pfSense Forum

pfSense English Support => Post a bounty => Completed Bounties => Topic started by: billm on November 08, 2006, 09:55:19 pm

Title: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: billm on November 08, 2006, 09:55:19 pm
This is a continuation of http://forum.pfsense.org/index.php/topic,2686.0.html (http://forum.pfsense.org/index.php/topic,2686.0.html)

The following are proposed changes to the existing pfSense traffic shaper based on community interest, feasibility, and pledged dollars.  The list is somewhat out of order of proposals due to references made in the list to other items.

I fully expect that we'll be able to get these changes in the next feature release, however there is no chance that they'll get into anything with a 1.0.x version and I think we're targetting 1.1 for a FreeBSD OS update.  This caveat is just to help set expectations so when we release a 1.0.2 or 1.1 nobody asks whether these changes made it in.

I'd like to ask that those that pledged in the other thread (that I'll merge into this one) please reply with an update on whether the proposal meets their expectations and an updated pledge which I'll add to the above list.

There is no "price tag" for this feature enhancement, nor is there a time frame other than what I mentioned above (it'd still have to be debugged and thoroughly tested even if I wrote the code in a day).  The $10k pledge drive that was initiated was to drive interest, not as a price tag.  All I ask is for those that are interested to put their $$$ where their mouths are and help get this going.  I've put up with a lot of crap over the existing code and am kind of tired of people bitching about it; if people want it to work better, I need to see it.  Some people have certainly showed interest, with the amount of people that have downloaded and are using pfSense, I'm hoping others will help the cause here and won't leave this up to the half dozen that have already showed their interest.

Bounties pledged to date:
Total pledged: $950

Remember, pledging is only part of the equation, we don't want to be told we're going to get X amount of dollars and not get it after all the work is done.  I request that at least 50% of each pledge be escrowed in the pfSense account (you'll have to trust that I don't have access to it and that Scott isn't going to go and get really really drunk with it).  Thanks


Update - 11/22/2006 - I've been working on the pf.conf side of this change a bit and think I've made some progress.  I should begin coding these changes shortly as it's getting quite painful to make any further progress by hand.  As soon as I have something that can be tested, I'll contact those that have made pledges on this bounty to allow them to test.

--Bill
Title: Re: Traffic shaper changes
Post by: sai on November 09, 2006, 06:36:57 am
$100.

Multi-wan is interesting, but what do you mean by that? If you mean 1 shaper with multiple WANs then I dont remember seeing it in any of the HFSC docs (not that I studied too hard). It would probably be very difficult to visualise and use  - most unlikely anyone would want it.
If you mean a separate shaper for each WAN then that makes more sense. Should be possible to fit it into the gui without complications.

Time line: are we talking 6 months, 1 year (+/- x months)?  I know that this is open source so no release dates set in advance, but some sort of ETA ?

Title: Re: Traffic shaper changes
Post by: billm on November 09, 2006, 08:10:44 am
$100.

Multi-wan is interesting, but what do you mean by that? If you mean 1 shaper with multiple WANs then I dont remember seeing it in any of the HFSC docs (not that I studied too hard). It would probably be very difficult to visualise and use  - most unlikely anyone would want it.
If you mean a separate shaper for each WAN then that makes more sense. Should be possible to fit it into the gui without complications.

Yep, multiple WANs.  It's all about queue definition and how traffic get's assigned to the queue.  I'm not 100% sure I can make it work in our case.  Policy based multi-wan routing would likely be possible, but based on how we assign traffic to queues (which won't be changing...it's the only way we can do it without major pf hacks) it's likely that load balanced WANs won't be able to shape.  There are some other items I have in the works as I get to them (kernel side is done...I think) that will allow for layer7 requeueing of traffic (ie. traffic starts off in the default queue or something and get's moved to HTTP once it recognizes HTTP in the packet payload).  I'm not including that as part of this bounty/feature enhancement.

Time line: are we talking 6 months, 1 year (+/- x months)?  I know that this is open source so no release dates set in advance, but some sort of ETA ?

We're planning on starting work on RELENG_2 shortly and I'm (personally) hopeful that we'll be able to push a 6 month release cycle out (but depending on bugs in new features, that might stretch).  With that said, you'll be able to see the new code in the alpha releases as soon as it's commited.  I don't expect that it'll take me more than a week or two to get the new shaper code to a point where I can commit it and get people pounding on it.

--Bill
Title: Re: Traffic shaper changes
Post by: wcoolnet on November 09, 2006, 11:18:49 am
$200
Title: Re: Traffic shaper changes
Post by: mrt_ok on November 09, 2006, 01:42:57 pm
$500
Title: Re: Traffic shaper changes
Post by: aldo on November 09, 2006, 03:42:28 pm
bill the changes you are proposing sound very interesting. if interfaces could be extended to support all the ng interfaces loaded on the pppoe server we have another 200 for your bounty.

it can nearly do it now. with a bit of a hack to it but gets it's white spacings wrong.

would you think this is supportable in the multiple interfaces area of your plan
Title: Re: Traffic shaper changes
Post by: billm on November 09, 2006, 05:02:55 pm
bill the changes you are proposing sound very interesting. if interfaces could be extended to support all the ng interfaces loaded on the pppoe server we have another 200 for your bounty.

it can nearly do it now. with a bit of a hack to it but gets it's white spacings wrong.

would you think this is supportable in the multiple interfaces area of your plan

I _think_ so - do PPPOE server interfaces show up as individual interfaces in the Rules (or even interfaces) screen?  I'm thinking it doesn't, but I haven't really seen how the PPPoE server works either.  I'll try and spend some time tonight, I agree, it's likely possible, but I don't know enough about how that section of code works to be able to say for sure.  If it comes up as individual interfaces that rules can be created on, then I'm reasonably confident that it'll "just work".

--Bill
Title: Re: Traffic shaper changes
Post by: sullrich on November 09, 2006, 05:06:43 pm
Only major problem is ngX is dynamic.  The ordering may shift.
Title: Re: Traffic shaper changes
Post by: billm on November 09, 2006, 05:41:26 pm
Only major problem is ngX is dynamic.  The ordering may shift.

Good point.  Although I don't think ngX necessarily _has_ to be dynamic.  But making major interface changes, while on my own personal list of things to do, aren't necessarily compatible within the scope of this change.  If these are truly dynamic and _not_ tied to the standard rules editor, then I don't think we'll be able to make it part of this change.  Although this change should set the stage for this feature in the future.

--Bill
Title: Re: Traffic shaper changes
Post by: sullrich on November 09, 2006, 08:20:59 pm
Nope, its not associated unfortunately.

Title: Re: Traffic shaper changes
Post by: aldo on November 10, 2006, 02:35:04 am
ok that was confusing could you clarify these points.
is it possible?
would you include it?
all i am trying to do is hfsc with them no other gaurentees all have equal preferance.

well look forward to the clarification
Title: Re: Traffic shaper changes
Post by: billm on November 10, 2006, 08:49:12 am
ok that was confusing could you clarify these points.
is it possible?

Possible, yes.  With the current way interfaces are configured, no.  The shaper changes I'm working on won't directly help here, but would be considered a prereq to being able to do this.

would you include it?

One thing at a time :)  If PPPoE server 'nics' (all the ng interfaces) were already individually assignable for rule management in pfSense, you'd get the shaper changes "for free" so to speak.  The changes I'm looking at would just come along for the ride.  As it sits, I'd consider this a different project, but one that relies on this change before it can be seriously thought of.  Depending on how the code ends up getting written, it may be possible to hack up a config.xml that'll create the correct rules - not sure, I'm still researching the proper way to do the queues as it is (it's looking like we'll have a number of nasty recursive loops).

all i am trying to do is hfsc with them no other gaurentees all have equal preferance.

well look forward to the clarification

Hope that helps.

--Bill
Title: Re: Traffic shaper changes
Post by: sullrich on November 14, 2006, 11:24:14 am
Not sure that we can accept Pakistan funds without Big Bubba getting down and angry with us.
Title: Re: Traffic shaper changes
Post by: eric on November 15, 2006, 01:14:28 am
i too would be willing to throw some money your way for this, however seeing as I'm pretty close to broke it wouldn't be much. 
Title: Re: Traffic shaper changes
Post by: Delphinus on November 17, 2006, 05:25:20 pm
I'll donate $100. Let me know when you need it.
Title: Re: Traffic shaper changes
Post by: msamblanet on November 20, 2006, 06:48:06 am
Just sent in $100 to Paypal...while I would like you to consider it part of this bounty, please use it as/when the project needs...you've earned it with or without a multi-interface traffic shaper!
Title: Re: Traffic shaper changes
Post by: Perry on December 02, 2006, 12:32:24 pm
Bill what paypal account do i send my donation to?
Title: Re: Traffic shaper changes
Post by: aldo on December 02, 2006, 12:56:00 pm
ok that was confusing could you clarify these points.
is it possible?

Possible, yes.  With the current way interfaces are configured, no.  The shaper changes I'm working on won't directly help here, but would be considered a prereq to being able to do this.

would you include it?

OK i think i understand what are the overall thoughts on this. should i start up a bounty on it.
we use pppoe server for all our wireless concentration. if this change looks achievable outside of the shaper scope i will make a bounty for it.

maybe you or scott can clarify the scope of the change a little more clearly and i can brief it

One thing at a time :)  If PPPoE server 'nics' (all the ng interfaces) were already individually assignable for rule management in pfSense, you'd get the shaper changes "for free" so to speak.  The changes I'm looking at would just come along for the ride.  As it sits, I'd consider this a different project, but one that relies on this change before it can be seriously thought of.  Depending on how the code ends up getting written, it may be possible to hack up a config.xml that'll create the correct rules - not sure, I'm still researching the proper way to do the queues as it is (it's looking like we'll have a number of nasty recursive loops).

all i am trying to do is hfsc with them no other gaurentees all have equal preferance.

well look forward to the clarification

Hope that helps.

--Bill
Title: Re: Traffic shaper changes
Post by: billm on December 03, 2006, 07:07:25 pm
Bill what paypal account do i send my donation to?

paypal _at_ chrisbuechler.com if you want pfSense to hold onto it until I'm done, or billm _at_ pfsense.org if you wish to send it direct to me sooner.

--Bill
Title: Re: Traffic shaper changes
Post by: billm on December 03, 2006, 07:09:11 pm
Aldo, didn't see any content in that post...did I miss something?

--Bill

ok that was confusing could you clarify these points.
is it possible?

Possible, yes.  With the current way interfaces are configured, no.  The shaper changes I'm working on won't directly help here, but would be considered a prereq to being able to do this.

would you include it?

OK i think i understand what are the overall thoughts on this. should i start up a bounty on it.
we use pppoe server for all our wireless concentration. if this change looks achievable outside of the shaper scope i will make a bounty for it.

maybe you or scott can clarify the scope of the change a little more clearly and i can brief it

One thing at a time :)  If PPPoE server 'nics' (all the ng interfaces) were already individually assignable for rule management in pfSense, you'd get the shaper changes "for free" so to speak.  The changes I'm looking at would just come along for the ride.  As it sits, I'd consider this a different project, but one that relies on this change before it can be seriously thought of.  Depending on how the code ends up getting written, it may be possible to hack up a config.xml that'll create the correct rules - not sure, I'm still researching the proper way to do the queues as it is (it's looking like we'll have a number of nasty recursive loops).

all i am trying to do is hfsc with them no other gaurentees all have equal preferance.

well look forward to the clarification

Hope that helps.

--Bill
Title: Re: Traffic shaper changes
Post by: billm on December 22, 2006, 10:16:10 pm
Just wanted to update the thread.  I'm still working on this, had some issues with some of the new gui libraries that we needed to get fixed as well as some VM issues that are now resolved.  I'm hoping to spend some time during my vacation to get a new wizard completed which should allow me to generate configs that I can use to create the backend :)  Due to the use of the new gui library, I can pretty easily say that this won't appear in the RELENG_1 branch at all, but I'll attempt to backport it for those that have pledged and donated for this so it can get tested and have some eyes on it earlier (and of course so you can have a new toy :)).

--Bill
Title: Re: Traffic shaper changes
Post by: sai on December 22, 2006, 11:06:23 pm
Thanks Bill.

I have a request: could you make the wizard optional please?

I realize that altq is really difficult to understand, but sometimes you just want to set things up yourself. This is especially true when you are trying to learn about the software.

Title: Re: Traffic shaper changes
Post by: billm on December 23, 2006, 09:23:35 am
Thanks Bill.

I have a request: could you make the wizard optional please?

I realize that altq is really difficult to understand, but sometimes you just want to set things up yourself. This is especially true when you are trying to learn about the software.

The wizard is already optional.  I do plan on making the manual configuration a little more reliable and less prone to easy breakage (the real problem) though.

--Bill
Title: Re: Traffic shaper changes
Post by: Leoandru on December 27, 2006, 11:22:38 am
Hey Bill mind if I chip in on this project? I'm finding more free time on my hand these days, so I'm specifically interested in helping with transparent shaping and investigating the muliwan/multinterface shaping of altq.
Title: Re: Traffic shaper changes
Post by: billm on December 28, 2006, 08:44:47 am
Hey Bill mind if I chip in on this project? I'm finding more free time on my hand these days, so I'm specifically interested in helping with transparent shaping and investigating the muliwan/multinterface shaping of altq.

You might check out http://wiki.pfsense.com/wikka.php?wakka=NewShaperNotes (http://wiki.pfsense.com/wikka.php?wakka=NewShaperNotes).  I think I can handle bridge, and multi-lan w/out too much problem.  Multi-wan is going to be a tad more challenging I think. 

--Bill
Title: Re: Traffic shaper changes
Post by: Leoandru on December 28, 2006, 01:11:10 pm
Hey Bill mind if I chip in on this project? I'm finding more free time on my hand these days, so I'm specifically interested in helping with transparent shaping and investigating the muliwan/multinterface shaping of altq.

You might check out http://wiki.pfsense.com/wikka.php?wakka=NewShaperNotes (http://wiki.pfsense.com/wikka.php?wakka=NewShaperNotes).  I think I can handle bridge, and multi-lan w/out too much problem.  Multi-wan is going to be a tad more challenging I think. 

--Bill

cool, I'll experiment with altq and multi-wan shaping and update the wiki with my findings and ideas. Off the bat though I'm not sure if this can be done without modifying altq itself. Also I'll experiment with the ideas you currently have to see if I can add any additional info. What about transparent/l7 shaping? have any ideas or wiki entry on that? I have a few idea's I'd like to share on that, I probably make a wiki entry once I setup a testing platform this weekend and put together some notes.
Title: Re: Traffic shaper changes
Post by: sullrich on December 28, 2006, 03:01:47 pm
cool, I'll experiment with altq and multi-wan shaping and update the wiki with my findings and ideas. Off the bat though I'm not sure if this can be done without modifying altq itself. Also I'll experiment with the ideas you currently have to see if I can add any additional info. What about transparent/l7 shaping? have any ideas or wiki entry on that? I have a few idea's I'd like to share on that, I probably make a wiki entry once I setup a testing platform this weekend and put together some notes.

Yay!  Glad to see you have some free time Leo!
Title: Re: Traffic shaper changes
Post by: Leoandru on January 09, 2007, 10:33:03 am
just a little update: The multiple interface shaping feature is starting to look a bit daunting, altq was not designed for it. The queuing hierarchy created on each interface are totally unrelated. So if you try to shape 1 wan interface over two lans then altq simple can't do it. Probably some combination of dummynet and altq would solve the problem, I'll post my opinions on the wiki later.
Title: Re: Traffic shaper changes
Post by: billm on January 10, 2007, 10:02:58 pm
Thanks Leon...I'll check out the wiki, the configs apply, but I'm not terribly surprised it doesn't work quite as advertised :-/

--Bill
Title: Re: Traffic shaper changes
Post by: hoba on January 11, 2007, 01:19:07 am
As dummynet can shape incoming on an interface this would be an option to shape traffic inside tunnels as well (before the traffic on the outgoing interface is only seen as encrypted traffic only). I have some setups that work this way pretty well with m0n0wall. However, getting this all under control and even crunching all that logic in a wizard will be a hard task I guess and considering multiple interfaces...
Title: Re: Traffic shaper changes
Post by: sullrich on January 11, 2007, 09:56:46 am
As dummynet can shape incoming on an interface this would be an option to shape traffic inside tunnels as well (before the traffic on the outgoing interface is only seen as encrypted traffic only). I have some setups that work this way pretty well with m0n0wall. However, getting this all under control and even crunching all that logic in a wizard will be a hard task I guess and considering multiple interfaces...

Dummynet does not work with ALTQ/PF.  As soon as you add a RDR, all traffic stops on the firewall.
Title: Re: Traffic shaper changes
Post by: billm on January 24, 2007, 08:33:37 am
just a little update: The multiple interface shaping feature is starting to look a bit daunting, altq was not designed for it. The queuing hierarchy created on each interface are totally unrelated. So if you try to shape 1 wan interface over two lans then altq simple can't do it. Probably some combination of dummynet and altq would solve the problem, I'll post my opinions on the wiki later.

