Traffic Shaping wizard error



  • Hi all

    I have run through the Traffic shaper wizard and have chosen the Single Lan multi Wan option. (using HFSC)

    After going through the wizard, I am receiving the following error:

    There were error(s) loading the rules: bandwidth for qInternet higher than interface/tmp/rules.debug:41: errors in queue definition parent qInternet not found for qACK /tmp/rules.debug:42: errors in queue definition parent qInternet not found for qP2P /tmp/rules.debug:43: errors in queue definition parent qInternet not found for qVoIP /tmp/rules.debug:44: errors in queue definition parent qInternet not found for qOthersHigh /tmp/rules.debug:45: errors in queue definition parent qInternet not found for qOthersLow /tmp/rules.debug:46: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [41]: queue qInternet on le0 bandwidth 10380.9024Kb hfsc ( ecn , linkshare 10380.9024Kb , upperlimit 10380.9024Kb ) { qACK, qP2P, qVoIP, qOthersHigh, qOthersLow } …

    If I choose PRIQ for download scheduler, I do not get this error, but VOIP traffic from my PBX is not detected.

    Any ideas?

    Thanks in advance!



  • Which version of pfSense are you on?

    Seems like a problem fixed on latest sources of pfSense(2.0.1)!



  • Sorry about that, I have upgraded to :

    2.0.1-RELEASE (i386)
    built on Mon Dec 12 18:24:17 EST 2011
    FreeBSD 8.1-RELEASE-p6

    but still the same issue :(



  • Hmm seems i have fixed some errors after 2.0.1 release.

    Can you gitsync to latest RELENG_2_0 version or try to just replace this file https://raw.github.com/bsdperimeter/pfsense/master/usr/local/www/wizards/traffic_shaper_wizard.inc



  • Thanks, I will give it a go now.



  • I get this error on the top of the wizard screen:

    Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/globals.inc on line 44 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /etc/inc/globals.inc:44) in /usr/local/www/csrf/csrf-magic.php on line 320 Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/interfaces.inc on line 65 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/globals.inc:44) in /usr/local/www/guiconfig.inc on line 47 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/globals.inc:44) in /usr/local/www/guiconfig.inc on line 48 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/globals.inc:44) in /usr/local/www/guiconfig.inc on line 49 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/globals.inc:44) in /usr/local/www/guiconfig.inc on line 50 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/globals.inc:44) in /usr/local/www/guiconfig.inc on line 51

    and I get this after the p2p section:

    Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/globals.inc on line 44 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /etc/inc/globals.inc:44) in /usr/local/www/csrf/csrf-magic.php on line 320 Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/interfaces.inc on line 65 Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/interfaces.inc on line 65 Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/interfaces.inc on line 65 Warning: shell_exec(): Unable to execute '/sbin/ifconfig -l' in /etc/inc/interfaces.inc on line 65

    An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://192.168.0.254:8080/wizard.php). You can disable this check if needed in System -> Advanced -> Admin.



  • This bug has been around since the beta's. I found if you select your NIC speed under Lan -> Bandwidth the problem goes away. Since I have gigabit I just put in 1 Gb/s. Under qInternet is where you seem to put in your Internet speed. HTH.



  • I thought I would try this, but I only get the option to set the speed and duplex of the interface, none of the ones shown are the correct ones.



  • It's in the Traffic Shaping section.




  • Aha! so I should the speed and run the wizard again?



  • Well, I was kind of wrong, every time you run the wizard that setting will disappear. Where I was wrong is that you don't want to set the interface speed, but your actual internet speed there. Under "qInternet" set that 97% of your interface speed.

    Example:
    25Mb/s (LAN) - 97% = 24.25Mb/s (qInternet)

    EDIT: I wish I knew the magic behind how this thing does its math. If I change my LAN to anything other than 100Mbit/s or 1Gbit/s it throws an error now saying the child is higher than the parent.

