Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CoDel - How to use

    Scheduled Pinned Locked Moved Traffic Shaping
    206 Posts 30 Posters 134.4k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eri--
      last edited by

      Your tcpdump can see the packet but it does not mean that it made it out :)
      It certainly means that it was sent to the queue which in this case is Codel.

      You should have statistics of the codel queue tell you what it dropped and what it passed.

      1 Reply Last reply Reply Quote 0
      • N Offline
        Nullity
        last edited by

        @ermal:

        Your tcpdump can see the packet but it does not mean that it made it out :)
        It certainly means that it was sent to the queue which in this case is Codel.

        You should have statistics of the codel queue tell you what it dropped and what it passed.

        Thanks ermal. Your insight is always welcomed. :)

        Quick question or two about CoDel when it is a sub-discipline;
        1. are target/interval configurable by the user?
        2. are CoDel's stats exposed to the user?

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • E Offline
          eri--
          last edited by

          I have to check the code but normally even when is a sub-discipline all the stats are exported.
          When you have Codel as part of HFSC queue the queue stats you see are the ones of Codel book keeping ones.

          1 Reply Last reply Reply Quote 0
          • M Offline
            mcwtim
            last edited by

            Anyone figure out how to apply the patch?

            https://redmine.pfsense.org/issues/4692

            Keep getting "no file to patch" when testing, so clearly some steps missing on how to apply it.

            1 Reply Last reply Reply Quote 0
            • D Offline
              doktornotor Banned
              last edited by

              Testing how? You'd need the full pfsense-tools sources from github plus recompile the thing

              1 Reply Last reply Reply Quote 0
              • M Offline
                mcwtim
                last edited by

                The test button within pfsense>system>patches.

                So this is not a directly applicable patch to an installed pfsense which is what I needed to know.

                Thanks.

                1 Reply Last reply Reply Quote 0
                • N Offline
                  Nullity
                  last edited by

                  @mcwtim:

                  The test button within pfsense>system>patches.

                  So this is not a directly applicable patch to an installed pfsense which is what I needed to know.

                  Thanks.

                  Yeah, the patch applies to the source-code. See https://forum.pfsense.org/index.php?topic=76132.0 to get accessto the source-code.

                  Please be careful. That patch was posted by me and it is completely untested. There are a few other incorrect values I later found, but this bug is not vital so I neglected to create a new (and very possibly wrong) patch. If I remember correctly, all the values needing correction were in ~/patches/stable/10/altq_codel.diff and can found rather simply with grep.

                  I will leave this to the professionals to patch, until I have some experience building pfSense. I wish pfSense's source-code was more accessible. Already I have had to resort to using doktornotor's "illegitmate" pfsense-tools repository on github to refer to code that the unwashed masses can see.

                  Please correct any obvious misinformation in my posts.
                  -Not a professional; an arrogant ignoramous.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    mcwtim
                    last edited by

                    Thanks for the clarification and warning. I tried using Codel with a very functional PRIQ with limiter setup this past weekend at a 50+ person LAN party and Codel seemed to inflict a lot of latency (erratic 200+ ms). Disabled it and we went back to our normal 20-50 ms pings to external game servers.

                    At home the results seemed to be erratic with a single user and Codel only (different pfSense box). Ended up switching to Barrier Breaker and their SQM fq_codel setup which does actually work very well. Took buffer bloat rating from continuous B-C to a repeatable A+.

                    1 Reply Last reply Reply Quote 0
                    • H Offline
                      Harvy66
                      last edited by

                      I wonder if FairQueue in PFSense could be an option for child disciplines also. fq_CoDel, why are you so close yet so far?!

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        dtaht
                        last edited by

                        the docsis 3.1 standard is a "16ms" target for pie. Pie interpret's target a bit differently than codel. pie is target 20ms in the linux code and pretty different from the docsis-pie version.

                        the "target" for codel is what it aims for for local queue delay, while trying to keep the pipe filled. The important part is "keeping the pipe filled". It is certainly feasible to achieve a given queue delay while having terrible throughput (tcp's timing out, and so on).