Leon, any updates on this?  I've been holding off spending much more time on this until it's proven working (or not)...it _should_ work I think, but it's a bit of a hack to setup as best as I can tell.

--Bill
Title: Re: Traffic shaper changes
Post by: Leoandru on January 24, 2007, 10:52:37 am
Leon, any updates on this?  I've been holding off spending much more time on this until it's proven working (or not)...it _should_ work I think, but it's a bit of a hack to setup as best as I can tell.

--Bill

No.. I haven't been able to make it work, I was holding off the write up on this until I had absolutely given up. Also I didn't know your were holding off until more proof could be given that it doesn't work, but I was hoping that you could prove me wrong with some test and sample setups. I was still experimenting with several ideas  though I haven't gotten as much time as I would have liked to experiment with them (maybe i spoke too soon of free time cause it seems to be vanishing into work). Maybe this weekend I'll be able to give something more concrete, but please go ahead with your ideas and experiment I check this thread regularly for updates so you can post any success you have had with this. Sorry for the lack of correspondence on irc, it would be nice if we could bounce ideas off each other but I just havn't found the time yet.
Title: Re: Traffic shaper changes
Post by: billm on January 26, 2007, 05:52:31 pm
'k I'll just drop you a private email if I can find your address again :)

--Bill
Title: Re: Traffic shaper changes
Post by: SMachiz on February 09, 2007, 08:30:48 pm
I would contribute $25 for proper dual-wan QoS/shaping.
Title: Re: Traffic shaper changes
Post by: cabe on February 13, 2007, 02:43:52 am
Quote
just a little update: The multiple interface shaping feature is starting to look a bit daunting, altq was not designed for it. The queuing hierarchy created on each interface are totally unrelated. So if you try to shape 1 wan interface over two lans then altq simple can't do it. Probably some combination of dummynet and altq would solve the problem, I'll post my opinions on the wiki later.

So does this mean that it's not possible to shape across multiple WAN interfaces? Or does it mean that we can't even shape across a bridged WAP and LAN connected to a single WAN..  ???
Title: Re: Traffic shaper changes
Post by: eickst on February 20, 2007, 07:19:38 pm
Any updates on this feature?  Not multi-wan but at least multi-lan such as WAP and LAN.
Title: Re: Traffic shaper changes
Post by: sullrich on February 20, 2007, 07:28:08 pm
No.
Title: Re: Traffic shaper changes
Post by: cabe on March 06, 2007, 04:45:03 pm
Any updates on this feature?  Not multi-wan but at least multi-lan such as WAP and LAN.
I'm probably going to just switch to the new beta of m0n0wall for that feature.
Title: Re: Traffic shaper changes
Post by: sullrich on March 06, 2007, 05:08:08 pm
Any updates on this feature?  Not multi-wan but at least multi-lan such as WAP and LAN.
I'm probably going to just switch to the new beta of m0n0wall for that feature.

Have fun!
Title: Re: Traffic shaper changes
Post by: hoba on March 06, 2007, 05:11:01 pm
Any updates on this feature?  Not multi-wan but at least multi-lan such as WAP and LAN.
I'm probably going to just switch to the new beta of m0n0wall for that feature.

This is really helpfull, I guess we have to question the whole project now that you are gone  :o
Title: Re: Traffic shaper changes
Post by: techatdd on March 06, 2007, 06:58:26 pm
I will use this as a catch all qos bountys section.

I would join in with 200$ for a multi interfaces Qos and multi PPPoE Wan support. They are only useful together for me.
Additionally, I would pay 100$ for per IP bandwith limitations in the traffic shaper.
I know all this is not much for the lot of work it will require, but maybe others will join in.

Greetings,
techatdd
Title: Re: Traffic shaper changes
Post by: cabe on March 06, 2007, 07:06:19 pm
Any updates on this feature?  Not multi-wan but at least multi-lan such as WAP and LAN.
I'm probably going to just switch to the new beta of m0n0wall for that feature.

This is really helpfull, I guess we have to question the whole project now that you are gone  :o
Well I'm glad you think my comment was helpful, because I certainly intended for it to be! You shouldn't question the project though -- It's a great project and I enjoy seeing it progress. Oh, and I'm not gone either :)

eickst was looking for a multi-lan traffic shaper, and I suggested m0n0wall. I know that it supports multi-lan traffic shaping, so it could be of use to him.

I also mentioned m0n0wall's new beta because it supports Atheros cards, and since I have an Atheros card, I haven't been able to use the latest version of m0n0wall since they switched back to 4.x since the 1.2x versions. I see that the new m0n0wall beta supports Atheros wireless cards, thus with no advancement in pfSense's multi-lan trafic shaper (and no complaints coming from me about that), I'm going to give m0n0wall a shot.

It's like using the appropriate tool for the job.  Just because you choose to use a screwdriver to screw in a screw doesn't mean you think that hammers suck!
Title: Re: Traffic shaper changes
Post by: guigux on March 14, 2007, 04:46:18 am
adding 100$ for shapper work on a dual wan balenced pool . (with failover of course ! :-)

rgrds
Title: Re: Traffic shaper changes
Post by: davidw on June 11, 2007, 02:51:01 pm
Is this bounty still open?

I'll pony up $100. An IP/MAC-based shaper would be my top request but any movement deserves a contribution.

Feel free to punt this late post if I've missed an update elsewhere.
Title: Re: Traffic shaper changes
Post by: mrt_ok on July 05, 2007, 02:40:11 pm
Can someone please summerize (maybe you Bill), what the current status is and what the problems are?

I think it would be easier for all to help....

thank you!
Title: Re: Traffic shaper changes
Post by: sanjay_arora on July 11, 2007, 03:46:16 pm
Can someone advise if this bounty is still open?

I would like to post an additional 50$ bounty for Wulti-Wan traffic shaping, with individual-WAN traffic-shaping settings alongwith a feature that allows one to add an undefined type of traffic by port or originating/destination IP and create a custom queue for it e.g. one can allocate lower priority for a protocol that has not been specifically defined in gui...say rsync or a lower priority for my software repository server updating its various repos continuously.


With best regards.
Sanjay.
Title: Re: Traffic shaper changes
Post by: antimatter on July 17, 2007, 05:03:33 am
About the multi-wan, I got a question.

The multi-wan, would have two separate queue for each of the WAN interface, and they would be independent correct?

Is there any way that it could be possible to link them together?  Let's say I have two WAN, and both goes over the same line, so if one WAN eats up 500kbps, that is 500kbps less that will be allocated to the other WAN, is this possible?
Title: Re: Traffic shaper changes
Post by: afrugone on August 02, 2007, 07:46:35 pm
Hi,

As asked before, is this bounty still open?, I need this feature and I'll like to post some money, but I didn't see any comment from the bounty leader for a long time.

Regards
Alfredo
Title: Re: Traffic shaper changes
Post by: afrugone on August 06, 2007, 11:40:38 am
Could somebody tell me if this bounty is still open

Appreciate very much your comments.

Regards
Alfredo
Title: Re: Traffic shaper changes
Post by: hoba on August 09, 2007, 01:06:19 pm
This for sure is still a hot topic though not trivial to solve. Maybe we can discuss it during this years hackathon, which will take place in october, to get some things rolling.
Title: Re: Traffic shaper changes
Post by: afrugone on August 11, 2007, 10:20:43 pm
Thanks Hoba,

And how can help with it?, I'm not an expert, but I can help testing and with some money, how can I send it?

Regards
Alfredo
Title: Re: Traffic shaper changes
Post by: joshk on September 15, 2007, 08:08:05 pm
Is multi-WAN traffic shaping still "under consideration"?

Also, is that under consideration for the feature of having a single queue for all outbound traffic? I would be happy enough for separate queues for each line and I feel that that should already be pretty easy to do (just change interface names and limits, reapply all rules)
Title: Re: Traffic shaper changes
Post by: ermal on November 01, 2007, 05:53:37 am
Can i ask if the people in pledged in this bounty consider their offer still valid?!

Title: Re: Traffic shaper changes
Post by: wcoolnet on November 01, 2007, 02:56:03 pm
I started this thread about a year ago, but have not been keeping track of pfsense. For my original problem I ended up using m0n0wall and that has worked out well enough. I am not as actively involved in the purchase decision process of the company that needed this solution as I was a year ago. If this feature does eventually get implemented into pfsense I will try my best at ponying up the $200 I had originally pledged. Should anyone need to contact me about receiving my pledge please leave a comment on http://blog.wtip.net/
Title: Re: Traffic shaper changes
Post by: techatdd on November 04, 2007, 05:14:08 am
I dont only want to renew my offer, I will raise it again. 400$ for Multi-Interface QoS in combination with PPPoE on OPT-Interfaces. Also I raise my bounty for per-IP Traffic Shaping to 200$.

Greetings,
techatdd
Title: Re: Traffic shaper changes
Post by: afrugone on November 04, 2007, 09:15:34 am
I'm also highly interested in having traffic shapper running in multiwan, I can offer US$50, I know this is not to much, but is what I can do, and this is for personal use, not for business.

Saludos
Alfredo
Title: Re: Traffic shaper changes
Post by: tacfit on December 20, 2007, 02:12:06 pm
I'll put in 200$ for shaping unrestricted by number of WANs and LANs.
Title: Re: Traffic shaper changes
Post by: ltning on December 27, 2007, 03:09:29 pm
Hi,

I'm throwing in $500 on this one. I'm specifically interested in multiple LAN interface support. Wizard support for this is desired, but not required.

I wanted to paypal the money right now, but was advised to wait. ;)

/Eirik
Title: Re: Traffic shaper changes
Post by: sullrich on December 27, 2007, 05:49:44 pm
Okay we are nearing completion of a COMPLETE traffic shaper overhaul.

Ermal has done quite a bit of work to overhaul the shaper and make it multiple interface ready, adding back all ALTQ protocols and making it generally easier to edit queues and rules.

So who is still in on this bounty?  The plans are to bring this into HEAD and RELENG_1.   We might be able to make a patch set available for 1.2 AFTER it has been tested in RELENG_1.

Title: Re: Traffic shaper changes
Post by: afrugone on December 27, 2007, 07:23:40 pm
I'm still here, but I don't know how to send the money and when
Title: Re: Traffic shaper changes
Post by: heiko on December 30, 2007, 06:16:42 am
I will pay 1000 $ for eris solution if a fully stable patch set exists for 1.2
Title: Re: Traffic shaper changes
Post by: sullrich on December 30, 2007, 05:57:14 pm
Where is everyone else?   I know there was a lot more folks that committed money.  Ermal has spent a LOT of time on this project and it would be a travesty if he does not get what was promised to the person that did the work.
Title: Re: Traffic shaper changes
Post by: heiko on December 31, 2007, 07:48:58 pm
Happy new year, my payment arise, now i will pay 1200 $ for a 1.2 patch set solution.

Title: Re: Traffic shaper changes
Post by: Perry on January 03, 2008, 08:49:17 am
100$ on it's way
Title: Re: Traffic shaper changes
Post by: sullrich on January 03, 2008, 01:39:37 pm
Thanks to everyone that is coming through with their end of the deal.

Now everyone else, please, please keep your pledge.  I would hate to have to switch the bounty system to a prepaid model where everyone would suffer.

Title: Re: Traffic shaper changes
Post by: heiko on January 05, 2008, 01:55:00 pm
Ups, i have found 200 $, so my payment for a 1.2 fully stable patch set is now 1400 $
Title: Re: Traffic shaper changes
Post by: sullrich on January 05, 2008, 05:31:05 pm
Thank you heiko!   Now where is everyone else?
Title: Re: Traffic shaper changes
Post by: mrt_ok on January 06, 2008, 07:25:09 am
hi all,

i already sent the money via paypal - as noted - and I would be happy to get transparent shaping (bridged mode) working well - for the folks who only want to shape without modifying any routing or ip assignments...nice on mac or ip basis, timed and easy to setup :-)

thomas

Title: Re: Traffic shaper changes
Post by: afrugone on January 06, 2008, 07:31:30 am
Hi,

I've never post any money via paypal to a bounty, exists an account or any reference to do it right?
Title: Re: Traffic shaper changes
Post by: mrt_ok on January 06, 2008, 10:04:52 am
sure, see bottom of page http://www.pfsense.org/index.php?id=38

thomas
Title: Re: Traffic shaper changes
Post by: Nil Einne on January 10, 2008, 01:40:49 am
Has anyone contacted wcoolnet via his/her blog as he/she said 2 months ago?
Title: Re: Traffic shaper changes
Post by: sullrich on January 10, 2008, 01:47:30 pm
Has anyone contacted wcoolnet via his/her blog as he/she said 2 months ago?

I don't think so.  Care to contact them and ask them to tune back in to the thread?
Title: Re: Traffic shaper changes
Post by: Rich on January 11, 2008, 08:35:01 pm
The company I work for may be interested in this. Right now we have a pfsense box with a /24 of ips on 20 mb/s metro e, and a /26 on 6 mb/s 4 bonded t-1's and a managed cisco 3600 series. We recently met with a ccie about a cisco 3845 for the metro e, and implementing bgp.

Would the new shaper changes allow us to shape the connections and allow for one to be much faster than the other? We don't really need load balancing, just failover. Also, could we use the failover capabilities of pfsense instead of a 3845 to completely failover the metro e to the bonded t's? I would much rather use pfsense for everything possible as long as it's very stable like the test box I set up on the metro e and just left there because it worked so well. We would also want to purchase the support because downtime is really big $$$ for us now that we've grown. That's why we need the failover.
Title: Re: Traffic shaper changes
Post by: ermal on January 12, 2008, 03:14:28 am
The company I work for may be interested in this. Right now we have a pfsense box with a /24 of ips on 20 mb/s metro e, and a /26 on 6 mb/s 4 bonded t-1's and a managed cisco 3600 series. We recently met with a ccie about a cisco 3845 for the metro e, and implementing bgp.

Would the new shaper changes allow us to shape the connections and allow for one to be much faster than the other? We don't really need load balancing, just failover. Also, could we use the failover capabilities of pfsense instead of a 3845 to completely failover the metro e to the bonded t's? I would much rather use pfsense for everything possible as long as it's very stable like the test box I set up on the metro e and just left there because it worked so well. We would also want to purchase the support because downtime is really big $$$ for us now that we've grown. That's why we need the failover.

If "one to be much faster than the other" you mean that the failover is not the same speed as the primary, the answer is a simple yes.
Title: Re: Traffic shaper changes
Post by: Rich on January 12, 2008, 10:25:55 am
Sorry, let me try to clarify.

What we want is our main connection to be the metro e on dark fiber setup as an oc-12 ring and upgradable to oc-192. We have a /24 of ips on it that we want to automatically fail over to the bonded t-1's that we may upgrade to a t-3 if our critical traffic increases past the 6 mb/s mark. We currently have 20 mb/s on the ring and 6 mb/s with the t-1's. We've started moving our internet servers in house, and are getting ready to implement our new intranet to around 50 branch offices over the year. Those vpns combined with the 70 other vpns to our partners will put us well over 100 site to site vpns. We will also be implementing around 200 client vpns for our ae's notebook computers. We're currently using a sonicwall 4060 as the vpn concentrator, nat, gateway anti-virus and content filter for the corporate office and were thinking of upgrading it to an e class when necessary. We also do video conferencing and voip. We will be adding a large streaming media server also. The main connection will need to be able to handle at least 40 mb/s of heavy traffic. I would prefer it be able to truly handle 100 mb/s of heavy traffic. We have a ccie that wants to put in a 3845 and says it will handle 45 mb/s and it can be set up with bgp. The 3600 series is managed by the phone company.

What I would like to propose to the owners is a system that we can traffic shape all these services on the faster connection. When it goes down for some reason, I want it to switch to the t-1's and change the shaping to commit the necessary bandwidth to the critical services, and give non-critical much less priority. I would prefer not to have to buy the cisco stuff. It tends to be reliable, but it's way to expensive for the performance. That's why we standardized on the sonicwall stuff when we first opened. I also think it would be better for our company to work with a group that will actually customize the system based off our needs. I know this will probably need to be in a new bounty, but I would appreciate a little feedback so I can figure out what I really need to ask for. Also, we're in Lexington, KY, so we're pretty close to some of you.
Title: Re: Traffic shaper changes
Post by: ermal on January 12, 2008, 11:44:40 am
Well about the failover and commited bandwidth you can do it. Just need to setup it properly.
But it is doable pretty easily. The new interface helps with that to.

For the other things another thread would be appropriate so we can discuss.


Title: Re: Traffic shaper changes
Post by: colin7151 on January 16, 2008, 10:22:05 pm
Forgive me if this is a stupid question, but how is the rest of the process going to work ? It looks like people are sending there $$ in, when will the patch be release ? Once it is will it become part of the main project code or just exist as a patch ?

Read the "Bounty board rules and guidelines" post but that didnt seem to answer many questions.
Title: Re: Traffic shaper changes
Post by: sullrich on January 17, 2008, 12:01:37 am
The code has been commited to RELENG_1 and HEAD and is being rapidly tested and abused by us.  We have identified a few major issues but all I can say is that this code is going to kick so much ass it's not even funny.  You can select different schedulers per interface now and a bunch of other neat goodies.   Stay tuned!