     altq on  em1 hfsc bandwidth 26214.4Kb queue {  qACK,  qDefault,  qP2P,  qGames,  qOthersHigh,  qOthersLow  } 
     queue qACK on em1 bandwidth 20% hfsc (  ecn  , linkshare 20%  )  
     queue qDefault on em1 bandwidth 10% hfsc (  ecn  , default  )  
     queue qP2P on em1 bandwidth 5% hfsc (  ecn  , linkshare 5%  , upperlimit 5%  )  
     queue qGames on em1 bandwidth 20% hfsc (  ecn  , linkshare 20%  )  
     queue qOthersHigh on em1 bandwidth 10% hfsc (  ecn  , linkshare 10%  )  
     queue qOthersLow on em1 bandwidth 5% hfsc (  ecn  , linkshare 5%  )  
    
     altq on  em2 hfsc bandwidth 26214.4Kb queue {  qLink,  qInternet  } 
     queue qLink on em2 bandwidth 20% qlimit 500 hfsc (  ecn  , default  )  
     queue qInternet on em2 bandwidth 24606.72Kb hfsc (  ecn  , linkshare 224606.72Kb  , upperlimit 224606.72Kb  )  {  qACK,  qP2P,  qGames,  qOthersHigh,  qOthersLow  } 
     queue qACK on em2 bandwidth 20% hfsc (  ecn  , linkshare 20%  )  
     queue qP2P on em2 bandwidth 5% hfsc (  ecn  , linkshare 5%  , upperlimit 5%  )  
     queue qGames on em2 bandwidth 20% hfsc (  ecn  , linkshare 20%  )  
     queue qOthersHigh on em2 bandwidth 10% hfsc (  ecn  , linkshare 10%  )  
     queue qOthersLow on em2 bandwidth 5% hfsc (  ecn  , linkshare 5%  )  
    
    


  • hey…!?! I think i just realized this is a bug. Look at the linkshare and upperlimit numbers, they appear to add an extra "2" in front. Now it makes sense why the child is bigger than the parent.



  • I have the same problem and I'm running the AMD64 bit version. I need the traffic shaping for my VOIP phones. This thread seems to have ended without a resolution other than identifying the issue. Is there a way to fix it or is it a matter of waiting until it gets fixed by others?

    Whats odd is my test PC, an older AMD64 based system with old components in a box the size of a refrigerator works great. This is happening on the system I want to use in my production system based on an Intel atom with gigabit NICS.

    Can the wizard be run and then manually edited?



  • I am pretty sure I found my problem and am posting this here in case others have the same problem. I had the error when I was running in a test environment without a WAN connection. I plugged proper network connections in the system and deleted my traffic shaping rules, both under Traffic Shaping and Floating Rules. I re-ran the single-wan multilane wizard and everything is happy - including me.



  • Possible bugs can be submitted via redmine:

    http://redmine.pfsense.org/projects/pfsense/issues

    Can the wizard be run and then manually edited?

    Yes.



  • @charlien:

    I am pretty sure I found my problem and am posting this here in case others have the same problem. I had the error when I was running in a test environment without a WAN connection. I plugged proper network connections in the system and deleted my traffic shaping rules, both under Traffic Shaping and Floating Rules. I re-ran the single-wan multilane wizard and everything is happy - including me.

    Nope that wasn't my problem. When I reboot I get the same error. So, is this a known problem? Can I do anything to fix it?



  • To explain the bug that I see…

    queue qInternet on em2 bandwidth 24606.72Kb hfsc (  ecn  , linkshare 224606.72Kb  , upperlimit 224606.72Kb  )  {  qACK,  qP2P,  qGames,  qOthersHigh,  qOthersLow  }
    

    Notice on the linkshare and upperlimit numbers there is an extra "2" before the rest of the nubmers. This is why if I set 25 or 30 it still fails. I can set 225 and it will work, but that's still way above my bandwidth.

    I think I saw one post saying that its now old code and it has been updated, so you should update to the latest SVN release. But for me that's just not-possible. I wish i knew which line of code that came from I would take a look and see where its injecting that extra digit.



  • Whoo.. finally I figured it out.  Don't use the wizards, they are broken and create broken rules.

    Create your rules from scratch for both the floating rules, and for the queue's themselves. Follow this guide to help you understand how to create everything and what everything means. https://calomel.org/pf_hfsc.html

    Here are my queue's, don't forget to create the floating rules in the firewall.

