How to eliminate packet drops with PRIQ traffic shaping?
-
I used the pf 2.0.1 traffic shaping wizard. everything appears to be working. however i've noticed I am getting a large quantity of drops per queue. For example the qDefault on WAN gets ~ 260 drops in a matter of seconds during low activity on my home network. I have my WAN set to 4 Mbit/sec and my LAN to 28 Mbit/sec according to my ISP.
There are old posts that talk about adjusting the ACK, but I've not found any way to do this.
Thanks.
-
Where do you modify qwanacks after running PRIQ traffic shaping wizard?
-
You don't specify types of traffic (TCP, UDP etc), but have you considered HFSC + ECN ?
-
You don't specify types of traffic (TCP, UDP etc), but have you considered HFSC + ECN ?
dhatz, turns out PRIQ wasn't working well in my home network environment. I've since taken your suggestion and am starting w/ these rules but tweaking slightly:
https://calomel.org/pf_hfsc.html
However, I cannot find the file in pfsense (pf.conf) that allows you to tweak rules within a text editor (instead of the UI). For example, in the case of the SSH (parent) and ssh_login, ssh_bulk (child) queues, am unsure how to ensure interactive shell access goes over the ssh_login child queue and SFTP over the ssh_bulk queue.
Also, am I safe to assume that I should start by replicating all WAN queues exactly as they're setup over to the LAN interface? That hyperlink tutorial doesn't speak to the LAN part at all, only WAN setup.
Thanks again!
-
However, I cannot find the file in pfsense (pf.conf) that allows you to tweak rules within a text editor (instead of the UI).
If I understood you correctly, you can edit
/tmp/rules.debug
and apply your changes via
pfctl -f /tmp/rules.debug
PS: However keep in mind that pfsense runs a modified version of PF and you can't always apply pf rules found online.
-
Thanks dhatz. Here are my HFSC rules as a starting point. I have only one WAN (em3) and one LAN (em2) interface. My down/upstream are 28/4 Mbit from my ISP. I backed each down to ~97% to start. Now I wasn't quite sure how to setup my SSH rules so that SFTP traffic goes into the ssh_bulk queue and ssh interactive shell goes into the ssh_login queue. Appreciate all your guidance.
Lastly, I still notice drops. but my ack is currently set to 30% on both interfaces. I've read some places that say to set it as high as 60% but I wasn't sure whether that was accurate?
altq on em3 hfsc bandwidth 3.88Mb queue { ack, dns, ssh, bulk, usenet, backup, bittor }
queue ack on em3 bandwidth 30% qlimit 500 hfsc ( realtime 20% )
queue dns on em3 bandwidth 5% qlimit 500 hfsc ( realtime 5% )
queue ssh on em3 bandwidth 20% qlimit 500 hfsc ( realtime 20% ) { ssh_login, ssh_bulk }
queue ssh_login on em3 bandwidth 50% qlimit 500
queue ssh_bulk on em3 bandwidth 50% qlimit 500queue bulk on em3 bandwidth 20% qlimit 500 hfsc ( ecn , default , realtime 20% )
queue usenet on em3 bandwidth 5% qlimit 500 hfsc ( realtime 5% )
queue backup on em3 bandwidth 5% qlimit 500 hfsc ( upperlimit 95% )
queue bittor on em3 bandwidth 1% qlimit 500 hfsc ( upperlimit 95% )altq on em2 hfsc bandwidth 28Mb queue { ack, dns, ssh, bulk, usenet, backup, bittor }
queue ack on em2 bandwidth 30% qlimit 500 hfsc ( realtime 20% )
queue dns on em2 bandwidth 5% qlimit 500 hfsc ( realtime 5% )
queue ssh on em2 bandwidth 20% qlimit 500 hfsc ( realtime 20% ) { ssh_login, ssh_bulk }
queue ssh_login on em2 bandwidth 50% qlimit 500
queue ssh_bulk on em2 bandwidth 50% qlimit 500queue bulk on em2 bandwidth 20% qlimit 500 hfsc ( ecn , default , realtime 20% )
queue usenet on em2 bandwidth 5% qlimit 500 hfsc ( realtime 5% )
queue backup on em2 bandwidth 5% qlimit 500 hfsc ( upperlimit 95% )
queue bittor on em2 bandwidth 1% qlimit 500 hfsc ( upperlimit 95% )