Basic Shaping to Prevent Bufferbloat



  • So I have been able to get good results with using CODELQ on WAN interface and CODELQ on LAN interface to fix bufferbloat issues. My understanding though is that CODELQ will apply to the entire interface, so if I have inter-vlan traffic it would also go through this.

    My goal is to limit the Upload and Download, but still allow any connection to max to the limit I set. I would love to be able to apply priority to traffic under that limit. What would be the best possible solution for this. I've tried the Wizard with HFSC, but obviously the limiting goes by % or setting guaranteed bandwidth to each queue.  Would like just to have different priorities under a set bandwidth.

    Any help would be much appreciated :)



  • @petek8103:

    So I have been able to get good results with using CODELQ on WAN interface and CODELQ on LAN interface to fix bufferbloat issues. My understanding though is that CODELQ will apply to the entire interface, so if I have inter-vlan traffic it would also go through this.

    My goal is to limit the Upload and Download, but still allow any connection to max to the limit I set. I would love to be able to apply priority to traffic under that limit. What would be the best possible solution for this. I've tried the Wizard with HFSC, but obviously the limiting goes by % or setting guaranteed bandwidth to each queue.  Would like just to have different priorities under a set bandwidth.

    Any help would be much appreciated :)

    Priority queueing does not work on download, or any small bandwidth the large bandwidth node, like 100Mbit WAN to 1Gbit LAN. This QoS tutorial/introduction is by far my favorite: http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/

    I dunno if your connection is like mine, but even my not-so-great ADSL ISP has minimal download bufferbloat. Without any rate-limiting or QoS, my ping averages 35ms during download saturation. My ping is ~10ms during idle.

    But… upload saturation causes my ping to shoot to 650ms without CoDel though. ~35ms with CoDel :D.



  • So my bufferbloat occurs on both download and upload side. My question is if just CODELQ on LAN does that apply to ALL traffic going through that interface. Can I just apply something to the LAN traffic to turn back that download speed without affecting the LAN to LAN traffic.



  • @petek8103:

    So my bufferbloat occurs on both download and upload side. My question is if just CODELQ on LAN does that apply to ALL traffic going through that interface. Can I just apply something to the LAN traffic to turn back that download speed without affecting the LAN to LAN traffic.

    Unless your setup is uncommon (VLANs, multi-LAN), practically all LAN-to-LAN traffic avoids pfSense since pfSense is a router rather than a switch. Layer-2 vs layer-3 traffic.



  • The switch on the network is Layer-2 only, no VLAN routing. So from VLAN to VLAN it must hit the PFSense to route the traffic.



  • @petek8103:

    The switch on the network is Layer-2 only, no VLAN routing. So from VLAN to VLAN it must hit the PFSense to route the traffic.

    You are dealing with VLANs?

    If so, follow what the traffic-shaping wizard does with it's qInternet queue (just run the wizard and see what rules & queues it sets up). Use firewall rules to separate traffic headed towards the internet from traffic headed to another LAN.



  • @Nullity:

    @petek8103:

    So I have been able to get good results with using CODELQ on WAN interface and CODELQ on LAN interface to fix bufferbloat issues. My understanding though is that CODELQ will apply to the entire interface, so if I have inter-vlan traffic it would also go through this.

    My goal is to limit the Upload and Download, but still allow any connection to max to the limit I set. I would love to be able to apply priority to traffic under that limit. What would be the best possible solution for this. I've tried the Wizard with HFSC, but obviously the limiting goes by % or setting guaranteed bandwidth to each queue.  Would like just to have different priorities under a set bandwidth.

    Any help would be much appreciated :)

    Priority queueing does not work on download, or any small bandwidth the large bandwidth node, like 100Mbit WAN to 1Gbit LAN. This QoS tutorial/introduction is by far my favorite: http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/

    I dunno if your connection is like mine, but even my not-so-great ADSL ISP has minimal download bufferbloat. Without any rate-limiting or QoS, my ping averages 35ms during download saturation. My ping is ~10ms during idle.

    But… upload saturation causes my ping to shoot to 650ms without CoDel though. ~35ms with CoDel :D.

    I will note that CoDel/fq_codel is most effective on links that have significant bottlenecks. For most people, that's the connection to their ISPs. It sounds as if it's doing a good job on your WAN link.

    Are you measuring the latency on your LANs? Is latency a problem there? If not, then it may not be useful to have CoDel enabled for them. (Or am I missing the intent of your note?)



  • @richb-hanover:

    @Nullity:

    @petek8103:

    So I have been able to get good results with using CODELQ on WAN interface and CODELQ on LAN interface to fix bufferbloat issues. My understanding though is that CODELQ will apply to the entire interface, so if I have inter-vlan traffic it would also go through this.

    My goal is to limit the Upload and Download, but still allow any connection to max to the limit I set. I would love to be able to apply priority to traffic under that limit. What would be the best possible solution for this. I've tried the Wizard with HFSC, but obviously the limiting goes by % or setting guaranteed bandwidth to each queue.  Would like just to have different priorities under a set bandwidth.

    Any help would be much appreciated :)

    Priority queueing does not work on download, or any small bandwidth the large bandwidth node, like 100Mbit WAN to 1Gbit LAN. This QoS tutorial/introduction is by far my favorite: http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/

    I dunno if your connection is like mine, but even my not-so-great ADSL ISP has minimal download bufferbloat. Without any rate-limiting or QoS, my ping averages 35ms during download saturation. My ping is ~10ms during idle.

    But… upload saturation causes my ping to shoot to 650ms without CoDel though. ~35ms with CoDel :D.

    I will note that CoDel/fq_codel is most effective on links that have significant bottlenecks. For most people, that's the connection to their ISPs. It sounds as if it's doing a good job on your WAN link.

    Are you measuring the latency on your LANs? Is latency a problem there? If not, then it may not be useful to have CoDel enabled for them. (Or am I missing the intent of your note?)

    You may have missed my intent, but otherwise your post is accurate. :)
    Currently, I don't use any traffic-shaping on LAN because latency is acceptable without, but throughput is still sometimes a problem. Like when I saturate the download and try to browse websites the bitrate of HTTP is sometimes a trickle, but individual packet latency is still low. Ultimately, I found that limiting at the client was more effective than any traffic-shaping setup I tried.

    If I prioritized HTTP traffic, it did not help. I guess that is because by the time the bandwidth had become available, the flow had already ended. I assume this is why many texts say to deal with download saturation causing latency/bandwidth problems you simply need to leave headroom for additional traffic by rate-limiting.

    I have wondered whether queueing/traffic-shaping has any benefit over queue-less traffic-policing on an interface that needs practically no queue, like a 100Mbit WAN transmitting to a 1Gbit LAN. Most literature I have read says there is no known advantage.

    If there is no queue, packet priority is moot.



  • So I think I got it working, they way I wanted. But is there a way to see traffic inside the queues like a detailed list of active traffic say coming from 192.168.30.50 to x.x..x.x port 80 in queue_high?

    Would really help if there is a way to do t see what devices are using what port.



  • @petek8103:

    So I think I got it working, they way I wanted. But is there a way to see traffic inside the queues like a detailed list of active traffic say coming from 192.168.30.50 to x.x..x.x port 80 in queue_high?

    Would really help if there is a way to do t see what devices are using what port.

    The only way I know of is to use tcpdump's abilities to integrate with pflog, a trick I found in "The Book of pf". You can either search my old posts to find more info or Google "tcpdump pflog".