Troubleshooting: Using Traffic Shaper Reduces Bandwidth



  • Summary: I found that whenever I use the traffic shaper, the available bandwidth for the entire network gets reduced to as low as 30% depending on what kind of scheduler / queues I have.

    Network Setup: Cable Modem –- (Intel 1000 em0) PFsense (Intel 82559 fxp0) --- Switch --- 4 wireless routers
    Our connection conservatively should be 70Mbit/s down and 7Mbit/s up. The switch is a Corega 1000/100/10 switching hub. The 4 Wireless routers are all 100/10 running at Wireless G standard with 20Mbit/s max wireless throughput.

    System: Pentium 4 - 2.6GHz, 1Gb of Ram, 40Gb, running PfSense 2.0.2 Stable Build. The Intel 1000/100/10 chip is built-in. I've added an old Intel 82559 chipset 100/10 network card that uses the fxp0 driver.

    Test Setup: This testing PC is connected to the hub, pulling available bandwidth from the network give by the ISP. I use Speedof.me for testing because it gives more accurate results than speedtest.net. There are other users on the network, so there the results might be influenced a little bit, but the test is run a few times to see if each run can go any faster.

    Result 1: This is without any Traffic Shaper
    63Mbit/s  and 7Mbit/s

    http://speedof.me/show.php?img=130205174111-3010.png

    Result 2: With PRIQ, Bandwidth 65Mbit / FW Rule queue any ports TCP/UDP to qHigh - traffic confirmed in Queue / 6-Ack, 5-High, 4-Default
    28Mbit/s and 3Mbit/s

    http://speedof.me/show.php?img=130205180107-3012.png

    Result 3: No Traffic Shaper, PRIG Traffic Shaper removed, immediately tested (should be dup condition of Result 1)
    62Mbit/s and 6Mbit/s

    http://speedof.me/show.php?img=130205180722-3014.png

    Result 4: With CBQ, qLink Default, 65Mbit / 7Mbit / FW rule queue any port TCP/UDP to qHigh - qAck 15% borrow, qHigh 15% borrow, aSlow 15% borrow
    21Mbit/s and 4.7Mbit/s

    http://speedof.me/show.php?img=130205181235-3015.png

    Result 5: No Traffic Shaper, CBQ Traffic Shaper removed. (should be dup of Result 1 and 3)
    55Mbit/s and 6Mbit/s

    http://speedof.me/show.php?img=130205181537-3016.png
    Comment: A bit slow at big file, but 75Mbit/s reached, consistent with Result 1 & 3

    Result 6: HFSC, 65Mbit / 7Mbit / FW rule queue any to qHigh
    18Mbit/s and 4.8Mbit/s

    http://speedof.me/show.php?img=130205182229-3017.png

    Result 7: No Traffic Shaper, HFSC Traffic Shaper Remove (dup of Result 1,3,5)
    73Mbit/s and 5.6Mbit/s

    http://speedof.me/show.php?img=130205182614-3018.png

    Conclusion: The traffic shaper mechanism somehow reduces the available bandwidth, the more complex the shaping mechanism, the stronger the effect.

    I still need to put a cap on p2p traffic  on the network. As the WAP only has a G bandwidth of 20Mbit/s, ideally I want to limit p2p globally to 10Mbit/s max so no one person can take higher than 50% of the WAP bandwidth at anytime. I can't do this without the shaper. Can anyone point me in the right direction? If I can't do the shaper, I'll have to invoke limiters per IP at 10Mbit/s.

    Could it be tha the shaper wizard was designed for lines close to 30Mbit? Perhaps I am not putting in the parameters right? Yet even PRIQ had problems… I appreciate any feedback. I am still very new at Pfsense and would love to introduce this to a few more cheap short-term housing in Japan. (where p2p abuse is bound to happen)

    Discussion welcomed



  • I'm interested in this too, as I seem to have the same problem.

    The traffic shaper is pretty useless if it halves the available bandwidth. And yet people are using it - do they just not know, or is it something wrong with our setup?

    In my case it is unlikely to be the processor running out of steam - I am running pfSense on an HP MicroServer with 8GB of RAM, and each of the 3 ADSL modems on my WAN ports can only provide about 3Mb/s incoming.