Title: Re: Traffic shaper changes
Post by: colin7151 on January 17, 2008, 12:47:29 am
wow pf rules ! Ok, sorry for the sudden outburst of enthusiasm. If you guys (the pf community) ever want some prizes for contests or anything like that let me know and I can hook you guys up with some free music gift cards (around $50-100 worth) for grooveshark.com (I work there).

prob the wrong place to post a random thought like this ... feel free to move
Title: Re: Traffic shaper changes
Post by: sullrich on January 21, 2008, 06:17:24 pm
I have been testing the new shaper and OMG.  It's incredible!

However, I hate beating this dead horse.  We have only collected 500$ of what was around 5K!

So please, do your part and paypal the amount you pledged today to paypal@chrisbuechler.com !!!!

If we can get folks moving, we might be able to convince Ermal to make a 1.2 patch and I'll create a package for it.
Title: Re: Traffic shaper changes
Post by: mrt_ok on January 22, 2008, 02:03:14 am
sounds good! i guess you mean the $500 from me :)

-thomas
Title: Re: Traffic shaper changes
Post by: Perry on January 22, 2008, 02:43:48 am
Just an idea, PM those that haven't paid up or email them as i can see wcoolnet & Delphinus hasn't been around lately. And make a list here.

Following has donated to this bounty.

Still waiting to here from.

Maybe a list of features added could help getting more money.
hope it helps.

Title: Re: Traffic shaper changes
Post by: Spinmaster on January 22, 2008, 03:19:47 am
Hi!

Would just like to check....

I've got:
- PPPOE with multiple IPs
- WAN, LAN and DMZ interfaces
- VOIP on LAN
- Email and Web on separate IPs in DMZ

What I'd like to be able to do is:
- Give VOIP highest priority
- Then Web
- Email low priority

Will this mod do what I want?

Thanks!
James.
Title: Re: Traffic shaper changes
Post by: ermal on January 22, 2008, 04:36:43 am
What it can do:
1- Supports CBQ, HFSC, PRIQ schedulers whith any combination of them on any number of interfaces. To suit any strange environment.
2- You can shape
        Bridge, PPTP, PPPoE, OpenVPN or tun devices, IPSec incoming, Overall IPSec tunnels, L2TP, or any other device/software that does IP traffic in a distinguishable way.
3- You can create policy filtering as there is a new tab which allows expressing a late match syntax with support for tagging and matching on tags(i call them marks in the GUI), directions. Simple allows one PF expert to do policy filtering.
4- The queues are specified in each rule you create, there is no more a rules tab on the shaper section. This makes things cleaner and easier to manage.
5- You can shape/override DHCP, DNS, or any default policy of pfSense by just creating rules from the GUI.
6- The easiest way to create a policy for multiple interface shaping and filtering, at least in contrast with what i have used.
7- [Is on its way] Multiple wizards to use on different environments.


Requirments:
1- Know how.
Meaning you should know what you want then i guarantee it can be done with this new module and the wizards should help on this,

Am i missing anything Scott?!
Title: Re: Traffic shaper changes
Post by: heiko on January 23, 2008, 03:57:29 am
What is with outgoing traffic eg. a range of ports within an ipsec-tunnel? Is this possible, for example
rdp -3389 outgoing traffic through the ipsec tunnel with a highest priority?
Title: Re: Traffic shaper changes
Post by: ermal on January 23, 2008, 05:52:49 am
For now it is not supported, but is planned after i totally finish the gui cleanup and some small fixes for the current one to be ready to use.

The incoming part should be ready approximately by mid September.

Let's hope the people will respect this bounty first.
Title: Re: Traffic shaper changes
Post by: heiko on January 23, 2008, 06:31:26 am
i have send you a personal message...
Title: Re: Traffic shaper changes
Post by: ermal on January 23, 2008, 07:35:26 am
Uppss that should read mid february. Just a mismatch with my native language :)
Title: Re: Traffic shaper changes
Post by: heiko on January 23, 2008, 07:51:13 am
Also for the outgoing packets through the ipsec tunnel eg. portbased....

mid february :D

Please send me the first invoice for about 800 $ ....you have the details....

Greetings heiko
Title: Re: Traffic shaper changes
Post by: ermal on January 25, 2008, 03:49:04 am
What it can do:
1- Supports CBQ, HFSC, PRIQ schedulers whith any combination of them on any number of interfaces. To suit any strange environment.
2- You can shape
        Bridge, PPTP, PPPoE, OpenVPN or tun devices, IPSec incoming, Overall IPSec tunnels, L2TP, or any other device/software that does IP traffic in a distinguishable way.
3- You can create policy filtering as there is a new tab which allows expressing a late match syntax with support for tagging and matching on tags(i call them marks in the GUI), directions. Simple allows one PF expert to do policy filtering.
4- The queues are specified in each rule you create, there is no more a rules tab on the shaper section. This makes things cleaner and easier to manage.
5- You can shape/override DHCP, DNS, or any default policy of pfSense by just creating rules from the GUI.
6- The easiest way to create a policy for multiple interface shaping and filtering, at least in contrast with what i have used.
7- [Is on its way] Multiple wizards to use on different environments.


Requirments:
1- Know how.
Meaning you should know what you want then i guarantee it can be done with this new module and the wizards should help on this,

Am i missing anything Scott?!


Adding another feature so it remains as a documentation too:

8- If you have 3 different networks separated from each other and you want to combine to a single centralized management with pfSense and the new shaper, they can be handled/shaped separated or even provide failover for them. Kinda, basic support for different domains.
Title: Re: Traffic shaper changes
Post by: heiko on January 25, 2008, 12:53:30 pm
Eri,
however....it must only work as it should.... (ipsec shaping portbased incoming/outgoing)

So, my payment is now 1600 $, per invoice 800 $.... thatīs my offer.

Greetings
Heiko


Title: Re: Traffic shaper changes
Post by: ermal on January 25, 2008, 01:29:50 pm
It will do that, possibly more!
Title: Re: Traffic shaper changes
Post by: tacfit on January 31, 2008, 09:11:36 am
Quote from: tacfit
I'll put in 200$ for shaping unrestricted by number of WANs and LANs.

Sorry, there's a lot of pages here, I can't read them all. Has this been accomplished?

(Perhaps another system could be devised for tracking some of these things?)
Title: Re: Traffic shaper changes
Post by: ermal on January 31, 2008, 09:53:19 am
Yes, it is completed. Only cosmetics issues and some wizards are left. In addition there will be an addition requested by Heiko for IPSec.

Just the people that pledged here have not.
Title: Re: Traffic shaper changes
Post by: tacfit on February 01, 2008, 03:06:50 am
Gotcha. Thanks, I'll be sending that money in shortly.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: colin7151 on February 07, 2008, 02:25:43 pm
Other than money is there anything I can do to help this process along ?

I have a pretty large deployment and decent traffic, I would be more than happy to help test if it would help. I also have a few php guys i could bring in to help.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: GoldServe on February 08, 2008, 02:05:51 am
sorry if it has been mentioned before but is this going as a package into 1.2RCX?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 08, 2008, 12:34:20 pm
sorry if it has been mentioned before but is this going as a package into 1.2RCX?

Doubtful.  We will make a custom version available to those who have donated so far but due to the fact that a lot of people have stiffed this bounty we will NOT be making a general version available for everyone.

If you happen to know one of the bounty contributors you might convince them to let you have the custom version when we release it but if I was them I would say no.

This entire ordeal is going to force us to change how we do future bounties.  Money will be required UP FRONT before any work starts.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Rich on February 08, 2008, 12:51:58 pm
Can I make a donation of a couple hundred bucks and be able to get this update?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 08, 2008, 01:15:15 pm
Can I make a donation of a couple hundred bucks and be able to get this update?

First of all, absolutely.  We really want to get Ermal compensated for all of his hard work.

Second, we do not have a absolute release date for this custom version but can say it will be in the next 2-3 weeks after 1.2 is released.

If you are still interested send the donation to Chris Buechlers paypal account which is listed in the donations section of the website and please make sure you put "Traffic Shaper Bounty" somewhere in the description so we can remember who donated to this cause.

Thanks everyone that has donated so far. 
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Rich on February 08, 2008, 01:22:32 pm
Can I make a donation of a couple hundred bucks and be able to get this update?

First of all, absolutely.  We really want to get Ermal compensated for all of his hard work.

Second, we do not have a absolute release date for this custom version but can say it will be in the next 2-3 weeks after 1.2 is released.

If you are still interested send the donation to Chris Buechlers paypal account which is listed in the donations section of the website and please make sure you put "Traffic Shaper Bounty" somewhere in the description so we can remember who donated to this cause.

Thanks everyone that has donated so far. 

Great. I'll get the IT Director to send you guys some money.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Emab on February 08, 2008, 02:10:51 pm
So this will be never integrated in pfSense for any users? neither in version 1.3?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 08, 2008, 02:40:18 pm
No it will appear in 1.3.  But 1.3 is a LOOOOOOONG way off.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Rich on February 09, 2008, 02:45:22 pm
Is there a ballpark ETA for 1.2? I'm redesigning our entire network and want to use it with the new traffic shaping as our edge firewall.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: quentusrex on February 10, 2008, 08:02:48 am
Would this help with load balancing incoming connections? What about balancing outgoing connections to which ever connection has the least usage?

If it can help with my project I'll consider donating $100.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 10, 2008, 08:27:10 am
Quote
Would this help with load balancing incoming connections? What about balancing outgoing connections
You can shape such setups.

Quote
to which ever connection has the least usage?
This is not a shaper decision. This is the load balancer option.
But you might create another bounty for creating such a feature.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: qluk on February 11, 2008, 11:26:05 am
Hi,
Is ~50$ enough to get this custom version? It's important for me because i'm providing internet access for free (non-profit ISP). And i don't have much budget.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: grolo on February 12, 2008, 10:06:41 am
I don't know if this can be done with pfsense now or with the new custom patch you are developing.

The question is if it's possible to create different groups or classes in the local users and to assign them different bandwith. For example you have a wireless network and clients can access through de captive portal, with dhcp, and i would like to create a gold client class, silver and bronze, and assign 1MB, 512 KB and 256 KB to each download rate.

I think this is not possible now, but i don't know if that would suit in this bounty or for a new one.

Thanks for your time and work.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 12, 2008, 10:43:54 am
Quote

The question is if it's possible to create different groups or classes in the local users and to assign them different bandwith. For example you have a wireless network and clients can access through de captive portal, with dhcp, and i would like to create a gold client class, silver and bronze, and assign 1MB, 512 KB and 256 KB to each download rate.

I think this is not possible now, but i don't know if that would suit in this bounty or for a new one.
It can be accomplished sort of right now.

But to fullfill your exact requirements it would really be a new bounty to keep things clean.
It is on my schedule and a bounty would speed things up cause i have the ground work for this mostly done.

Although i would like to see this changes come with the propper captive portal changes and people gather up on a bounty for extending captive portal!(Again as a matter of pushing things).
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: colin7151 on February 15, 2008, 02:09:51 am
OK so if I can scrape together like $200:


Title: Re: Traffic shaper changes
Post by: ermal on February 17, 2008, 09:35:20 am
What it can do:
1- Supports CBQ, HFSC, PRIQ schedulers whith any combination of them on any number of interfaces. To suit any strange environment.
2- You can shape
        Bridge, PPTP, PPPoE, OpenVPN or tun devices, IPSec incoming, Overall IPSec tunnels, L2TP, or any other device/software that does IP traffic in a distinguishable way.
3- You can create policy filtering as there is a new tab which allows expressing a late match syntax with support for tagging and matching on tags(i call them marks in the GUI), directions. Simple allows one PF expert to do policy filtering.
4- The queues are specified in each rule you create, there is no more a rules tab on the shaper section. This makes things cleaner and easier to manage.
5- You can shape/override DHCP, DNS, or any default policy of pfSense by just creating rules from the GUI.
6- The easiest way to create a policy for multiple interface shaping and filtering, at least in contrast with what i have used.
7- [Is on its way] Multiple wizards to use on different environments.


Requirments:
1- Know how.
Meaning you should know what you want then i guarantee it can be done with this new module and the wizards should help on this,

Am i missing anything Scott?!


Adding another feature so it remains as a documentation too:

8- If you have 3 different networks separated from each other and you want to combine to a single centralized management with pfSense and the new shaper, they can be handled/shaped separated or even provide failover for them. Kinda, basic support for different domains.


9- Shaping inside IPSec tunnels works now.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sbyoon on February 18, 2008, 01:09:43 am
I'm also interested in the traffic shapping in IPSec tunnel. So I sent $100 to Chris Buechlers paypal account today.

Thank you.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: craigdrown on February 19, 2008, 12:26:43 am
Hi,
we've spent a lot of time looking at traffic shaping, and really like the approach of bandwidthabitrator.net, which is to...
... do nothing until pipe is 85% full (user specifiable)
... if > 85% then clamp specific connections that have the highest bytes transferred and longest connection time. (Clamp as in introduce some latency to slow 'em down). This happens pretty quickly and then the process is repeated...
Advantages:
   * super easy to set up
   * gets the pesky p2p stuff even if on port 80
   * allows all users to get lots of bandwidth without the risk of them bogging down other users when it's busy.

pftop already does all the stats for finding the offending connections, it just needs a clever head to work out how to slow down those particular connections.

I realize this is significantly different to existing traffic shaper work, so please make a new thread if approp. We'll donate US$500 up front if someone takes this up.
Thanks,
Craig
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sporkme on February 19, 2008, 12:50:53 am
Can I make a donation of a couple hundred bucks and be able to get this update?

First of all, absolutely.  We really want to get Ermal compensated for all of his hard work.

OK, I never promised anything, and I'm currently one broke bastard.  But if people that pledged money in this thread didn't follow through, shame on them!

I just sent $50, I wish it was more.  I don't even need this feature nor would I use it for work - I just want to tinker at home, but it irks me that people didn't pony up.  I hope everyone that stiffed the devs sleeps well.  :P

edit: you'll see my donation from an "@fasttrackmonkey.com" address.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 19, 2008, 01:16:14 am
Hi,
we've spent a lot of time looking at traffic shaping, and really like the approach of bandwidthabitrator.net, which is to...
... do nothing until pipe is 85% full (user specifiable)
... if > 85% then clamp specific connections that have the highest bytes transferred and longest connection time. (Clamp as in introduce some latency to slow 'em down). This happens pretty quickly and then the process is repeated...
Advantages:
   * super easy to set up
   * gets the pesky p2p stuff even if on port 80
   * allows all users to get lots of bandwidth without the risk of them bogging down other users when it's busy.

pftop already does all the stats for finding the offending connections, it just needs a clever head to work out how to slow down those particular connections.

I realize this is significantly different to existing traffic shaper work, so please make a new thread if approp. We'll donate US$500 up front if someone takes this up.
Thanks,
Craig

I think the new shaper is superior than this.
Not currently, but for 1.3 will be ready a discipline that does that but better in many ways.

You can do such configuration and people seem pretty happy with it(HFSC). Though you have to identify traffic properly.
If you want to still donate that money i will make sure that a feature to better identify traffic goes in for 1.3.
Which would allow finding P2P and other traffic on any port!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Jonb on February 19, 2008, 11:39:06 am
Can you name and shame these ungratful people and also say how much you are short by of what the original plegdes are. thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on February 19, 2008, 01:47:15 pm
Sorry,
for me!!! "name and shame" is also a bad style.

It is here a pillory? To educate people here is pointless, only the changes of the bounty-system is an option, but this is only my opinion!

Greetings
Heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on February 19, 2008, 02:04:19 pm
Hello eri,

1600 $ done! to paypal@chrisbuechler.com

Greetings
Heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 19, 2008, 02:19:54 pm
Hello eri,

1600 $ done! to paypal@chrisbuechler.com

Greetings
Heiko

Thanks Heiko!!!   I agree, we need to make some changes to the bounty system to prevent this from ever happening again.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 20, 2008, 02:21:13 am
Thank You Heiko for your support.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: bogus on February 20, 2008, 10:22:09 am
Hi all,

I hope we get some compensation for Eri-- for his work.

100$ on it's way to paypal@chrisbuechler.com

Carry on this great work.

I hope to see 1.2 and this package soon.

Detlef
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ridnhard19 on February 20, 2008, 10:07:32 pm
Hi, Eri-- will the new shaper support the embedded version before major inclusion with 1.3? If so I'll defiantly throw-in for this.  I have a couple embedded pfSense box's including a firebox with 5 ethernet ports and this would be a excellent enhancement.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 21, 2008, 02:29:36 am
Yes.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 23, 2008, 05:37:39 am
Here are some pictures of the new shaper just for completenes and preview.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ridnhard19 on February 24, 2008, 07:28:56 pm
Hey the screen shots look hot!

As promised earlier; $100 sent to paypal@chrisbuechler.com
Thanks for your efforts; I can't wait to get my hands on this new shaper config tool!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on February 25, 2008, 02:04:16 pm
Hello Eri,

i have found another 100$. Done!

to paypal@chrisbuechler.com

Greetings
heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: hoba on February 25, 2008, 02:07:05 pm
Thanks heiko! We really appreciate all your support!  :)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 25, 2008, 02:50:53 pm
Heiko,

well i am out of words.