                        we hit the issue (needing to increase target) with sub 2.5Mbit uplinks after publication of the codel paper.

                        Codel by itself is very gentle, it gradually reduces queue length to more reasonable amounts and certainly you can briefly see latencies go to 100s, of ms. even thousands of ms on unresponsive traffic.

                        fair queuing + codel takes most of the latencies for gamer-ish traffic out of the equation, while still moderating (typically tcp) queue length.

                        I am sorry you are having such difficulty with the fairq + codel emulation in pfsense. testing for codel's correct behavior is somewhat straightforward using things like the tcp_upload test in the flent suite, or merely saturating the link and looking for time of first drop, 2nd drop, etc to follow the 1/sqrt(100) rule. To make your life more difficult, there are several mildly different versions of codel out there and I have not reviewed the one in pfsense.

                        We tried all sorts of fairq+aqm combining techniques for several years, before incorporating them into one qdisc. two separate modules have flaws - including being difficult to debug.

                        Another poster here mentioned they had ping packet loss when using codel. Yes, that will happen. Gotta drop packets, some will be pings. hfsc does some clever priorization so pings more rarely drop - but which would you rather drop, pings? or data?

                        1 Reply Last reply Reply Quote 0
                        • H Offline
                          Harvy66
                          last edited by

                          I would rather see what my queue is seeing. So HFSC does mess with the order in which packets are sent within a queue? I was under the impression that HFSC is only a scheduler and only messes with inter-queue ordering, not intra-queue ordering. So if you select a dumb FIFO child queue, will HFSC change the order in which packets from that queue leave the interface? I know fq_codel and any fair queuing AQM will do that.

                          1 Reply Last reply Reply Quote 0
                          • N Offline
                            Nullity
                            last edited by

                            @Harvy66:

                            I would rather see what my queue is seeing. So HFSC does mess with the order in which packets are sent within a queue? I was under the impression that HFSC is only a scheduler and only messes with inter-queue ordering, not intra-queue ordering. So if you select a dumb FIFO child queue, will HFSC change the order in which packets from that queue leave the interface? I know fq_codel and any fair queuing AQM will do that.

                            You are seeing what your flow's queue is seeing, which is all that really matters (End-to-End principle).

                            If you want to know the details of HFSC, read the paper. It is super-fun and the ladies love an HFSC-man.

                            Please correct any obvious misinformation in my posts.
                            -Not a professional; an arrogant ignoramous.

                            1 Reply Last reply Reply Quote 0
                            • G Offline
                              gazoo
                              last edited by

                              Forgive me if some of this has been repeated already. I just wanted throw in some input on this. I was playing around with CODELQ last night.
                              Some observations:
                              I was using the speedtest.net test which tests for bufferbloat.
                              My link typically achieves 86x5.6Mbps pretty consistently on off peak hours.
                              I actually used the bandwidth window to get some settings tweak. Initially I had set the bandwidths to 10% below what my actual speeds were but it cutoff WAY too much of my top end bandwidth. When I did that I was getting an A rating on buffer bloat in both directions but speeds were cut to 75x4.2Mbps
                              I finally settled by testing on going higher. It was a balancing act because if I went too high then the bufferbloat was bad again as originally seen. If I went too low, it would knock off too much off the limits of the speeds.

                              So for the download (LAN) queue, I went for 87.5Mbps and was able to download 83-84Mbps.
                              For the upload (WAN) queue, I went for 6.1Mbps and was able to achieve 5.2 Mbps.
                              Both these settings resulted in a "B" rating with approximately 60ms of delay.
                              Considering the upload delay had been 512ms at one point, I say not bad to giving up ~7% of my top end upload bandwidth, ~3% download bandwidth.
                              I didn't have too much buffer bloat on my download (LAN) because I guess the ISP managed it very well. I believe it was originally at about 100ms

                              So this whole thing was trial and error but I consistently get the same results which leads me to believe I have achieved the intended goal.

                              I'm using 2.2.2 4G embedded on a Firebox.

                              Thanks.

