Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiters not working correctly at higher speeds

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 6 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      x2416
      last edited by

      Hi!

      I've setup limiters for up and down for a client.

      Down being 30mb and up being 15mb.

      I've added a firewall rule for the LAN interface for this client so that their specific ip address gets the advanced settings of in/out (up/down).

      This works well for 2mb/1mb and other speeds, however, when I increase the limits in size, I can't hit the speeds specified.

      I do a speed test without the limiter on the client, I get 55 down and 26 up. I turn on the 30mb down/15mb up limiter, and I hit 21mb down and 10mb up.

      I've played with the speed settings and can overcompensate for whatever it be (overhead, cpu, memory) by adjusting the speeds to grossly overcompensate for it (30mb down being setup as 114mb down to hit 30mb down).

      I also read I can increase the queue size to help with higher speeds (I set it to 40000) and that seemed to help the 30mb up and 15mb down, however, when pfsense went through it's nightly reboot, it came back up and no one could load anything until I disabled the rules for limiters. I later found someone had posted you can set this to anything you want, but a value higher than 100 would cause it to error out silently and not work.

      My problem as I see it is that the limiters aren't working correctly, and I'm not sure if it's a misconfiguration issue, or it's a problem with pfsense itself. I'm on 2.2.4, running on a proxmox host. If I turn the rule off, the client sees the full extent of their possible bandwidth using their connection method, but once I put the limiters in place, that's when everything rolls south.

      Any help you could offer would be appreciated.

      1 Reply Last reply Reply Quote 0
      • N
        Nullity
        last edited by

        Are you resetting the firewall states for each test?

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • M
          Mathiew
          last edited by

          Maybe try another version of pfsense.

          With our Pfsense version 2.0 I capped our 200/200 fiber to 50/50 and I can reach 49/49 (with limiter on) with a speedtest. We are running Pfsense on a VM.

          And I didn't change queue size.

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            Maybe it's a scheduling issue? What hardware are you using? Older hardware has horrible time resolution for scheduling.

            1 Reply Last reply Reply Quote 0
            • X
              x2416
              last edited by

              pfSense is running on an i7.

              It's kinda odd, but once we hit 38mb or higher, the traffic shaping no longer works.

              I'm kinda wondering now if it couldn't be because of the virtualization, or the nic drivers. You guys seem to not have any problems.

              Anything else anyone can think of?

              Jeff

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66
                last edited by

                If you're using limiters, maybe you used the wrong mask and you're limited to 40Mb per connection or similar.

                1 Reply Last reply Reply Quote 0
                • A
                  a_null
                  last edited by

                  Limiters don't really seem to work on pfSense versions above 2.15.
                  https://redmine.pfsense.org/issues/4326

                  \x0

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    @a_null:

                    Limiters don't really seem to work on pfSense versions above 2.15.

                    Only where NAT applies on the interface where the rules reside. The circumstances being discussed here work fine.

                    Generally where they don't work at higher speeds it's because the queue length isn't long enough (though the default is fine to >100 Mb generally). Though in VM environments, timing or scheduling issues with the VM in general can be problematic, that's usually not an issue.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.