Thank you very much for your support.

I only can say that if you have a feature request i will be happy to back it.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on February 25, 2008, 02:59:23 pm
Make many wizards and you make me happy... :D
Donīt mention it!
Grreetings
heiko

P.S: Ah, i forget, no invoice is needed!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on February 26, 2008, 03:09:43 pm
200 $ done!

to paypal@chrisbuechler.com!

Greetings
heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 26, 2008, 03:39:30 pm
Wow, Heiko you are really stepping up to the plate to fill in where others have let us down!  Thank you so much for supporting the project.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Rich on February 26, 2008, 04:22:17 pm
Is there any ETA on this? The IT administrator here has committed to me to donate to the cause, but he wants some sort of timeframe.

Thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: mrsense on February 26, 2008, 04:26:17 pm
Hello eri,

1600 $ done! to paypal@chrisbuechler.com

Greetings
Heiko

Thanks Heiko!!!   I agree, we need to make some changes to the bounty system to prevent this from ever happening again.


Although the outcome of the project looks *very* impressive and (from the looks of it) worth every penny it would be improper to just blame pledges for not following though as the project was vague on the features and is taking longer to complete that many might have expected.

Anyway, as you revise bounty rules, I would suggest that there should be a way to send money to the project after the project has completed.  I would be happy to send money if the particular feature does fit my needs, has no bugs (works with other packages I use) and is actively maintained.

my 2c
mr-s
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: jahonix on February 26, 2008, 04:45:04 pm
... I would suggest that there should be a way to send money to the project after the project has completed.

Just send it to Chris Buechler's paypal address as mentioned before in this thread. That's how I just did it.
As we have seen here, paying afterwards doesn't work well. Maybe some kind of deposit would do, bit I would consider Chris' account as just this.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 26, 2008, 05:07:47 pm
I quickly scanned through the thread to see who pledged, etc.  If you have already paid please reply and say that you have already paid.

Everyone else, you have a week to pony up or you will find that your avatar and tagline on your forum account will embarrass you going forward.  It's the least I can do.   Again, if you already paid just let me know and I'll mark it paid.  I do not have access to cmb's paypal.

* $50   pfSense
* $200   wcoolnet
* $500   mrt_ok (received in paypal account)
* $100   Delphinus
* $100   msamblanet (paid)
* $25   SMachiz
* $100   davidw
* $100   guigux
* $500   ltning
* $200   tacfit
* $1600   heiko (paid)
* $100   Perry (paid)
* $50   sporkme (paid)
* $200   colin7151
* $50   qluk
* $100   quentusrex   

Thanks to everyone who has pledged and paid!  You guys and gals rock.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: cmb on February 26, 2008, 05:35:52 pm
Although the outcome of the project looks *very* impressive and (from the looks of it) worth every penny it would be improper to just blame pledges for not following though as the project was vague on the features and is taking longer to complete that many might have expected.

People should never pledge contributions if they aren't in agreement with the details or lack there of exactly as provided. Asking for clarification or specifics is welcome, pledging in agreement with what's provided and then not following through is unacceptable.


Anyway, as you revise bounty rules, I would suggest that there should be a way to send money to the project after the project has completed.  I would be happy to send money if the particular feature does fit my needs, has no bugs (works with other packages I use) and is actively maintained.

It appears, other than a few people we work with regularly, that any method that does not get the money to us in advance isn't going to work. We need to work out some sort of escrow where the money is submitted, but the person doing the work doesn't get it until the work is completed to the payer's satisfaction. There needs to be a deadline if the payer desires, so the money is automatically refunded if not completed by X date. Other suggestions welcome.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: adrianmk on February 26, 2008, 10:18:29 pm
I'm really looking forward to this feature, you guys rock!

Also, I just sent $50 USD to paypal@chrisbuechler.com.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on February 26, 2008, 11:11:58 pm
I'm really looking forward to this feature, you guys rock!

Also, I just sent $50 USD to paypal@chrisbuechler.com.


Thank you!   Ermal has put a lot of work into this and I have to say that traffic shaping has been one of the most difficult features of pfSense.  Everyone helping out is doing nothing but motivating Eri-- to take this further!  Keep it coming!  :)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: qluk on February 27, 2008, 01:30:57 am
sullrich, i'm waiting for new credit card to activate payPal (i always use Visa electron, non CCV2, non internet payment), plz be patient :].
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: tacfit on February 27, 2008, 07:14:26 am
250$ sent. Forgive my tardiness; my company didn't have their own Paypal account so I had to arrange that. I believe that payment came from a paypal account starting in "mhughes".
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 27, 2008, 11:52:23 am
Sai has contacted me saying he has done a bank transfer to my account.

So he said he sent his 100$.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ltning on February 27, 2008, 01:48:23 pm
I quickly scanned through the thread to see who pledged, etc.  If you have already paid please reply and say that you have already paid.

Hi,

I just paypaled my $500 -- reminding of the fact that I wanted to transfer a few weeks back but was asked to wait, because you didn't know who should have the money ;)

Your work is much appreciated. My contribution doesn't come close to paying for the work going into it, so I consider the deal I got to be a good one.

Thank you!

/Eirik
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Rich on February 27, 2008, 02:29:07 pm
I just sent $100 from my personal account to help out on this. The IT director really likes the looks of PF, and has committed to me to contribute, but doesn't want to until he has an ETA on the project being finished.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on February 27, 2008, 02:39:07 pm
Hello eri,

100 $.
Done!

to paypal@chrisbuechler.com!

So the total promised amount is full...... 2000 $  :D

No invoice is needed!

Greetings
heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on February 27, 2008, 04:30:05 pm
I just sent $100 from my personal account to help out on this. The IT director really likes the looks of PF, and has committed to me to contribute, but doesn't want to until he has an ETA on the project being finished.
In 2 weeks it should be available.

Thanks everybody for your support.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on February 28, 2008, 12:22:22 pm
Ciao everybody.

Thanks ermal for this great and much wanted feature!!

I've just contributed with 100$, i just hope the first release will be well tested and will work properly with all the packages i have installed :-)

BIG UP


Albe
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: afrugone on February 29, 2008, 11:10:23 am
This is my small contribution, US$50, I'll appreciate very much you can tell me when you think it will be ready to test

 feb 29, 2008    Pago Para Chris Buechler     Completada     ...    -$50.00 USD

Saludos,
Alfredo
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: colin7151 on February 29, 2008, 07:38:12 pm
OK so if I can scrape together like $200:

  • Will I get a package that I can install on 1.2 once it goes final ?
  • Will anyone be able to provide basic support if I cant get it to work ?
  • Will it get updated if updates of pfsense before 1.3 break it or will I be stuck on the same version of pfsense that it was originally written to work on ?
  • Will it get updated with general bug fixes ?
  • Can I send the patch to friends ? What about posting it on my blog ? What is the license of this package going to be ?



I dont know if its fair to put me on that list, all i did was ask a few questions that no one ever answered. If someone can answer my questions I would be happy to put in what i had suggested.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 01, 2008, 04:34:20 am
OK so if I can scrape together like $200:

  • Will I get a package that I can install on 1.2 once it goes final ?
  • Will anyone be able to provide basic support if I cant get it to work ?
  • Will it get updated if updates of pfsense before 1.3 break it or will I be stuck on the same version of pfsense that it was originally written to work on ?
  • Will it get updated with general bug fixes ?
  • Can I send the patch to friends ? What about posting it on my blog ? What is the license of this package going to be ?



I dont know if its fair to put me on that list, all i did was ask a few questions that no one ever answered. If someone can answer my questions I would be happy to put in what i had suggested.

I didn't answer your question cause there is a simple answer.
It is a improvement to pfSense that you can have earlier and it will be compatible with future versions of pfSense, in the upgarde way and since it is going to be pfSense new shaper the license is permissive, as in BSD license, for you to do what you want with it.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sai on March 01, 2008, 05:48:37 am
I dont know if its fair to put me on that list, all i did was ask a few questions that no one ever answered. If someone can answer my questions I would be happy to put in what i had suggested.
I AM NOT A DEV but my understanding is:  many people offerd to pay a bounty but are now awol. so the package is available only to those who paid. the shaper will be available in 1.3 for all.

I also have an objection to being put on the list - I offered to pay but Scott refused to accept any money from me.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: svabi on March 01, 2008, 05:58:58 am
just sent $50 to paypal@chrisbuechler.com

thank you for your hard work!

jan
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: colin7151 on March 01, 2008, 02:41:59 pm
Right on, that makes sense but as someone new to the community its hard to get that big picture answer very easily.

Ill send the $ early next week when i get home.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sbyoon on March 02, 2008, 08:43:12 pm
I sent $100 to paypal@chrisbuechler.com before. My e-mail address starts with fogyoon.

Thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: tec on March 03, 2008, 04:49:31 am
I didnt participate in the initial bounty. But after I read what Eri did I was really impressed. Therefore I will donate a small amount. As I am a Student I would like to donate more but right now I cant.
I sent $25 to paypal@chrisbuechler.com before. My e-mail address starts with teclis

Thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: hoba on March 03, 2008, 08:17:25 am
I really want to thank everybody who is donating money for this, even if it's only a small amount. We really appreciate it and all the traffic shaper changes are really worth it. It's not trivial to implement and Ermal is doing a great job! Thanks everybody and thanks Ermal.  :)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: gandyman on March 03, 2008, 02:29:43 pm
Just send:
U hebt $75,00 USD verstuurd naar paypal@chrisbuechler.com. Er is een e-mail gestuurd naar de ontvanger.

Yeah I know this is dutch  ;D

enyway send $75,00 as bounty for this cool program.

Thx already for the great job.

Note:
This bounty thing you have here is indeed a bit messy.
See this bounty for traffic shaping, aftera while ppl walk away, whey find other programs or other solutions.

It would be wise to have a part on this forum with only can be edit by mod's & Admin's.
Wen someone ask something and offer a bouty for it then the PFSense crew first look what it must cost in total.
How much hours work and effort it cost etc etc..
Then you make in that seperate part an own bounty toic for this question with the total amound money it minimun must cost.
Ppl can send in money and the moment the first buck come in the PFSense crew start making this new plugin.

So the writing from the program and the money what comes in walks hand by hand. ( more or less)
Becouse you see how much is coming in already and how far the program is.

This way you can announce in this special topic the progres from writing the software so ppl can how far you are.
( not ad daily basis afcourse) but now and then, some sort progres meter or so.

This wil stimulate ppl to pay and the is some sort deadline from expectation wen it is ready for launce.

Now on this bounty ( or most other bounty's on this forum) it was very misty how and what was going on.
and yes ppl walk away then because there happen nothing...

BTW just my 2 pence

enyway thx again for the great job.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on March 03, 2008, 02:54:45 pm
I think, it takes a lot of confidence, for both sides, but also i think, you donīt know, how this bounty has been materialized  ;)

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: gandyman on March 03, 2008, 03:36:51 pm
I am already for a while on this forum but post not much becouse I want to figger things out for myself.

enyway.
I read a lot here aboud this and other bounty's and the devellopping from such bounty.

See also ppl say:
Wen it can do this and that I pledge $75.

Se there is some need to inform how much $ is needed for such bounty, how much amound of $ went in, how far the progres from the new software is, and what it can or cannot do.

With this knowledge ppl wil pay or wil not pay, simple as that.

The team make the software wen money come's in,
And not how it happen now on pledge, because this is no stable base where you can count on.

I can pledge a 100 000 but wen I dont pay that is the end..

So only thing I wanna say is good information and wen pay they make things.
This wil  run smooth and good, and you wil see no more trouble or confusion.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on March 03, 2008, 03:57:30 pm
What is your intention about this thread, "indoctrination", i donīt know,
all of the folks here do the very best...

Regards
heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: gandyman on March 03, 2008, 06:54:42 pm
??? indoctrination ???

My English must be realy bad if you read it this all negative. ??

Read it al back again.

last attempt to explain it to you.
This is just my 2 pence ,Tip or Idea or whatever to let futere bounty devollepment run smooth,
aswel for the ppl here as for the PFSense team.
So there is no more confusion ...

nothing more

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on March 04, 2008, 02:56:38 am
i have read it and yes, i have to understand this.... ;)

as well, nothing more





Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: djmizt on March 04, 2008, 04:45:50 pm
donated $100 to paypal@chrisbuechler.com for this project
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: qluk on March 06, 2008, 07:45:51 am
OK, my 50$ go to paypal@chrisbuechler.com  :]
good job :)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: NateDavis on March 10, 2008, 12:43:28 pm
I have just a few questions, and would be willing to donate a few hundered dollars to get a copy of this feature earlier than waiting for 1.3, but I need to make sure it will work in my environment. Attached is a small JPEG outlining the setup I want to use this feature for. I would love to be able to use it in bridge mode (between just two nics), if I can do two things (This is planned for the whole pipe):

1. Standard QoS - RDP, VoIP, and OpenVPN Traffic taking all priorities, and all others at a lower priority. I am confident this is included with this release. (I have VoIP Traffic running over the OpenVPN, but as I understand this thread, we will be able to shape this as well if we want to.) Right now, if I just shape the OpenVPN to take priority, then that will take care of VoIP.

2. Traffic Limiting - Being able to limit traffic (down to 3mbit instead of 10mbit) based on source IP or MAC Address. The picture attached, might explain this better, but in essence, I want to limit the tenants firewalls in our building. Total bandwith incoming and outgoing, and if that is not an option, at least give priority to source IPs.

If someone with better knowledge than I of what this new shapper is capable of could reply to this message and explain if these features are avaliable with this release, I will then be able to find out what my company is willing to send.

Thanks again!
Nate
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 10, 2008, 01:07:20 pm
I have just a few questions, and would be willing to donate a few hundered dollars to get a copy of this feature earlier than waiting for 1.3, but I need to make sure it will work in my environment. Attached is a small JPEG outlining the setup I want to use this feature for. I would love to be able to use it in bridge mode (between just two nics), if I can do two things (This is planned for the whole pipe):

1. Standard QoS - RDP, VoIP, and OpenVPN Traffic taking all priorities, and all others at a lower priority. I am confident this is included with this release. (I have VoIP Traffic running over the OpenVPN, but as I understand this thread, we will be able to shape this as well if we want to.) Right now, if I just shape the OpenVPN to take priority, then that will take care of VoIP.
Yes, you can do this.
Quote
2. Traffic Limiting - Being able to limit traffic (down to 3mbit instead of 10mbit) based on source IP or MAC Address. The picture attached, might explain this better, but in essence, I want to limit the tenants firewalls in our building. Total bandwith incoming and outgoing, and if that is not an option, at least give priority to source IPs.
Yes you can do this too. Seems like CBQ is a good candidate for your needs.

Quote
If someone with better knowledge than I of what this new shapper is capable of could reply to this message and explain if these features are avaliable with this release, I will then be able to find out what my company is willing to send.

Thanks again!
Nate


I do not know if you need more elaborated answer!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: NateDavis on March 10, 2008, 01:30:14 pm
ermal,

Thanks for your quick response. If I were able to donate $200 today, Is there an upgrade to update my new pfSense box I can get within the next week, or are we still out a little more time?

Let me know,
Thanks,
Nate
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 10, 2008, 01:33:14 pm
AFAIK i am trying to roll the update now :).
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: NateDavis on March 10, 2008, 01:45:47 pm
Wonderful, give me about 3 hours to get approval, and I will send $200 to paypal@chrisbuechler.com for this Bounty.

Thanks so much for your efforts!

Nate
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: NateDavis on March 10, 2008, 03:47:38 pm
Done and Sent.  $200 to paypal@chrisbuechler.com for this feature.

Thanks again for your time and effort. It is making a difference.

Looking forward to the new release,
Nate
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: pogi on March 11, 2008, 02:20:52 am
I have just discovered this thread and bounty, and would like to know if this would allow me to do the following and I would be very happy to send a payment of $100

I have 2 WAN, 1 of the WAN's is for use by DMZ VOIP only, and the other is for my LAN.

I am planning to get another WAN DSL.

I would really like to be able to have:

LAN Machine 1 <> WAN 1  with shaping for giving priority based on protocols etc
LAN Machine 2 <> WAN 2  with shaping for giving priority based on protocols etc
DMZ VOIP <> WAN3  with shaping for giving priority based on protocols etc

Would also be nice to send certain traffic from LAN to WAN3 to be shaped etc.

Is this possible, sorry I a bit confused.

Thanks


Lee



Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 11, 2008, 11:52:44 am
Quote
I have 2 WAN, 1 of the WAN's is for use by DMZ VOIP only, and the other is for my LAN.
That's the bounty requirement and it is fulfilled.

As for the other parts those are rfeatures that pfSense supports already.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 11, 2008, 06:50:43 pm
All the people that have contributed to this bounty should have a PM(private message) on their inboxes.
If by any chance i have left anybody out please contact me.