                              1 Reply Last reply Reply Quote 0
                              • H Offline
                                Harvy66
                                last edited by

                                Yeah, the whole point of managing bufferbloat is your firewall needs to be the chokepoint, and if your internet connection's rate varies too much, you can get bloat spikes.

                                My limited understanding of the bufferbloat problem and some technologies is DOCSIS and DSL don't use native Ethernet which cause them to do some strange batching or fragmenting of your packets. This reduces the efficiently and makes for strange bursts in speeds. The bufferbloat forumns are constantly discussing how to properly emulate how DSL and DOCSIS work in an attempt to artificially create the same bottlenecks in the firewall, which allows better management of bufferbloat.

                                All of that being said, you need to set your bandwidth to be less than your peak, and losing some bandwidth is part of the cost of getting rid of bufferbloat when your ISP doesn't manage it for you.

                                Personally, I have a 100Mb connection and have my rates set to 99Mb and I get 1ms of bloat on average. But I seem to be a special case.

                                1 Reply Last reply Reply Quote 0
                                • T Offline
                                  tuffcalc
                                  last edited by

                                  Gazoo - I noticed this too. If I put my full speed in pfsense it is as-if it lowers this amount so it is somewhat less (95%?) of the connection speed you enter for traffic shaping limit.

                                  1 Reply Last reply Reply Quote 0
                                  • H Offline
                                    Harvy66
                                    last edited by

                                    95% is pretty decent. I see closer to about 97%.

                                    1 Reply Last reply Reply Quote 0
                                    • T Offline
                                      tuffcalc
                                      last edited by

                                      @Harvy66:

                                      95% is pretty decent. I see closer to about 97%.

                                      Might be 97%, haven't looked in a while. In any event looks like the pfsense coders deliberately lower the speed you enter. Can anyone confirm?

                                      1 Reply Last reply Reply Quote 0
                                      • N Offline
                                        Nullity
                                        last edited by

                                        I have turned to the dark-side and chose full bandwidth over best latency on my incoming traffic. The average latency increases to ~70ms (~10ms idle) during a link saturating download, but even with artificial throughput limiting I was reaching ~40ms. Addiction to throughput probably stems from years of dial-up… the experience still haunts me. :)

                                        The difference on uploads is huge though; ~600ms vs ~50ms.

                                        My ISP is the not-so-great-but-improving Windstream. I have wondered what other people experience on other ISPs and CPE.

                                        Please correct any obvious misinformation in my posts.
                                        -Not a professional; an arrogant ignoramous.

                                        1 Reply Last reply Reply Quote 0
                                        • H Offline
                                          Harvy66
                                          last edited by

                                          Since I use HFSC even for download traffic shaping, I can make sure Netflix/Youtube buffering is kept to a minimum. I pretty much can't tell the difference, even when using P2P and saturating the downstream.

                                          I have 100Mb with a 2:1 ratio between Normal:Low. P2P will be sitting around 97Mb, then I start of Netflix and I pretty much immediately see P2P drop down to ~32Mb/s and Netflix pushes through ~64Mb/s. Even with DSLReports, I still see an A/A+ during the download test. But if P2P is using 0 and DSLReports is using max, and suddenly P2P jumps up to 33, the bufferbloat can get bad, like C/D, but that's because available bandwidth is decreasing instead of increasing and I'm still stuck with regular CoDel and not fq_CoDel.

                                          1 Reply Last reply Reply Quote 0
                                          • N Offline
                                            Nullity
                                            last edited by

                                            CoDel's default "target/interval" values should be fixed in 2.2.3. Dave mentioned earlier that the "target" is pretty good at dynamically adjusting, so the fix probably has little effect in that area.

                                            The "interval" is more vital and is noted in the IETF draft as being the only parameter that is required for CoDel to to function, so perhaps changing from  a value of 5ms to a more optimal value of 100ms will improve our CoDel experience. :)

                                            Disappointingly, I tried loading up a CODELQ queue in 2.2.3, and I still got the old values… Either the install needs to be fresh or my patch is shit and needs more work. See if it is fixed on any of your 2.2.3 setups.

                                            Please correct any obvious misinformation in my posts.
                                            -Not a professional; an arrogant ignoramous.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.