Traffic Shaper: Limiter


  • LAYER 8 Netgate

    This Limiter thing on 2.2 is a real downer.  It's beginning to feel like they don't know how to fix it.





  • It's currently listed under 2.3

    https://redmine.pfsense.org/issues/4326



  • Wanted to inquire to see if anyone had additional info on this.

    https://redmine.pfsense.org/issues/4326


  • Banned

    No, it's still broken obviously as you can see from the bug status.



  • Yeah - I had that, which is why I asked if anyone had ADDITIONAL info, and not "is it fixed yet?" But thanks for playing.



  • @Derelict:

    This Limiter thing on 2.2 is a real downer.  It's beginning to feel like they don't know how to fix it.

    After almost 12 months, i am starting to get that vibe to brother. Not sure how long i can hold back on security updates for this bug :/



  • @SamTzu:

    Firewall: Traffic Shaper: Limiter
    I rebuilt our firewall because the new pfSense broke our traffic shaping rules.
    After export/import ruleset I still can't get traffic shaping to work on firewall WAN rules.
    It seems to work fine on outgoing LAN rules though.

    Any ideas why it stopped working on WAN side?

    This setup used to work before on incoming traffic, now it breaks the rule if I do this.


  • LAYER 8 Netgate

    I think if you have port forwards on an interface it makes limiters appear like they're completely bypassed. In other situations, interfaces with limiters simply stop passing traffic.

    Not sure if that's what you're seeing since "breaks the rule" is not very descriptive.



  • @Derelict:

    I think if you have port forwards on an interface it makes limiters appear like they're completely bypassed. In other situations, interfaces with limiters simply stop passing traffic.

    Not sure if that's what you're seeing since "breaks the rule" is not very descriptive.

    Yeah - not sure about OP, but for me, "stops passing traffic" is a deal breaker.  :(



  • I assigned the IN/OUT limiter to LAN interface instead of WAN. It works which (who ever in my PenaltyBox) it served the speed that I set.

    But, i have one doubt on the limit. what is the minimum speed to allow for web access? i set 1024kbps/512kbps still not able to but i managed to access youtube and facebook website.

    2.2.6-RELEASE (amd64)



  • @interkrome:

    I assigned the IN/OUT limiter to LAN interface instead of WAN. It works which (who ever in my PenaltyBox) it served the speed that I set.

    But, i have one doubt on the limit. what is the minimum speed to allow for web access? i set 1024kbps/512kbps still not able to but i managed to access youtube and facebook website.

    2.2.6-RELEASE (amd64)

    I do not understand precisely what you are asking. Can you rephrase/clarify?



  • @doktornotor:

    https://redmine.pfsense.org/issues/4326

    Nice to see that there is a ticket, but this ticket is nearly 1 year old. Is that a bug aswell? I hope to see a fix as sson as possible. :-[



  • @Nullity:

    I do not understand precisely what you are asking. Can you rephrase/clarify?

    What is the minimum speed to set for website access like espn, BBC, nbc, etc. I found out only when I remove the limiter, it allow these page to load. If I set 1024/512 it doesn't load. The weird thing is it loads YouTube (can play the video) and Facebook (can comment, post pic, etc). Google search also loaded but whenever I click the link, the page failed to load ; with limiter enabled. Tested the speed via speedtest.net it shows as what I set.

    I set IN/OUT limiter on LAN interface. Tried on WAN interface, limiter not working.



  • @interkrome:

    @Nullity:

    I do not understand precisely what you are asking. Can you rephrase/clarify?

    What is the minimum speed to set for website access like espn, BBC, nbc, etc. I found out only when I remove the limiter, it allow these page to load. If I set 1024/512 it doesn't load. The weird thing is it loads YouTube and Facebook. Google search also loaded but whenever I click the link, the page failed to load ; with limiter enabled.

    Rate-limiting should only affect how quickly a page loads, not whether the page will load or not load.

    It seems like you are encountering a limiter's bug or an unrelated bug.



  • @Nullity:

    Rate-limiting should only affect how quickly a page loads, not whether the page will load or not load.

    It seems like you are encountering a limiter's bug or an unrelated bug.