Thank you again to all of you.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: colin7151 on March 11, 2008, 08:15:40 pm
Ok, just sent $200 to paypal@chrisbuechler.com 
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: pogi on March 11, 2008, 09:10:21 pm
sent $100 to paypal@chrisbuechler.com

Lee
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: gandyman on March 12, 2008, 02:13:48 pm
Thx ermal  for the great job.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: NateDavis on March 13, 2008, 10:05:35 pm
All seems to be working pretty good in my environment with this new Traffic Shapper. The only problem I am having, is I would like to be able to see the queue's and there total usage so I can troubleshoot where the problems are. When I clock Traffic Shaper under the Firewall menu, I do see the shaper and the settings I have made. But when I goto Status, and choose Queues, and it returns back, "Traffic shaping is currently disabled." Let me know if I am doing something wrong...

Thanks!
Nate

P.S. I did use the EZ Traffic Shaper to create my rules.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 14, 2008, 04:06:23 am
Hmm its a forgotten merge on the update i gave just change this from the /usr/local/www/status_queues.php

     63 if(!isset($config['shaper']['enable'])) {
to
     if (!is_array($config['shaper']['queue'])) {


The numbers are the line number.

Or if you wish go here to this link (http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/status_queues.php?rev=1.25.2.10.2.1.4.1;content-type=text%2Fplain;only_with_tag=RELENG_1_2_RELEASE_BRANCH) and save it in your pfSense router as /usr/local/www/status_queues.php.

Sorry about the disruption. It will be fixed on the next one.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on March 14, 2008, 03:09:19 pm
you have to receive a present, please send me an invoice

300$ Done!

greetings
heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 14, 2008, 04:44:12 pm
Thank You very much!

Nice present :)

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on March 14, 2008, 04:49:22 pm
My Pleasure! ;)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: neek on March 17, 2008, 11:46:20 pm
$50 sent to paypal@chrisbuechler.com

Thanks for all the work!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 19, 2008, 01:38:06 pm
For all the bounty people a simple introduction to the new shaper interface:
There are 5 new things:
1- Floating rules
2- The way you configure queues
3- The way you setup traffic to belong to a queue
4- DSCP(diffserv codepoint) matching
5- IPSec tunnels shaping

1- Is a tool to allow all sort of things.
Basically from this tab you can choose multiple interfaces for a rule. Which direction the rule applies, if it is a terminating rule[quick], if you want to tag traffic with it for later matching it with this tag.
For example you want the http traffic is allowed to go out on every interface you have.
Just setup direction outgoing, port 80 and click save.
If you want the rule to apply only to certain interfaces select them at the interface selection with holding down CTRL button and choosing the ones you want and the above rule applies only to those interfaces.
This way for example you can load balance squid. With a rule as pass out from any to any port 80

Now if you do not select the quick option the rule is not terminating meaning even if it matches the traffic it goes to the next rule and matching against those. If the next rule matches it is the matching rule now. Tags can be applied from one rule to the other.
IE let say you want to pass/shape traffic from protocol tcp,icmp,udp from different interfaces to a same queue. Instead of having to choose the action/queue on each rule just setup the rules and on advanced section apply the same tag to them. At the end of these just setup a rule which passes or block the traffic tagged/marked with the previous tag or the queue they should go. So next time you decide this traffic should go to a different queue you just change one rule and not all of them.
Beaware that to preserve previous behaviour the rules created on the specific interface take priority meaning that they just are applied if traffic matches and that is the final verdict.
So i fyou want a mix of FloatingRules and specific interface rules you must be very specific on the specific interface rules so not to override the actions choosed on floating rules.

2- Now on the Firewall->Traffic shaper you configure only the queue parameters.
To know better what they mean you have to read the pf.conf manual page or just go at http://www.openbsd.org/faq/pf and read about shaping.

To shape traffic on multiple interfaces with only one rule. Just create on multiple interfaces queue with the same name and than just setup a rule that makes desired traffic go to that queue and even if traffic passes to different interface it will go to this queue and be shaped accordingly.
Be aware that the queues with the same names share only the name they can have different priority bandwidth discipline or even the hierarchy of queue may be different. Just the name has to be the same.

For example, if you have 3 interfaces. One LAN 1 and 2 internet links. Have created a load balancing pool for the 2 internet links and want to shape http traffic on the links to the queue http created with the desired parameter on the Traffic shaper configuration.
There are 2 ways to do it.
a) From the lan tab choose all traffic with a destination port of http and select queue http this takes care of it.
b) go to Floating tab and create the same rule there.
If you have Squid running and want to loadbalance the only place is the Floating tab. Create a rule with outgoing direction and select the 2 interfaces where the internet links are connected and choose the queue http for traffic with destination port 80 and protocol tcp.


3- Now the queues are specified on the rule tab and you have easily noticed that.

4- You can now match traffic based on DSCP so easier to match VoIP traffic.

5- IPSec inside tunnels is transparent.
Just setup rules as you do for traffic passing from LAN to WAN and choose the queue you want to apply.
So if you want RDP to have priority better than other thing on the tunnel just setup rules as said on 1-.

For any questions do not hesitate.

Regards and thank you again for your support,
Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 19, 2008, 02:15:32 pm
Forgot the By queues view:

It allows you to copy queues from one interface to the other.
Cloning a full interface is not currently supported.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sai on March 20, 2008, 01:56:46 am
is it possible to make a new queue that is a child of an existing queue?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 20, 2008, 02:20:21 am
Sure.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sai on March 21, 2008, 12:44:39 am
If I have a queue called qVoip23 in the Lan, how do I make a new queue that  has as parent qVoip23 ?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 21, 2008, 03:50:16 am
click qVoip23 on the tree and than click"Add queue" button at the bottom of the form.

I though it was intuitive enough, no?!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on March 21, 2008, 11:24:02 am
Wondering if it would make sense to  be able to right click a queue and receive a popup that has delete queue and add new child queue?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 21, 2008, 11:49:48 am
Wondering if it would make sense to  be able to right click a queue and receive a popup that has delete queue and add new child queue?

To me seems like hidden functionality since most web function are performed with click-and-go.

Nice would be to have drag-and-drop actually for the queues allowing them to clone easily but this version of the tree does not have it afaik.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sai on March 21, 2008, 12:23:05 pm
click qVoip23 on the tree and than click"Add queue" button at the bottom of the form.

I though it was intuitive enough, no?!
:-)

I didnt get it. I get it now. 

maybe change "Add queue" to  "Add child queue"   ?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 21, 2008, 12:55:41 pm
Maybe but as i thought of it a queue is always a child of its parent and the tree assumes that too!

No?! (If no, then maybe i can make that change.)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: djmizt on March 21, 2008, 04:18:22 pm
Hi Ermal,

I'm getting this error when I click on the wizard:

Parse error: syntax error, unexpected T_STRING in /usr/local/www/firewall_shaper_wizards.php on line 61

I had queueing enable prior to upgrading to this version but those are not showing now. Let me know. Thanks. The new interface looks very nice btw :)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on March 21, 2008, 04:29:26 pm
You can try an update or just remove the line 61 it is just the title in there which was wrong or copy it from.

- traffic_shaper_wizards.php, then it works. First you should try a recent update from ermals link. If this isnīt working, you can delete the line 61 manually as a workaround.


Greetings Heiko
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: djmizt on March 21, 2008, 05:55:13 pm
ok i commented line 61 on that file and I can use the wizard now;

I'm trying to do multiple wan/multiple LAN and everytime the wizard finishes I only have the shaper on the WAN interface  ..my other interfaces (opt1,2,3) do not have any queues in them!

I tried manually adding queues on each interface and it's not doing it

I tried cloning the queues from WAN and no luck there either

Maybe I dont have the latest files?? Can Ermal pm me the lastest cvs file location again? Thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 21, 2008, 07:26:23 pm
Hi all,

It looks like you guys have put some good time and effort into getting the traffic shaper what it needs to be.  Hopefully this bounty is of value to me and I can throw in $50-100 for it.

It sounds like this is possible to do, but I just wanted to verify.

I have 1 wan (probably 2 in the future) on pfSense. It's about a 12/2meg connection. 
LAN has a local router and also 2 access points.  I would like to split/share the bandwidth amongst these 3 devices attached to the LAN.  The trick here is that I need to have more than 2 layers of queues


wan > pf (10.0.0.1) > switch > AP1           > customer router1(10.5.x.1) (Linksys Tomato)
                                                            > customer router 2(10.5.x.1)

                                         > AP2          > customer router 3(10.6.x.1)
                                                               > etc(10.6.x.1)
                                         >local router  > Local PCs             


Sorry that diagram isn't working well. Basically - the AP1, AP2 and local router are attached to pfSense by a switch.  Then customer routers are static routed networks off of pf.

The caveat is that each AP is only capable of about 5-6mbps of total traffic.  I would like to   let customers share the full-speed of the bandwidth from the AP.  Also, there may be some customers that would get less than an even share (penalty box per customer?)

At the same time, we obviously need to prioritize VoIP, http, DNS and set everything else to a lower priority.

So, I believe what I need to do is:
1. Ident traffic type (flags in new shaper?)
2. Setup multiple queues within queues?
     a. WAN queues > b. queues for the individual APs (1 for the 10.5.xxx network and 1 for 10.6.xxx network) >
     c. within the queues for the individual APs: queues or rules for traffic types (http, dns, etc)?
     d. a way to limit individual customers (ie 10.5.3.x network gets limited to 512k but the rest of 10.5.xxxx gets to share the full bandwidth of the AP)

Does that make sense? Will the new shaper allow me to do this?  I think it's just multiple layers of queues?  I do have outbound traffic shaping on the customer routers so they can't saturate the AP.  Customer routers inbound shaping is limited to dropping packets -  I don't want to use that option on the customer routers.

Thanks for your input.  I would love if I can throw in some cash to the pot and get access to the new shaper if it will work for me.

Regards,
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 21, 2008, 07:52:44 pm
Yeah it can do multiple level of queues and all of what you describe.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 21, 2008, 08:51:54 pm
Great! Thank you!  I just sent $75 to Chris.

Yeah it can do multiple level of queues and all of what you describe.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 21, 2008, 09:02:06 pm
So I guess I need to know how to access and install this.  I will get a PM?  This is an embedded install on ALIX.2C3

Regards,
Aaron

Great! Thank you!  I just sent $75 to Chris.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 22, 2008, 03:54:12 am
So I guess I need to know how to access and install this.  I will get a PM?  This is an embedded install on ALIX.2C3

Regards,
Aaron

Great! Thank you!  I just sent $75 to Chris.

Yes, pretty soon.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: NateDavis on March 23, 2008, 04:48:50 pm
If this is the place for tech support questions with the new shapper than great. Otherwise, please direct me where these should go.

I have been playing aorund with the new shapper and either I am really dense, and can't figure it out or I don't understand QoS Properly...  Who Knows...

Anyway, I am trying to prioritize VoIP traffic. This traffic runs over my OpenVPN connection setup in the pfSense. I am having a real problem getting the traffic to register in the voip queue (using the wizard and then modifying the floating tab in rules). Is there anything special I am suppoed to do? I thought about trying to prioritize the openvpn traffic, but couldn't get that to work either. Everything just goes to the default queue.

This is an Avaya ip office setup. I have traffic being tagged with difserv-  DSCP 46, DSCP Mask 63, and SIG DSCP as 0. I tried setting the diffserv in the floating rule to 46, but it still didn't put that traffic in the queue. Any help would be appreciated.

Thanks!
Nate
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: hoba on March 23, 2008, 04:55:37 pm
Shaping inside openvpn tunnels is not yet supported afaik, inside IPSEC should work though.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 24, 2008, 06:54:02 am
It is the default LAN rule that is botching it.
Just make it specific or create the rules for the in the LAN tab over the default one supplied by pfSense.
And please try disabling the antilockout rule.

With the new update things should be better(a matter of days since some issues have been fixed).
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 24, 2008, 10:32:39 am
Hi, I don't mean to be impatient.  Just wondering when I may get access to the new shaper.  I can wait for the new update if it is just a couple days.

Regards,
Aaron


With the new update things should be better(a matter of days since some issues have been fixed).
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on March 24, 2008, 12:48:34 pm
Should be soon.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 24, 2008, 04:50:15 pm
For all the bounty contributors.
In the same link as before will find the updated images with several problem fixed.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 24, 2008, 05:05:56 pm
Get the one with the highest date on it. as -20080324 ;)

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: songus on March 25, 2008, 11:26:45 am
Ill add 50 to the bounty, should i send them now? when will the image be availableŋ?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: hoba on March 25, 2008, 12:11:07 pm
Ill add 50 to the bounty, should i send them now? when will the image be availableŋ?

All bountysupporters get exclusive access to the testingimages and are welcome to testdrive and report back. All others will have to wait for now until there are official builds including the changes. Feel free to send the money in right now.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 25, 2008, 03:41:34 pm
I explained it a page before:
http://forum.pfsense.org/index.php/topic,2718.180.html

Quote
the queue wizard is really a work in progress. the first part is difficult to understand and has text labels in code style. the second part, the one with traffic type prioritization, is an heritage of the old shaper wizard but has no reason to exist, 'cause is not applied anywhere and there's no interface to edit. It seems that now the assignment of traffic type to queues is done within each firewall rule.
Well you do not need any interface to choose since it applies to all interfaces.
Read my explanation of the Floating Tab.

As for the names i will make them more friendly.

BTW, since you are a user what part of the first part you didn't understand?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on March 25, 2008, 04:11:11 pm
sorry, i just found your 1st explanation, that's why i deleted my post...

i'll try apply the rules as by your tutorial and in case get back to you with a good feedback.

to answer your question, if for example i click on the "single wan multi lan" wizard, i'm asked for the number of connections: in my understanding this should be the LAN and the DMZ, but in the next step i have WAN and OPT1 (DMZ) grouped in the "setup connections speed" section, like if we were talking about two WANs, while the DMZ has to be considered like a LAN section.
i'm puzzled here because given i'm configuring multiple lans, as by wizard name, i should be asked just for the wan bandwidth and then describing the lan part. this could be a limit of my understanding of the shaping mechanism within pf, but i have to admit that the wizard isn't a lot descriptive about what am i doing with the info i'm entering and the options i'm choosing.

i just want to avoid traffic shaping between the LAN and DMZ and meanwhile shape all traffic from all interfaces to WAN: from your tutorial i understand that i just need to assign floating rules to queues. i have a solid heritage of rules assigned to each interface, so i think it will take time to make it work correctly. is there any monitoring/debugging application for pf out there?

btw, thanks for the prompt answer.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 26, 2008, 04:36:28 am
Oh for the Multi Lan wizard i might have missed some labels changes.
Though it really asks you for the number of LAN's. As i can not guess what interfaces are considered LAN in your cases.
You see WAN in there since i need to know on which interface is the internet connection connected.

If you do not want to shape traffic between DMZ and LAN, on the traffic shaper config:
1- Click the lan root node on the tree. Set its interface bandwidth to the same as you Network card speed(i.e. 100Mb)
2- Delete the traffic shaper config on both LAN and DMZ
3- Create a queue called qInternet in both the LAN and DMZ interface and setup it with the download speed of your internet connection.
If you have choosen HFSC scheduler make its linkshare m1=m2=link download speed and d =something.
4- Create a DMZ queue on both the LAN and DMZ interface. Setup its bandwidth = Lan root speed - speed of qInternet queue
5- Under the qInternet queue replicate the queues that gets created by the wizard, so that the internet shaping for LAN and DMZ works ok.

Than create a rule that matches local traffic(traffic between LAN and DMZ) and sends it to the qDMZ queue so it does not have limitations from the shaper.

I am testing this setup and will make the changes for the Multi Lan wizard, at least, to produce the above automatically.

You will get it with the next update which fixes the other reported issues.


Just a stupid text illustration of the above is:
WAN
---qACK
---qDefault
---qP2P
---qVoIP
---qOthersHigh
LAN
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ
DMZ
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ

On the floating rules tab make a rule:
1- pass
2- select LAN and DMZ interface
3- Direction any
4- from any  (though you might consider only the ports to the DMZ services)
5- to any (though you might consider only the ports to the DMZ services)
6- queue qDMZ

And done.

Another more advanced scheme might be:
WAN
---qACK
---qDefault
---qP2P
---qVoIP
---qOthersHigh
LAN
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ
----------qDMZACK
----------qDMZDefault
----------qDMZP2P
----------qDMZVoIP
----------qDMZOthersHigh
DMZ
---qInternet
----------qACK
----------qDefault
----------qP2P
----------qVoIP
----------qOthersHigh
---qDMZ
----------qDMZACK
----------qDMZDefault
----------qDMZP2P
----------qDMZVoIP
----------qDMZOthersHigh

And propper rules in place.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on March 26, 2008, 12:10:37 pm
LANs are easy to determine.  Walk the configuration and look for interfaces without a gateway attached to them.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 26, 2008, 08:47:58 pm
Hi Ermal,

Thanks for allowing access to the new shaper.  I see you are continuing to work on it.

I'm having a very hard time trying to figure out how to set this up.  I am unable to add queues to interfaces (I got it to succeed only once!) I'm totally not understanding how this shaper is laid out - it just does not seem intuitive.