  • Hello,

    I have ran a similar test on a different rig with also a i8255x network card. The maximum bandwidth only goes down by about 10% max. @40Mbit line. This is only done with 1 PC pulling all the traffic from LAN to simulate load.

    I suppose this would decrease if there's hub and such on the way. The strange thing is, I have a 100Mbit line in a 30 people guesthouse, the traffic rarely goes over 10Mbit, but then again even if I remove the shaper and use 10Mbit limiter only, the traffic rarely goes over 20Mbit.. These are all speculations.

    It is still a mystery to me how HSFC performs in terms of bandwidth.. on one system it works wonderfully, and in the above test it was horrible.



  • Hi Kyo

    Could it be undersized hardware?
    Take a look at the CPU while running high load with active traffic shaper. If it hits 100% time to time - or all the time - then you may have undersized hardware. You may only see it when shaper is enabled since that gives the CPU extra load. If hardware is just enough or undersized then trying L7 rules would be out of the question since that requires a lot of extra CPU.

    Geneal recommandation is:
    http://doc.pfsense.org/index.php/Hardware_requirements

    BR. Anders



  • @Tillebeck:

    Hi Kyo

    Could it be undersized hardware?

    I am pretty sure it's not the CPU load, it's a P4 2.6Ghz, the load can spike to 50-60% if I am fiddling and reloading the firewall, but under normal operation it's consistently less than 10% even at the highest of traffic (which is like 15Mbit out of the available 80Mbit)

    However, I do suspect that it maybe the hardware in the rig. I will be disabling the built-in Intel 1000Mbit card and run two Intel 100Mbit card in PCI to see if that does anything. At the moment I am running the onboard 1000Mbit + 4 Intel 100Mbit via PCI and the same problem still persists, that is the total traffic is somehow limited to around 15Mbit-ish even when I disable shaper, limiter, etc.



  • I have a similar quad core 2.6GHz. Difference may be that it is embedded. Vender had tested it with pfsense and sold it with pfsense preinstalled.

    At normal load with 300 active client and througput WAN of 85Mbps in and 45Mbps out with the default shaper (HFSC) - the CPU load will be about 8 percent. There can be small spikes at times. Like when I earlier today tested L7 rules with no luck. At that time CPU was many times the normal load.

    So there may be a difference to hardware since I get a much higher througput using HFSC than you do on aprox. same specs of hardware.

    Not much help but now you know ;-)
    BR. Anders

    [UPDATE]
    Sorry. Just read that your load was just 10% under normal conditions. I have no good suggestions in that case.



  • @Tillebeck:

    I have a similar quad core 2.6GHz. Difference may be that it is embedded. Vender had tested it with pfsense and sold it with pfsense preinstalled.

    At normal load with 300 active client and througput WAN of 85Mbps in and 45Mbps out with the default shaper (HFSC) - the CPU load will be about 8 percent. There can be small spikes at times. Like when I earlier today tested L7 rules with no luck. At that time CPU was many times the normal load.

    So there may be a difference to hardware since I get a much higher througput using HFSC than you do on aprox. same specs of hardware.

    Not much help but now you know ;-)
    BR. Anders

    [UPDATE]
    Sorry. Just read that your load was just 10% under normal conditions. I have no good suggestions in that case.

    I've tweaked the traffic shaper to 100Mbit max and this yields about 60Mbit max on speedtest, which is what I roughly have on this cable modem connection. If I actually set it to 60Mbit downlink, it yields about 30Mbit.. since I only need the p2p catchall from traffic shaper.. i think I can get by with this slight oddity.



  • Well. Glad you found a solution. Even though not the preferred one.

    I am playing with limiters at the moment. I need to limit users to max 50Mbitps. PF can do this dynamically. But when testing I can get no more than 16-18Mbitps through a limiter… I start with 1Mbit, 5Mbit, 10Mbit, 15Mbit and it works great. Then 20Mbit, 30Mbit, 40Mbit etc. all stay on same 15Mbit download 18Mbit upload ffor the user... If I remove the limiter then 60Mbit or more. Aparently there are small issues like this based on configuration, hardware etc. It is not easy.


Log in to reply