    OK. Let say a page should be fully loaded in 10 seconds with total size of 100 mb of data. So it takes around 10 seconds if i set 10mbps. So if I set it less than that, it will takes more time to load. Let say I set 1mbps, it should take 100 seconds or if I set 512kbps then it should take around 200 seconds to get fully loaded. What makes me wondering why page like Facebook and YouTube can be loaded (play video, read comments, etc) when my limit is 1mbps but not other pages. Not even landed to that address except YouTube and Facebook. Only these so far is accessible with the limiter. Weird.

    Anyway. Thank you for your respond!



  • It breaks at ipv6 address. That explained my situation

    2.2.6-RELEASE (amd64)



  • High priority bug that has broken a key function in pfSense firewall has been unsolved for over a year now.

    No proposals how to fix it. No descriptions on what actually broke, why it broke and what could be the best paths to solving the problem.

    What is going on here? My faith in you is fading. Is this how you usually deal with High priority bugs? Who dares to take responsibility for this?

    Sam

    https://redmine.pfsense.org/issues/4326



  • Theres a workaround for squid with limiter  But it breaks NAT reflection :(



  • @SamTzu:

    High priority bug that has broken a key function in pfSense firewall has been unsolved for over a year now.

    No proposals how to fix it. No descriptions on what actually broke, why it broke and what could be the best paths to solving the problem.

    What is going on here? My faith in you is fading. Is this how you usually deal with High priority bugs? Who dares to take responsibility for this?

    Sam

    https://redmine.pfsense.org/issues/4326

    I hear you. I'm eagerly waiting for this and https://redmine.pfsense.org/issues/4405 to be finally addressed so I can start using the traffic shaper again. Hopefully 2.3.2 is going to be it.



  • Not fixed yet. https://redmine.pfsense.org/issues/4326

    Target version changed from to 2.2.4.
    Done: 0%



  • Is there another way to limit the bandwidth on each computer separately? as similar as to Limiter of <traffic shaper="">.
    PfSense 2.3</traffic>



  • Depends on how many computers/devices. HFSC allow up to 15 or 16 queues.



  • @JDvD:

    Is there another way to limit the bandwidth on each computer separately? as similar as to Limiter of <traffic shaper="">.
    PfSense 2.3</traffic>

    If you created an HFSC queue for each IP and assign each queue the same (anything, it just needs to be the same; "1Kbit" for example) link-share bandwidth, and it would work almost exactly like your previous setup with limiters/ipfw.

    @Harvy66:

    Depends on how many computers/devices. HFSC allow up to 15 or 16 queues.

    lol, actually it's 2048 at the moment. Close though…  ::)
    https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_3_1/sys/contrib/altq/altq/altq_hfsc.h#L53



  • @Nullity:

    @JDvD:

    Is there another way to limit the bandwidth on each computer separately? as similar as to Limiter of <traffic shaper="">.
    PfSense 2.3</traffic>

    If you created an HFSC queue for each IP and assign each queue the same (anything, it just needs to be the same; "1Kbit" for example) link-share bandwidth, and it would work almost exactly like your previous setup with limiters/ipfw.

    @Harvy66:

    Depends on how many computers/devices. HFSC allow up to 15 or 16 queues.

    lol, actually it's 2048 at the moment. Close though…  ::)
    https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_3_1/sys/contrib/altq/altq/altq_hfsc.h#L53

    Whole crap! Nice to know. I read something somewhere that said 16 was used because of computational costs, but maybe that was old or didn't apply to the FreeBSD implementation.



  • @Harvy66:

    @Nullity:

    @JDvD:

    Is there another way to limit the bandwidth on each computer separately? as similar as to Limiter of <traffic shaper="">.
    PfSense 2.3</traffic>

    If you created an HFSC queue for each IP and assign each queue the same (anything, it just needs to be the same; "1Kbit" for example) link-share bandwidth, and it would work almost exactly like your previous setup with limiters/ipfw.

    @Harvy66:

    Depends on how many computers/devices. HFSC allow up to 15 or 16 queues.

    lol, actually it's 2048 at the moment. Close though…  ::)
    https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_3_1/sys/contrib/altq/altq/altq_hfsc.h#L53

    Whole crap! Nice to know. I read something somewhere that said 16 was used because of computational costs, but maybe that was old or didn't apply to the FreeBSD implementation.

    I know! FreeBSD defaults to 64. 2048 though… I like how pfSense plays.  ;D

    I kinda thought it was limited to ~16 because that is the highest priority in ALTQ. Of course, that means nothing in itself.



  • Hi, thanks Nullity and Harvy66…. this worked. It's not as practical like the limiter but it works too.


Log in to reply