My setup was explained here: http://forum.pfsense.org/index.php/topic,2718.195.html
If you can help me understand how to set this up, I would be grateful.  I would even be willing to write up a HowTo to try to explain the new shaper as well as help form the GUI with you.

Regards,
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 27, 2008, 04:40:51 am
Can you please post full details of your configuration.
Bandwidths you want to use etc so i can give you a config.

The upgrade you have has 3 issues:
1- you cannot add queues other than on the Lan.
EDIT: You cannot add queues that are childs of parent interface other than LAN. But you can add childs of other queues on any interface.
2- The Status->queues is shifted to the right as for a missing line for displaying the header ok.
3- The rrd graphs has a typo which does not allow to propperly view the queues graph
4- Floating rules are generated after per tab interface rules so if you have some rules in the specific interface tabs(wan/lan tab) they will spoil the floating rules.
This are just regressions of backporting from RELENG_1. In the next update they will be ok.

In your case you should not have any problems since you want to add queues only for LAN so you should be OK.

Now from what i see you want something like this.
Create an alias with the host you want to limit.

On the wizard check the Penalty box and add this alias on this step.
Also check the catchall option of it.
You should have a scheme like this after it.

WAN
---qACK
---qP2P
---qVoIP
---qOthersHigh
---qOthersDefault
---qOthersLow
LAN
---qACK
---qP2P
---qVoIP
---qOthersHigh
---qOthersDefault
---qOthersLow

This should set you on for anything you want.
You limit the customers through the Alias config and no need to tweak the rules.
Also if you want a hard limit for them set the uppelimit of qOthersLow(value m2) to the required limit.

Since of issue 4 you do not need any settings on Wan apart specific things you want to block.
Disable anti lockout rule.
And replicate the LAN default pass in rule to the Floating tab and disable that one(for this upgrade you are running.

That's all you need to share all the bandwidth evenly in your setup. Since you say the AP's are limited to 6Mb that's as simple as it can get with the upper scheme.
You can optimize VoIP rules by converting the rules for VoIP to use DSCP(diffserv code point) instead of port based ones; if you know that they use a specific DSCP mark.

Tell me if this suits you.


The other scheme if you wanted to have the hard limit to 6Mb setuped on the pfSense is:
WAN
---qACK
---qP2P
---qVoIP
---qOthersHigh
---qOthersDefault
---qOthersLow
LAN
---qAP1 (m1=m2=6Mb d=line delay)
------qAP1ACK
------qAP1P2P
------qAP1VoIP
------qAP1OthersHigh
------qAP1OthersDefault
------qAP1OthersLow
---qAP2 (m1=m2=6Mb d=line delay)
------qAP2ACK
------qAP2P2P
------qAP2VoIP
------qAP2OthersHigh
------qAP2OthersDefault
------qAP2OthersLow

or
WAN
---qACK
---qP2P
---qVoIP
---qOthersHigh
---qOthersDefault
---qOthersLow
LAN
------qACK
------qP2P
---qVoIP
------qOthersHigh
------qAP1OthersHigh
------qAP2OthersHigh
---qOthersDefault
------qAP1OthersDefault
------qAP2OthersDefault
---qOthersLow
------qAP1OthersLow
------qAP2OthersLow
On this one set the limits for each AP to the specific queue using upperlimit m2 value. Though i doubt you want their Voip queues to be separate since you want both clients to have seemles VoIP.
The last scheme might give you better results but it is hard to understand for someone not knowing what he is doing.


BTW, if you could gather all my postings about the shaper to something readble and skinned :) i would greatly appriciate. I have not yet found the time to do that.




Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: mikenl on March 27, 2008, 07:55:19 am
I haven't pledged to the original bounty, but i made a contribution of $50,00 USD.
I appreciate the work done on the traffic shaper, and would love to take a look at it.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 27, 2008, 11:27:06 am
Hi Ermal, 

Thanks for taking the time to describe the config.  While when you draw out the queues definitions and it makes mostly perfect sense, but I am having trouble.  The shaper is simply not allowing me to add queues at all!  I push ADD Queue button and fill everything out and nothing shows up!  The other portion is: getting from the shaper wizard to the end outcome is very,very  confusing.  The labels are confusing and the interface needs a lot of help.  I just went back to m0n0wall 1.3b10 to play with their shaper last night.  It is MUCH more intuitive and simple.  As simple as it is, it seems to have more functionality, including the ability to limit per IP bandwidth (in a very weird way, but it says it's easy LoL). I hear m0n0wall also will honor RADIUS bandwidth attributes as well? I do not mean to offend, by any means, I just think your shaper could be simplified and made a lot easier for the end user.

1 other problem - while trying to add the queues, the Service Curve options were always grayed out even after clicking the checkbox to enable the fields.

In the end it seemed that nothing would do what I told it to?


Can you please post full details of your configuration.
Bandwidths you want to use etc so i can give you a config.
that would be great.  Details are below.

WAN: 12mb down / 2mb up (Actually, this is a dyamic WAN.. it will burst up to about 16/2.5, but it is committed to 8/1.  If we could figure out a dynamic rule, that would be amazing! Otherwise, I think just setting 12/2 will work as long as low priority traffic is limited to below the 8/1 mark).  I know several people who are looking for this feature.

Want VNC, SSH, HTTP, ICMP and whatever is customary as higher priority.

As mentioned, there are 2 APs and 1 direct connected router to pfSense.  Each AP can have a total of _5_ mb of end-user bandwidth (changed from before). Each AP should be able to burst up to the full 2mb upload speed.  The 5mb of usable bandwidth on the APs is half-duplex.  How do we account for that? (ie, if there is 1mb of upload, then there is only room for 4mb of download.)  There will be traffic  coming over the APs to my servers on the LAN or OPT1 as well.  The other router  attached can have equal priority as the APs for WAN bandwidth.  Of course this needs to be shared.  Identification of which AP or router will have to be by subnet. (10.5.x.y=AP1 and 10.6.x.y=AP2 and and 10.4.x.y=localrouter)

I don't have my OPT1 network figured out yet.  It will basically be for servers and such.  Severs are currently on LAN subnets. OPT1 will need to share upload/download bandwidth on the WAN - at just below HTTP  LAN priority (customers surfing the web should be higher priority, but the catchall rule should be lower priority than the OPT1 servers). 

Since of issue 4 you do not need any settings on Wan apart specific things you want to block.
Disable anti lockout rule.
And replicate the LAN default pass in rule to the Floating tab and disable that one(for this upgrade you are running.
I totally don't understand why anti-lockout should be disabled, or what you mean with the LAN rules.


Tell me if this suits you.


The other scheme if you wanted to have the hard limit to 6Mb setuped on the pfSense is:
WAN
---qACK
---qP2P
---qVoIP
---qOthersHigh
---qOthersDefault
---qOthersLow
LAN
---qAP1 (m1=m2=6Mb d=line delay)
------qAP1ACK
------qAP1P2P
------qAP1VoIP
------qAP1OthersHigh
------qAP1OthersDefault
------qAP1OthersLow
---qAP2 (m1=m2=6Mb d=line delay)
------qAP2ACK
------qAP2P2P
------qAP2VoIP
------qAP2OthersHigh
------qAP2OthersDefault
------qAP2OthersLow

or


The above setup looks exactly how I thought it should look.  (Wasn't sure how the last setup would work, but it makes sense on the surface.) However, I am simply unable to Add these queues in the shaper!  And the queues are confusing to me.  I think I am figuring out that any queues on the LAN interface actually control the UPLOAD to the WAN? And any queues on the WAN control traffic going TO the LANs?  It greatly confuses the matter when we don't want traffic shaped between LANs (interfaces).  How can this be simplified?

BTW, if you could gather all my postings about the shaper to something readble and skinned :) i would greatly appriciate. I have not yet found the time to do that.

I think if I can get a more thorough understanding of the shaper I could write an overview to get people to understand some of the basics myself and others are having difficulty with.  It is sometimes hard to read your descriptions ;)  I'm pretty good at documentation - as long as I have a thorough understanding myself.  Are all of your posts regarding the shaper only in this thread?

Regards,
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: bogus on March 27, 2008, 12:59:27 pm
Well, I am having some problems.

Before I get into it here my setup:

I am running pfSense on a laptop with
   CPU: Intel(R) Pentium(R) III Mobile CPU      1200MHz (1196.02-MHz 686-class CPU)
   256MB RAM.

The internal nic is 
   xl0: <3Com 3c905C-TX Fast Etherlink XL>
and the second nic is 
   dc0: <Xircom X3201 10/100BaseTX> on Cardbus.

On dc0 I have three VLANs for the ADSL links (2x1Mbps/512K and 1x2Mbps/512k) terminated
with modems/router providing 192.168.10.0/24, 192.168.20.0/24 and 192.168.30.0/24 networks.
LAN is on 192.168.100.0/24
All three ADSL links are load-balanced with failover.

So far so good. I never had any performance problems with this setup and the webgui and also ssh were pretty snappy.
CPU is never more 20% used and memory is usually around 30% usage (swap is just untouched).

The primary goal is to provide 128kbit/s garanteed bandwidth for VoIP (never more than 2-3 sim. calls).
Everything else could use the remaining bandwidth as desired but limiting P2P traffic to max. 10kbit/s (shared between all users).
Secondary goal would be to provide higher priority to Skype traffic and to integrate squid transparently into this
load-balanced/traffic-shaping environment, but that would be a bonus.
But Squid is currently not installed.

What did I do?
Updating the box to 1.2-RELEASE-20080324-1409 went without problem.
Running the "Single LAN/Multi WAN Wizard" and entering the desired values according to the goals above.
But once I press the "Finish" button the webgui stopps responding, often times out. No more internet access.
Even top on ssh does not update anymore.
Finally 5 minutes I was able to get back to "Remove Shaper" and everything went back to normal.

I tried both nominal and real values for the bandwidth (e.g. 1024/512 and 850/400)
I tried all 3 connections at once and only one connection.
All with the same result.

Does the minimum or recommended hardware requirements for the new shaper changed so much?
Do I need to wait longer until the queues have fully initialized?
Is a reboot necessary?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 27, 2008, 03:29:58 pm
Hmmm no nothing has changed as for requirements.

Another case that you can check if you have checked catchall option in the wizard and limited it to 10Kb and have the Anti-lockout option on.
Plus the default lan rule makes things worse since of the issue that update has with floating rules.

It will behave that way.

My recomandation before running the wizard make a copy of the LAN rule to the floating tabs without the quick keyword than disable the Default Lan rule altogether.
Disable the antilockout rule.
Than run the wizard.

The antilockout rule is the worse for the new shaper since it sends all lan traffic to the default queue(which in your case is the catchall=10Kb/s) and you do not see the effect of the new shaper at all. But i cannot do anything about it other than warn about it.
The default LAN rule one should be fixed with the new update you will get.

Just to let you kow: cvstrac.pfsense.com/timeline(all the fixes that went on).
I fixed all the remaining issues i have listed above plus the "By queue" view now allows cloning full interfaces to replicate those multi-level queues on multiple interfaces easily.
The wizards would generate 2 level queues by default for local interfaces:
LAN
---qInternet
--------qACK
.
.
.
---qLocal
And the multi Lan wizard setups a rule to send the traffic between the Local interfaces to the qLocal queue.

When the new build finishes and i test the image will notify again.

 

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 28, 2008, 05:35:15 am
I will explain some things but you have to wait for the next update to actually try to configure it.

pfSense uses ALTQ for its QoS which applies to the outgoing traffic on an interface. This means that if you have 2 interfaces LAN/WAN and an internet connection of Up 256Kb/s and Down 1Mb/s than the WAN queue has the upload limit and the LAN one has the download limit.
This is why i ask for interfaces during the wizard. Since i need to know in what interfaces the Upload/download values has to be applied. Each interface can have different schedulers (PRIQ/CBQ/HFSC for now).

This means that if you enable the traffic shaper EVERY traffic that leaves any interfaces where the shaper is active will be shaped or better needs to be classified to a queue. Every interface needs explicitly 1 AND ONLY 1 DEFAULT QUEUE. It means that unclassified traffic by rules will go to this queue.

The different schedulers give you flexibility on how to achieve your QoS. The best one is HFSC but it is the harder to configure right without the knowledge of it. Mos people have an hard time groking what "decoupled delay and bandwidth" means and i would rather make them choose PRIQ then have to go through the hassle of explaining that.
PRIQ is the simplest one, you set the bandwidth to apply(this is an hard upperlimit) meaning it will not use more than that.

NOTE: that i am just describing only one part of the configuration below. Meaning it is only the upload part which will be applied on the WAN interface. For the LAN/download one or any other interface where traffic will pass on a configuration should be applied to make it complete. Usually this configuration is just a copy of this one.

After that you setup different priority for different queues maximum is 15, meaning you can have maximum of 15 queues.
PRIQ queues can not have childs.
So lets says you want to give priorities in this order(the first has the highest priority):
VoIP
VNC
SSH
HTTP
ICMP
Penalty
With PRIQ you just setup this queue schema:
VoIP priority 7
VNC priority 6
SSH priority 5
HTTP priority 4
ICMP priority 3
Penalty (priority 1 default)

NOTE: that i am not setting a bandwidth value anywhere here and just letting the ISP do the actual capping of the bandwidth.
Though i strongly suggest to tweak the tbrconfig size of the interface. Later more on what this is.

And set rules to choose the priorities to the specific traffic by choosing the queues in the rules.
This is as simple as it can get. And is the most recommended for home uses. Since you are the only customer and have not so much need of sharing bandwidth.

CBQ is class based scheduling. It allows you two define a tree of classes.
Each queue can have a priority setup from 1 - 7 which will be honored and give specific queue a bandwidth value in percentage or specific value regarding to its parent. Furthermore you can have a borrow action which will give you more bandwidth than actually configured when the parent says it has some spare one.
So lets take the same example as above and say that we want to share the bandwidth between 2 subnets.
The following logical schema makes sense then:

---qTotalBandwidth (Value of upload bandidth)
------qSubnet1 (50% bandwidth)
------qSubnet2 (50% bandwidth)

Now i setup rules that say subnet1 traffic goes to the qSubnet1 and subnet2 traffic goes to the qSubnet2
If i wanted that subnets share available bandwidth between them just add the borrow option to both of them and it will activate the sharing.

Now if i wanted to add priority for each subnet the logic would say:
---qTotalBandwidth (Value of upload bandidth borrow )
------qSubnet1 (45% bandwidth priority 1)
--------------q1VoIP (priority 7 bandwidth 30% borrow )
--------------q1VNC (priority 5 bandwidth 30% borrow )
--------------q1HTTP (priority 4 bandwidth 30% borrow )
------qSubnet2 (45% bandwidth pruority 1 borrow )
--------------q2VoIP (priority 7 bandwidth 30% borrow )
--------------q2VNC (priority 5 bandwidth 30% borrow )
--------------q2HTTP (priority 4 bandwidth 30% borrow )
------qPenalty (priority 1 bandwidth 10% default)

Setup the rules accordingly and it should work like a charm.
What that schema means is give priority on the 2 subnets to VoIP than VNC than HTTP than _every_ other traffic would go to the Penalty queue and will be capped to total 10% of its parent.

This is called whitelist policy where we choose what is friendly traffic and for the other we do not care and let the qPenalty queue handle it.

Now HFSC is the most sophisticated one and the most confusing one to people that do not have the proper knowledge.
It decouples delay and bandwidth.
What that sentence means is that often you need realtime traffic that has delay(time as milliseconds or seconds) bound for which you do not want the normal limit to apply.
I.E. i have VoIP traffic that uses UDP protocol with packet sizes of 1.2Kbit which needs a delay of 30ms to feel as normal phone call.
But also i want a hard limit, 64Kb, on all the bandwidth that VoIP traffic consumes on my network.
All this is exposed to the user through 3 parameters. m1 d and m2. Where:
m1 = bandwidth needed in d time
d = delay(in milliseconds)
m2 = hard limit
So if create a config as:  m1 = 1.2Kb d = 30 m2 = 64Kb
it means that i want that in d time m1 traffic gets served without checking m2. After that m2 will get checked and if the limit has been reached backlog/queue packet.
Now there are three such schedulers in HFSC. Realtime, Linkshare, Upperlimit.
Realtime is the first scheduler that is run every time. Meaning if we are trying to send a packet the Realtime scheduler will be asked if it has one. After that the Linkshare scheduler takes the lead and if it exceeds some limits the Upperlimit one overrides its decision.
So getting back from theory, when the VoIP traffic above reaches the limit m2 it will be scheduled by the linkshare service curve till VoIP traffic gets back under m2 realtime limit. That's why you have to specify always the bandwidth parameter which is the same as specifying m2 parameter of linkshare.
When both bandwidth and linkshare m2 parameters are specified the m2 parameter is the one that prevails.

