But on sometimes it needs long to load some windows (if there are pictures or something like that). Is it possible to make the traffic shaper more "aggressive"?
    Under System –> Advanced --> Firewall / Nat --> Firewall Optimization Options I changed it to "aggressive", but that don't do anything I noticed.

    Thanks for your time and answers
    Best regards Mete



  • If you did not set quick match for the rule then it follows that the catchall to p2p, which is right at the bottom, will catch your ICMP/ RDP traffic.

    Try enabling quickmatch in the rule then test again.



  • @dreamslacker:

    If you did not set quick match for the rule then it follows that the catchall to p2p, which is right at the bottom, will catch your ICMP/ RDP traffic.

    Try enabling quickmatch in the rule then test again.

    Hi

    I've tried thy, but I had the same issues…



  • @mete:

    Hello guys

    I've two problems with the ttraffic shaper, but first of all, I will explain to you my setup:
    WAN = 50/5mbit cable connection
    LAN = 1GBit LAN

    I've created some traffic shaper rules (cbq) with the wizzard. I selected that P2P is the defaul queue for all traffic.
    I priorized some protocols, one is MS RDP (port 3389 TCP), ICMP is another protocol wich I've priorized.

    1. problem (one floating rule doesn't work):
    I've created a rule like this which is on the top of the floating rules:

    On the server with the IP 10.0.0.11 is a OpenVPN Client installed, which connect over UDP to a server in the internet. If the server which the client is conencted to, loads some files, it's not going into the specified queue (se001_UPlimit). The traffic will be assigned to the P2P queue, why?

    2. problem (priorizing not fast enough)
    As described I priorized ICMP and MS RDP.
    If a client is uploading a file at full speed (traffic is assigned to P2P queue which is OK) ping is OK (idle ping time is ~8ms, when the client is upping something it is ~15ms).
    Now when I create a rdp session from a external host all seems to be good (traffic is allocated to the "high" prio queue). But on sometimes it needs long to load some windows (if there are pictures or something like that). Is it possible to make the traffic shaper more "aggressive"?
    Under System –> Advanced --> Firewall / Nat --> Firewall Optimization Options I changed it to "aggressive", but that don't do anything I noticed.

    Thanks for your time and answers
    Best regards Mete

    I think both the problems came from the new shaper changes in Feb 2011 that shape only one half of traffic (packets from client to server). The opposite direction is ignored. The pass out rules do not work as expected any more. This was not a bug it's a feature by design so we couldn't do anything about it. Sorry.

    Maybe changing the direction of every floating tab rule from out to any and changing the action from pass to queue (or match) would help. This new feature is not stable and fully supported yet. But anyway…



  • dusan i got same problem,but any direction and queue selection is not resolution ,i tried all of these configurations but its works randomly,some times works sometimes not.

    interface selection on  floating rules great idea(specially shaping inside ipsec tunnel),but in my testings  it's not working stable .Waiting good news from ermal:)



  • @expert_az:

    dusan i got same problem,but any direction and queue selection is not resolution ,i tried all of these configurations but its works randomly,some times works sometimes not.

    interface selection on  floating rules great idea(specially shaping inside ipsec tunnel),but in my testings  it's not working stable .Waiting good news from ermal:)

    Same problem here.
    I used for my tests all variants of pass/queue/and any direction. Nothing helped :(
    In my case, all TCP connections are shaped correctly, I've only problems with UDP connections.
    I will try something today evening, and if it works, I will let you know.

    -Mete



  • I've now tested nearly anything…
    Isn't it possible to use the traffic shaper as in 1.2.3? It would be very nice... because I can't use the new traffic shaper, because it doesn't shape "all" traffic...

    Problem description (short):
    OpenVPN client is connecting from 10.0.0.11 to 123.123.123.123 through UDP protocol.
    If the OpenVPN client downloads something through the OpenVPN connection, the traffic (download) isn't in the right queue... It seems to me, like it is a UDP problem in the shaper..

    -Mete



  • Basically this is an already answered question. You can find more here: http://forum.pfsense.org/index.php/topic,34862.0.html



  • @dusan:

    Basically this is an already answered question. You can find more here: http://forum.pfsense.org/index.php/topic,34862.0.html

    Thank you Dusan.
    So there is no "good" way to shape the traffic in my case, do I understand that right?
    If yes, so I've to change the distro :(

    -Mete



  • No. I mean I tried all (really all) possibilities before finding out how to work with the queue any rule. It is not very stable but it works. I finally decided not to use it for an other reason (couldn't monitor it by pftop).


Log in to reply