    
    [2.0.1-RELEASE][]/root(1): grep -A2 -e '^ *queue' -e 'altq' /tmp/rules.debug
     altq on  em1 hfsc bandwidth 25Mb queue {  ack,  dns,  bulk,  web,  torrent,  games  } 
     queue ack on em1 bandwidth 30% qlimit 500 hfsc (  realtime 20% )  
     queue dns on em1 bandwidth 5% qlimit 500 hfsc (  realtime 5% )  
     queue bulk on em1 bandwidth 20% qlimit 1000 hfsc (  ecn  , default  ,  realtime 20% )  
     queue web on em1 bandwidth 5% qlimit 500 hfsc (  realtime (10%, 10000, 5%)  )  
     queue torrent on em1 bandwidth 1% qlimit 500 hfsc (  upperlimit 95%  )  
     queue games on em1 bandwidth 20% qlimit 750 hfsc (  realtime 20% )  
    
     altq on  em2 hfsc bandwidth 30Mb queue {  web,  bulk,  games,  torrent,  dns,  ack  } 
     queue web on em2 bandwidth 5% qlimit 500 hfsc (  realtime (10%, 10000, 5%)  )  
     queue bulk on em2 bandwidth 20% qlimit 1000 hfsc (  ecn  , default  ,  realtime 20% )  
     queue games on em2 bandwidth 20% qlimit 750 hfsc (  realtime 20% )  
     queue torrent on em2 bandwidth 1% qlimit 1500 hfsc (  upperlimit 95%  )  
     queue dns on em2 bandwidth 5% qlimit 500 hfsc (  realtime 5% )  
     queue ack on em2 bandwidth 30% qlimit 500 hfsc (  realtime 20% )  
    
     altq on  em0 hfsc bandwidth 30Mb queue {  bulk,  dns,  ack,  web  } 
     queue bulk on em0 bandwidth 20% qlimit 1000 hfsc (  ecn  , default  ,  realtime 20% )  
     queue dns on em0 bandwidth 5% qlimit 500 hfsc (  realtime 5% )  
     queue ack on em0 bandwidth 30% qlimit 500 hfsc (  realtime 20% )  
     queue web on em0 bandwidth 5% qlimit 500 hfsc (  realtime (10%, 10000, 5%)  )
    


  • @djroketboy:

    queue bulk on em1 bandwidth 20% qlimit 1000 hfsc (  ecn  , default  ,  realtime 20% )

    With regard to ECN you might need to tune net.inet.tcp.ecn.enable check http://forum.pfsense.org/index.php?topic=46960.0



  • @dhatz:

    With regard to ECN you might need to tune net.inet.tcp.ecn.enable check http://forum.pfsense.org/index.php?topic=46960.0

    Cool, thanks. I just enabled it.

    [2.0.1-RELEASE][]/root(3): sysctl net.inet.tcp.ecn.enable=1
    net.inet.tcp.ecn.enable: 0 -> 1
    


  • I had the same issue.

    My setup is dual WAN DSL, loadbalanced w/failover pfsense 2.0.1. Each DSL line has at least 6.25Mbps bandwidth.

    I resolved it by using the wizard then correcting its mistakes:

    1. Go to "Firewall > Traffic shaper > By Interface > LAN > qInternet": Check that your total bandwidth is your measured speed 12.58Mbps (approx. 2x your individual line speed)
    2. Go to "Firewall > Traffic shaper > By Interface > WAN": This is where the wizard screws up. Replace the 1Mb under "bandwidth" with 6.3Mbps (Your measured speed for that line)
    3. Go to "Firewall > Traffic shaper > By Interface > WAN2": This is where the wizard screws up. Replace the 1Mb under "bandwidth" with 6.3Mbps (Your measured speed for that line)

    Basically make sure the bandwidth under LAN fits into the sum of each line's bandwidth.

    Then Save, reboot.

    So wizard is ok, just fix the couple little mistakes after. Or do it manually, but once you do it with the wiz you can see what needs to be filled out and do it yourself.



  • Some questions:

    1.) is the qLink (default) queue necessary for the LAN interface?  It's auto setup by the traffic shaping wizard.
    2.) are "drops" in a queue something that should be expected?  should they be ignored?  or have you found there rarely to be "drops" listed beneath your status > queues?  On large file downloads at high speeds I see 5000, 7000+ although the resulting file is fine.


Locked