So getting back to the example we used with PRIQ/CBQ we would have:
---qTotalBandwidth (Value of upload bandidth )
------qSubnet1 (50% bandwidth)
--------------q1VoIP (bandwidth 30%)
--------------q1VNC (bandwidth 30%)
--------------q1HTTP (bandwidth 30%)
------qSubnet2 (50% bandwidth)
--------------q2VoIP (bandwidth 30%)
--------------q2VNC (bandwidth 30% )
--------------q2HTTP (bandwidth 30%)
------qPenalty (bandwidth 10% default upperlimit m2 = 10%)

This is the same config replicating CBQ one. As you see HFSC has the borrowing of CBQ on by default and you can override it with the upperlimit parameter. Now to have really the power of HFSC server us we would better configure it as:

---qTotalBandwidth (Value of upload bandwidth )
------qSubnet1 (50% bandwidth)
--------------q1VoIP (bandwidth 10% realtime m1 = 1.2Kb d = 30 m2 = 64Kb)
--------------q1VNC (bandwidth 10% realtime m1 = 6Kb d = 50 m2 = 128Kb)
--------------q1HTTP (bandwidth 30%)
------qSubnet2 (50% bandwidth)
--------------q2VoIP (bandwidth 10% realtime m1 = 1.2Kb d = 30 m2 = 64Kb)
--------------q2VNC (bandwidth 10% realtime m1 = 6Kb d = 50 m2 = 128Kb)
--------------q2HTTP (bandwidth 30%)
------qPenalty (bandwidth 10% default upperlimit m2 = 10%)

I consider VoIP and VNC realtime traffic as it is Audio and Video and setup they parameters and delay.

Now to have some bursting effects on with HFSC you can play with m1 and m2.
Let say that we have a line that allows the upload to burst to 2Mbits/s for 5seconds and after that it goes to 1Mbit/s
then setup the qTotalBandwidth, in the scheme above, linkshare parameters to m1 = 2Mb d = 5000 m2 = 1Mbit/s
Here the upperlimit bursting configuration is not necessarysince the ISP infoces that.
If we wanted to enforce a 512 hard limit with a burstable of 1 sec to 1Mbit/sfor qSubnet1 we have to add this configuration to that queue
upperlimit m1 = 1Mb d = 1000 m2 = 512Kbit/s

Now in pfSense there are 2 strategies that can be applied for QoS.
1- is white listing policy which selects the traffic we are interested on and sends it to the policy(queue) we have configured for it and all the other one is sent to the default queue which in this case is configured with very low priority and low bandwidth.
This is even the policy that the wizard tend to express.

IE with PRIQ scheduler it means:
qClassifiedtraffic(priority 7)
qDefault(default priority 1)

2- is black listing priority. This policy tries to identify traffic we do not want and send it to penalty queues. All the other traffic may be classified to other queues we are interested on or send it to the default queue, which in this policy has higher priority and more bandwidth than in the whitelisting case.

IE with PRIQ scheduler it means:
qDefault(default priority 7)
qPenalty(priority 1)

Questions? :)



Now back to why you need to disable the anti-lockout rule and the default LAN rule.
The pf packet filter is stateful and if it registers a state about a stream of traffic it will not check the ruleset again.
On this packet filter that is used in pfSense traffic is assigned to a queue by specifying it explicitly with the rule that matches the traffic/ the rule that creates the state.
The default anti-lockout rule is the same as the default lan rule just createt automatically for the user to prevent his from doing stupid things.
But this rule is to generic as it matches all the traffic passing from lan and nothing else in the ruleset gets executed. As such it sends all the traffic to the default queue which is not what the user wants with a QoS policy on.
The same applies to the default LAN rule pfSense ships with. Since now you have to explicitly choose the queue the traffic has to go when creating a rule there is no easy solution to this other than disable these settings and have more fine tuned rules for classifying traffic to the propper queue.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 28, 2008, 07:21:30 pm
Hi Ermal,
Thanks so much for taking the time to further explain the shaper.  It helps a lot.  In my ongoing quest for thorough understanding of the shaper, I would like to confirm my understanding with you and ask a few more clarifying questions.  With this, I will hopefully be able to support others and write a tutorial.
I said it is somewhat difficult for a not knowledgeable person to gain thorough understanding afaik.

Quote

1. Where the queues are located: Download queue limits go on the LAN side because you do not want to limit the packets coming in from the ISP.  We just gotta take them as we get them.  Upload limits go on the WAN interface to reorder and shape traffic going OUT to the WAN from all combined LAN interfaces.
It is just the way ALTQ works.

Quote
2. It looks like the wizard defaults to HSFC.  Somehow we need to figure out a way to make editing the wizard settings more friendly to the user?  Somehow hide the complexity of HSFC, but offer the benefits in the background?  Maybe shorten the regular queue config to a Basic and an advanced? And explaining how the queue that we are editing will interact with other queues?
What do you find not friendly in there.
I does not default to HFSC just that happens to be the first value in there. And preserve compatibility since it was the only thing you have on 1.2.
I only ask for connection parameters and some schedulers to apply per interface what do you find Advanced in there?!

Quote
Quote from: ermal
I.E. i have VoIP traffic that uses UDP protocol with packet sizes of 1.2Kbit which needs a delay of 30ms to feel as normal phone call.
But also i want a hard limit, 64Kb, on all the bandwidth that VoIP traffic consumes on my network.

What does packet length of 1.2kb have to do with the shaper (realtime m1)?  Isn't the shaper looking at bandwidth per second, not packet length? 

My understanding of VoIP (SIP in particular) is that there is a messaging and call setup on 1 port (5060) and 2 UDP ports used for the actual audio.    A typical bandwidth of 96kbps per call (for most common encoder).  I have also read that several users need to have a burst of more than 96kbps (say 128kbps) for the first 5-10 seconds of the call.  So I would think that if there is 1 phone on the network, m1=128kb d=10000 m2=100kb.  That is my understanding of m1, d and m2.  Burst speed (m1) for (d) ms and then limit to (m2) for the remainder of the connection.  I do not understand where 1.2kb comes from for 30ms.  1.2kb is much less than the required 128kbps and the beginning of a call. 
( i will not go into detail why since it is very deep discussion). Take it or leave it.
Or better prove me wrong after you test it ;).
follow this link to for more discussion http://forum.pfsense.org/index.php/topic,2484.0.html

Quote
3. Do the m1, d, m2 parameters operate on a PER-SESSION environment?  ie. I pick up the phone and it will activate m1, d, m2.  Next time I need the phone m1 starts over again?    What happens in the case of 2 phones or 10 phones or when you can't know how many phones there are?
m1 and d are per packet. m2 is global.
They can be thought as per session since if you have 4 phones they send traffic at the same rate.
They all have the same delay so packets for each phone will be scheduled on a round robin manner which is approx. the same as a session.
What would be ideal is to create a queue for each phone and give the exact parameters to each queue.
Then you would have perfect/exact per session tracking but even with one queue you would have pretty much the same result.

Quote
4. And how does m1, d, m2 work for a dynamic bandwidth WAN queue?  When does m1 go into effect? With new sessions?  hmm.. I'm hoping so!  I think I am beginning to see the power of HSFC! 
They scale accordingly if you have not set hard numbers in there.

Quote
Quote from: ermal
Now there are three such schedulers in HFSC. Realtime, Linkshare, Upperlimit.
Realtime is the first scheduler that is run every time. Meaning if we are trying to send a packet the Realtime scheduler will be asked if it has one. After that the Linkshare scheduler takes the lead and if it exceeds some limits the Upperlimit one overrides its decision.
So getting back from theory, when the VoIP traffic above reaches the limit m2 it will be scheduled by the linkshare service curve till VoIP traffic gets back under m2 realtime limit. That's why you have to specify always the bandwidth parameter which is the same as specifying m2 parameter of linkshare.
When both bandwidth and linkshare m2 parameters are specified the m2 parameter is the one that prevails.

5. This is kind of confusing.. I think the terms might be mixed up?  Here is what I am thinking:
   a. RealTime tries to "grab" bandwidth to try to ie. guarantee a good VoIP call
   b. Linkshare monitors RealTime to make sure he doesn't get out of hand for this queue's part of the bandwidth for the whole interface?  This isn't quite clear to me..?  Can we borrow bandwidth if it's not being used elsewhere?  There is a note in the shaper that says "Linkshare overrides priority".  Can you please explain that?  I think we should only use priority? 
   c. UpperLimit is an Arbitrary maximum for a queue - no matter if we can borrow unused bandwidth or not?
A new packet needs to be transmitted on the wire.
We first ask Realtime scheduler if it has something to transmit.
After we ask the Linkshare which cooperates with Upperlimit to follow the rules.

Quote
6. What do you mean by: "you have to specify always the bandwidth parameter which is the same as specifying m2 parameter of linkshare."  Which bandwidth parameter are you referring to?
If you click "Add new queue" on top of the form there is a bandwidth parameter and that is what i refer to as "bandwidth parameter".

Quote
I'm going to head over to wikipedia to try to understand this more as well.
Good luck you need it :).

Quote
Quote from: ermal
I will explain some things but you have to wait for the next update to actually try to configure it.

Do you have an ETA for the update?  I just want to decide if I should put 1.2 back on my box and reinstall pfSense onto my network, or if it will be a day or 2 and I can just wait with my network without pfSense for a bit longer.

Default rule  & Anti-lockout: Is there a way you can script to change these rules, or give a message to the user that they need to do this?

Thanks for your time!
Aaron
Probably tomorrow.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 31, 2008, 11:21:49 am
Hi Ermal,

Thanks again for the reply.  I apologize, I made a couple errors and did not mean to offend.

I said it is somewhat difficult for a not knowledgeable person to gain thorough understanding afaik.

I was not knowledgeable about hfsc and altq, but to say that I am not knowledgeable and not able to gain thorough understanding... thats just not very nice! :)  I am incredibly knowledgeable, just not in this particular area, yet.  After spending some time researching last night I am well on my way to thorough understanding and the ability to explain to others how it works.  I certainly do not have the knowledge and development skills you possess, but I would like to contribute to the project. 
It sound badly but i didn't meant what you understood.
It simply means that without reading too much you would have an hard time with it.
BTW, read the original HFSC paper to understand more.

Quote
Quote
What do you find not friendly in there.
I does not default to HFSC just that happens to be the first value in there. And preserve compatibility since it was the only thing you have on 1.2.
I only ask for connection parameters and some schedulers to apply per interface what do you find Advanced in there?!
I apologize, I did not mean for that portion of the wizard.  That portion is not advanced at all. After reading about hfsc, I totally understand why the queue gui is designed as it is.  However, trying to figure out what conn0 and conn1 mean and the "number of connections" questions are very counterintuitive.  Is it possible to clear up the descriptions (labels) to ask the number of local and WAN connections?  It seems on at least 1-2 of the wizards when I enter "2" in for num of local connections the next screen will not even let me select my LAN port and bugs like that.  I am not the only one who had trouble with that (from responses in this tread.)
Yeah i will fix the labels!

Quote
Quote from: ermal
I.E. i have VoIP traffic that uses UDP protocol with packet sizes of 1.2Kbit which needs a delay of 30ms to feel as normal phone call.
But also i want a hard limit, 64Kb, on all the bandwidth that VoIP traffic consumes on my network.

( i will not go into detail why since it is very deep discussion). Take it or leave it.
Or better prove me wrong after you test it ;).
follow this link to for more discussion http://forum.pfsense.org/index.php/topic,2484.0.html

I remember reading a thread about VoIP service curve settings.  It looks like you were very active in that, and suggested almost exact service queue as I suggested.  See here:
http://forum.pfsense.org/index.php/topic,7502.msg42693.html#msg42693

After spending several hours last night reading on hfsc, it is also invalid to have a realtime service curve that  is concave.  m1 must be higher than m2. 
In the same thread linked above, you were telling people to set m1=m2.  That is not a curve, but a straight line and is redundant.  Not specifying m1 and d will have the same effect.  Lastly, There is never a mention of packet size for any of the altq schedulers as you are suggesting for the m1 value for VoIP queue.  plus, isn't it impossible to have packet sizes of 125kb as listed in that same post? 
Well you cannot really configure a convcave(or is it convex?) service curve in HFSC. Since the starting point of the second curve is in the first service curve.

Quote
Quote
3. Do the m1, d, m2 parameters operate on a PER-SESSION environment? 
Quote
m1 and d are per packet. m2 is global.

In my research, I found that the service curve is basically applied during "link congestion" only.  Otherwise the scheduler is not doing much.  the service curve value of m1 is not on a packet size, but total bandwidth used by the queue without regard for packet size.  If m1 was packet size and m2 is global, wouldn't they be different variables instead of the same variable at different time spans?
Yeah every discipline is non-work conserving in ALTQ. Does it need not to be?!
Though if you want the discipline to behave as congested take a look at the tbrconfig/tbrsize parameter.
It might even help more in high speed links to lower it from what ALTQ/pf calculates automatically so the discipline acts propperly.
Actually m1 and m2 are different parameters since they define different service curves.
I can use it as packet size since i know the details as:
m1 * d converts to bytes approximately ;). Anyway long discussion but you can configure m1 < m2 with this shaper since i patched ALTQ/pf to allow that.

Quote
Quote
4. And how does m1, d, m2 work for a dynamic bandwidth WAN queue?  When does m1 go into effect? With new sessions?  hmm.. I'm hoping so!  I think I am beginning to see the power of HSFC! 
Quote from: ermal
They scale accordingly if you have not set hard numbers in there.

So what settings would I use if I have a WAN that will burst all the way up to about 15mb download but it's guaranteed 8mb down and upload burst to 3mb and guarantee 1mb?  I am thinking set bandwidth to 15mb/3mb and then use one of the service curves (not sure which one yet) to m1=15mb d=30000 m2=8mb?
Nailing this will help a lot of Comcast or other cable customers that have bursts that they are not able to take advantage of with the standard shaper wizard.  In fact, if you could put this as an option in the wizard all the better!
Well i suggested it previously. Though you need the time of this bursting to pass to d parameter.

As for m1 = m2 try it if you find any difference or not!

Quote
Quote from: ermal
Good luck you need it :).

Nah, I'll just use my brain.  I learn quickly.

 I'm looking forward to the updated today!  Thanks so much for your hard work!
Good that's what i meant since the start :D.

Quote
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 31, 2008, 11:22:58 am
I have sent new links for the updated shaper to most of you.

The others will get a PM after an hour or so since there's a limit to how many PMs can be sent.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on March 31, 2008, 12:37:22 pm
Thanks for the new update, however once installed and followed trough the revised (great thanks) multi lan wizard, i got stuck at "Generating ALTQ queues..." in the filter reload page.

It's not going forward and cannot get back to the shaper page, i have this error:

Code: [Select]
Fatal error: Call to a member function on a non-object in /usr/local/www/firewall_shaper.php on line 321
Thanks for any help


albe
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on March 31, 2008, 12:42:07 pm
Can you please send me a copy of the <shaper> and <ezshaper> sections of config.xml.
Please even tell me what options you choosed since i tested it but could not get to this error.

For you try to delete the <shaper> section and try again.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ridnhard19 on March 31, 2008, 04:47:05 pm
When upgrading an embedded install the file is too big:
Code: [Select]
Enter the URL to the .tgz update file:
> <local ftp URL>-upgrade-file.tgz

Fetching file size...

File size: 75129099

Fetching file...
looking up ***.***.***.***
connecting to ***.***.***.***:21
setting passive mode
opening data connection
initiating transfer
remote size / mtime: 75129099 / 1206885245

/: write failed, filesystem is full

fetch: /root/firmware.tgz: Inappropriate ioctl for device

Warning: filesize(): Stat failed for /root/firmware.tgz (errno=2 - No such file or directory) in /etc/rc.initial_firmware_update on line 58

File size mismatch.  Upgrade cancelled.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 31, 2008, 05:11:52 pm
When upgrading an embedded install the file is too big:
Code: [Select]
Enter the URL to the .tgz update file:
[/quote]

This build seems to be a LOT larger than the last update?  40ish MB vs 70?

I'm downloading now.  Do you have that much storage available?  Will report back

Aaron
Title: Re: Traffic shaper 3-30-2008 invalid
Post by: SlickNetAaron on March 31, 2008, 05:20:24 pm
I had ame result.  The filesystem created on the card is smaller than the new shaper image.  I have a 2GB card, but the file system is not there.
Last half of the output:

remote size / mtime: 75129099 / 1206885245
/root/firmware.tgz                             70% of   71 MB  146 kBps 02m29s
/: write failed, filesystem is full
/root/firmware.tgz                             70% of   71 MB  146 kBps 02m29s
fetch: /root/firmware.tgz: No space left on device

Warning: filesize(): Stat failed for /root/firmware.tgz (errno=2 - No such file or directory) in /etc/rc.initial_firmware_update on line 58

File size mismatch.  Upgrade cancelled.

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on March 31, 2008, 06:21:24 pm
Embedded upgrades are not supported and are not known to work all the time.  See the release notes.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ridnhard19 on March 31, 2008, 06:33:35 pm
Embedded upgrades are not supported and are not known to work all the time.  See the release notes.


Is it possible to roll a full/regular image for the embedded platform?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on March 31, 2008, 06:34:13 pm
This is true, but is the size of this image correct?  70mb?  The previous embedded image was half that.

Embedded upgrades are not supported and are not known to work all the time.  See the release notes.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: mikenl on April 01, 2008, 09:26:51 am
Thanks for the new update, however once installed and followed trough the revised (great thanks) multi lan wizard, i got stuck at "Generating ALTQ queues..." in the filter reload page.

It's not going forward and cannot get back to the shaper page, i have this error:

Code: [Select]
Fatal error: Call to a member function on a non-object in /usr/local/www/firewall_shaper.php on line 321
Thanks for any help

albe

Can you please send me a copy of the <shaper> and <ezshaper> sections of config.xml.
Please even tell me what options you choosed since i tested it but could not get to this error.

For you try to delete the <shaper> section and try again.

I'm experiencing the same problem.
Removing the <shaper> section from /cf/conf/config.xml doesn't help, i also tried deleting the <ezshaper> bit.
I tried the single wan multilan wizard. Hfsc, p2p catch all, prioritize http, dns. I believe thats it.
http://twentse-es.nl/shaper_config.xml (http://twentse-es.nl/shaper_config.xml)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 01, 2008, 11:48:23 am
http://cvstrac.pfsense.com/chngview?cn=21849
Found the problem it should not happen only with the Sinlge Lan multi Wan wizard.

If you can't wait for the next build do your fixes accordingly it is not hard afaik.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 01, 2008, 01:10:21 pm
I just reflashed with the image provided.  It was labeled "upgrade" and now ALIX reports there is no boot disk.  I imagine that since the image was labeled "upgrade" that we cannot flash this image?  So how do we get this to go since upgrades are not supported?

I've had my network torn apart for 5 days waiting for a working shaper.  I need to wrap this up.

This is true, but is the size of this image correct?  70mb?  The previous embedded image was half that.

Embedded upgrades are not supported and are not known to work all the time.  See the release notes.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on April 01, 2008, 01:12:33 pm
Embedded upgrades are not supported at all.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 01, 2008, 01:22:34 pm
Embedded upgrades are not supported at all.


I understand that.

But the image that is provided by ermal is labeled "embedded upgrade".  I flashed it (NOT using the upgrade process) and the image is invalid.

So the dev is ONLY giving us an embedded upgrade, which isn't working.  And if we flash the image, it is not bootable.

Do you see the problem? 

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: hoba on April 01, 2008, 01:24:56 pm
It's a custom update file I think. You should feed it as such to the webgui. It's only labeled that way so the webgui accepts it as upgrade I think. Ermal has to comment on this.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 01, 2008, 01:31:38 pm
It's a custom update file I think. You should feed it as such to the webgui. It's only labeled that way so the webgui accepts it as upgrade I think. Ermal has to comment on this.

The Web GUI will NOT accept it.  Option 13 on the console fails - as described above by myself and someone else. 

This image is 2x the normal size??  I don't think the image was built correctly!  And we only have the "upgrade" image, with no full install image provided.

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: mikenl on April 01, 2008, 03:08:07 pm
http://cvstrac.pfsense.com/chngview?cn=21849
Found the problem it should not happen only with the Sinlge Lan multi Wan wizard.

If you can't wait for the next build do your fixes accordingly it is not hard afaik.



Fixed it indeed, thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 01, 2008, 03:11:41 pm
SlickNetAron i am building it. Check the link i gave i will update it there.

You will notice from the date.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 02, 2008, 12:01:10 am
SlickNetAron i am building it. Check the link i gave i will update it there.

You will notice from the date.

I'm not seeing this yet..  Is it the link that has ermal in the url?

Thanks,
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: GoldServe on April 02, 2008, 02:53:57 am
Can I get a quick who to send money to and where to request access for the embedded 1.2 images?

I just found out that when I torrent, a lot of my ACKs are delayed so surfing web pages is much slower. I just want a simple configuration to prioritize http traffic and ACKs.

Thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 02, 2008, 11:24:33 am
FYI, The shaper wizard built into 2.1 release will already do this. 

This new shaper isn't quite finished yet (after 1.5 weeks I have yet to get a working copy), and I believe it will be released to the public for free in v1.3.

Unless you have multiple WANs or multiple LANs, it doesn't sound like you need this new shaper?  I'm just letting you know that you can already do what you like in the current 1.2 release.  If you are running 1.2, you probably do not have it configured correctly.

If you use pfSense and appreciate the work of the devs, please donate!  These guys work very hard, and pfSense is pretty great!  Just from the info you gave, it doesn't sound like you need the new shaper.  Your situation, as described, is quite basic.

Regards,
Aaron


Can I get a quick who to send money to and where to request access for the embedded 1.2 images?

I just found out that when I torrent, a lot of my ACKs are delayed so surfing web pages is much slower. I just want a simple configuration to prioritize http traffic and ACKs.

Thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: GoldServe on April 02, 2008, 12:51:38 pm
FYI, The shaper wizard built into 2.1 release will already do this. 

This new shaper isn't quite finished yet (after 1.5 weeks I have yet to get a working copy), and I believe it will be released to the public for free in v1.3.

Unless you have multiple WANs or multiple LANs, it doesn't sound like you need this new shaper?  I'm just letting you know that you can already do what you like in the current 1.2 release.  If you are running 1.2, you probably do not have it configured correctly.

If you use pfSense and appreciate the work of the devs, please donate!  These guys work very hard, and pfSense is pretty great!  Just from the info you gave, it doesn't sound like you need the new shaper.  Your situation, as described, is quite basic.

Regards,
Aaron


I do have mulitple WANs but it seems my problem may be due to other reasons..like PFsense is overloaded in packets or some tcp window size issue as described here: http://forum.pfsense.org/index.php/topic,8698.0.html

I would still like to donate for all the hard work put into this project and maybe try the new shaper if it can help my problems.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 02, 2008, 01:00:20 pm
Quote
This new shaper isn't quite finished yet (after 1.5 weeks I have yet to get a working copy), and I believe it will be released to the public for free in v1.3.

Pretty nervous buddy what's wrong?! You think you are at a retal store in here?!

Anyway teh build is running for embedded when it is finished you will find it there.

Please, honor your claims by gathering all this things into a nice tutorial.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: mikenl on April 02, 2008, 04:08:20 pm
Found a rather simple writeup of HSFC basics with some nice examples, thought others could benefit from it.
http://calomel.org/pf_hfsc.html (http://calomel.org/pf_hfsc.html)

Still trying to find a bit of text explaining why drops happen, and i don't see any borrows,
cause in my understanding right now HFSC is all about scheduling time based more than solely prioritize traffice.

Ermal, if i use the traffic shaping wizard 1 wan multi lan, than in my setup the qLocal queues get assigned a negative bandwidth for some reason and
you'll get errors. No biggie, but i guess i should mention it.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 02, 2008, 05:10:19 pm
Yeah i hardcoded a value of 10Mbits in there and i guess i was wrong  ::)

What do you mean drop happens and you do not see any borrows?!
With HFSC you will not see any borrows on Status->Queues. That is there only for CBQ scheduler.

You can increase the queue limit somewhat to eliminate the drops.
The default size is 50 slots. If you double it be aware that you might tradeof latency with that.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: mikenl on April 02, 2008, 05:21:27 pm
yeah makes perfect sense with the numbers i'm getting.
Ok borrows are for CBQ only.
Then i'm still wondering why i sometimes get 200000+ drops on a queue.
Is the queue not getting enough bandwidth ? or is it thorreteling then ?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ridnhard19 on April 02, 2008, 10:07:24 pm
Hi ermal, I hate to bring more bad news, or maybe I dont know how to use your version of the *.img file but it does not work.  The file size is almost 4 times the size of a normal embedded image during the RC's and final releases of the normal software. With this said I gave it the benifit of the dought and flashed it; would not boot.  I  checked to see if it was compressed (part of flashing you decompress and pipe to std in of dd; following instructions) and It was not.

I compressed the file to see if we got something close to the size which is distributed on the website as the standard FINAL release of the last version; it ended up being 380kb.  Something does not seem quite right or I dont know how to use your specific IMG file.

If someone pointed me to directions I can try and help roll some of the embedded images and test them before they get pushed out to the masses.  This might help eliminate some of the frustration.

Thanks for all your work on this, I have gotten it working, was having trouble with the floating rules but I understand this new version fixes that. Looking forward to seeing it in action again.


Quote
This new shaper isn't quite finished yet (after 1.5 weeks I have yet to get a working copy), and I believe it will be released to the public for free in v1.3.

Pretty nervous buddy what's wrong?! You think you are at a retal store in here?!

Anyway teh build is running for embedded when it is finished you will find it there.

Please, honor your claims by gathering all this things into a nice tutorial.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on April 03, 2008, 12:06:58 am
Images updated.   Try pfSense.img.gz          02-Apr-2008 23:39  24.6M 
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 03, 2008, 01:44:38 am
Images updated.   Try pfSense.img.gz          02-Apr-2008 23:39  24.6M 


So we are using the sullrich folder again :)

Thanks so much for fixing the image!  I'm booting now at least! Yaay!

Ermal,  you can hold me to writing a tutorial/doc for the new shaper.  Just one thing I require before doing that: a working shaper  ;D

Assuming this build is good to go for the most part, do you foresee any material changes that would affect my doc?  Or is this still a work in progress?  I would like to work closely with you to make sure my work (and the doc) is correct.

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 03, 2008, 02:07:46 am
Hi ermal,

I just ran the 1 wan, multi LAN wizard.  I get the following error at the end:

There were error(s) loading the rules: cannot determine interface bandwidth for vr2, specify an absolute bandwidthaltq not defined on vr2 altq not defined on vr2 /tmp/rules.debug:26: errors in queue definition altq not defined on vr2 /tmp/rules.debug:27: errors in queue definition altq not defined on vr2 /tmp/rules.debug:28: errors in queue definition altq not defined on vr2 /tmp/rules.debug:29: errors in queue definition altq not defined on vr2 /tmp/rules.debug:30: errors in queue definition altq not defined on vr2 /tmp/rules.debug:31: errors in queue definition altq not defined on vr2 /tmp/rules.debug:32: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [26]: queue qInternet on vr2 bandwidth 15Mb hfsc ( red , linkshare (15Mb, 100, 15Mb) , upperlimit 15Mb ) { qACK, qOthersDefault, qP2P, qVoIP, qOthersHigh, qOthersLow } ...

I'm going to run with the 1 interface and see how she goes.

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 03, 2008, 09:50:29 am
That is a problem of the vr driver which has been fixed in the latest versions of it.

What you can do after running the wizard is to set the bandwidth of root queue ie "lan, wam,opt1" if it is not set since the driver does not automatically report its link layer speed to altq.
Usually that would be LAN where i do not set the bandwidth explicitly since create the new structure as
--rootqueue
-----qInternet
------------corresponid queues

I actually cannot do much about that for now. And i have not that kind of hardware to really test for all drivers that do not report this. So just a WARNING to users about that, sorry!

The material want change about the shaper.

Only when new queue disciplines come in. In fact they are addition to the docs to descrbie this new discipline.

One thing to get verified for you that are using this update for 1.2 is the generation of the Floating Rules before the other tabs.

You can do that by checking the /tmp/rules.debug and find the comment
#User defined rules and see if rules of the floating tab are before the other specific interface tab rules.
This is just to be sure they are ok and more eyes on it is not harmful.

I hope there are no more issues in this build/update so you can use it on your environments.

Thank you for your patience and sorry for any noise introduced on your environments.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: GoldServe on April 03, 2008, 10:29:40 am
$50 donations sent to paypal@chrisbuechler.com! Thanks!
Title: Re: Traffic shaper
Post by: SlickNetAaron on April 03, 2008, 02:24:24 pm
Embedded Build: Wed Apr 2 23:31:42 EDT 2008

Sorry Ermal, back to the drawing board!

I was trying to do the setup you explain and I am getting error after error, plus silent failures and  successes with crazy error messages.

Specific difficulties/bugs I am experiencing:
Adding a child queue - fails silently unless the first queue is set to default.  This is counterintuitive because I was just trying to duplicate the existing queue tree for of the primary Internet queue.  Thoughts on resolving: a. making a note for adding the first child queue b. error checking when pressing the save button c. not load the config to hfsc/altq until apply button is pressed.  This would allow the USER to input queues in any order they please and minimize frustration.

Editing Queue name: fails silently - name does not change on the queue tree.  (I added a queue that had more than 15 character queue name - I got the error and tried to shorten the queue name, but it failed. )
Invalid queue name is not able to delete (caused by the error above)

Attempt to delete parent queue to delete the child queue with invalid Queue Name: error:

Code: [Select]
Warning: copy(/cf/conf/backup/config-1207241932.xml): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1794 Warning: fopen(/cf/conf/backup/backup.cache): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1801 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1802 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1803 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/config.inc:1794) in /usr/local/www/firewall_shaper.php on line 82

Attempt to delete child queue off of LAN interface: Error:
Code: [Select]
Warning: copy(/cf/conf/backup/config-1207241932.xml): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1794 Warning: fopen(/cf/conf/backup/backup.cache): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1801 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1802 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1803 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/config.inc:1794) in /usr/local/www/firewall_shaper.php on line 82

Added a child queue to qInternet (qAP2Down), then the default child queue (qAP1Default) gives error. 
Code: [Select]
php: : There were error(s) loading the rules: pfctl: should have one default queue on vr0 pfctl: errors in altq config - The line in question reads [ should have one default queue on vr0 pfctl]:

Added qAP1Ack (child of AP2Down) set priority 7, with no service curve.  Error:
Code: [Select]
php: : There were error(s) loading the rules: pfctl: the sum of the child bandwidth higher than parent "qAP2Down" pfctl: linkshare sc exceeds parent's sc /tmp/rules.debug:33: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ the sum of the child bandwidth higher than parent "qAP2Down" pfctl]:

Why would a blank linkshare say it is greater than it's parent? 

Starting over with the shaper.....

Wizard: " numberofconnections: Number of connections you have"  Can we please specify if this is for LAN or WAN?
Wizard: "conn0interface:"  ?????  Who exactly is conn0interface? 

At this point, I removed the shaper and started the wizard again.  Attempting to create:
LAN
---qInternet
-----qAP1
--------qACK
--------qDefault
--------etc
-----qAP2
--------qack, etc
-----qLocal
--------qack, etc

Deleting existing children of qInternet - happened every time I deleted.  However, the shaper GUI does update and appear to delete the queue.

Code: [Select]
Warning: fopen(/cf/conf/backup/backup.cache): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1801 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1802 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1803 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/config.inc:1801) in /usr/local/www/firewall_shaper.php on line 82

Warning: copy(/cf/conf/backup/config-1207246821.xml): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1794 Warning: fopen(/cf/conf/backup/backup.cache): failed to open stream: Read-only file system in /etc/inc/config.inc on line 1801 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1802 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/config.inc on line 1803 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/config.inc:1794) in /usr/local/www/firewall_shaper.php on line 82
How does the LinkShare work inside of a Child queue?  If I write 5% linkshare, is that 5% of the direct parent, or the root?

When I get to:
lan
--qInternet
----qP2P default (can't modify or delete!)
----qAP1 default (cannot remove default flag)
-------qAP1CatchAll(Default)

I get the error below.  I try to add and delete any possible combinations of Default Flags on the tree of queues.  It just won't accept the config.  Also, the changes to Default Queue flags seem to save (silent failure), but they revert back and appear to not take effect.

Code: [Select]
: php: : There were error(s) loading the rules: pfctl: should have one default queue on vr0 pfctl: errors in altq config - The line in question reads [ should have one default queue on vr0 pfctl]:

Attempting to start from scratch: no wizard.  My exact actions are as follows:
LAN: bw: 100mb
SAVE, Add New Queue
15mB, qInternet, Priority 6
UpperLimit: 15Mb 30000 8Mb
Save, Apply
Code: [Select]
Error: php: : There were error(s) loading the rules: pfctl: should have one default queue on vr0 pfctl: errors in altq config - The line in question reads [ should have one default queue on vr0 pfctl]:
Add default Flag to qInternet
Save, Apply, no error
ADD Queue button is not available to add child queue to qInternet???
Delete qInternet to try to start over.
Apply.
Interface with no label appears above lan, Queue not found error box displayed (attachment: shaper-phantom interface.jpg}
)

Clicking on the phanton interface yields the Queue not found error again.  The only way to remove it is to use "Remove Shaper" button.

Going to try again without using qInternet parent.  (This will NOT work for my setup, but going to see if it is a problem with multiple layers of queues.)
Again, my exact actions:
Click on LAN interface
15MB bandwidth is pre-populated
save & Apply
Add New Queue
Bandwidth 5Mb
qAP1
Default
upperlimit m2= 5mb
save & apply
I want to add a child queue to this, but the Add New Queue button and Delete buttons are gone.

Tell me what I did wrong?!  I'm following the steps exactly as one is able to do given the GUI provided.  It just feels so much like the end user (a human, NOT a programmer) is being forced to think like a programmer and if we don't do exact steps it fails horribly.  Why can't the user get things setup the way they want and let the programming handle the details?  That is what a good GUI is all about.  I feel like I am constantly having to fight the GUI to get to do what I want... the GUI always wins and I lose and don't end up with a working shaper.

Is it possible to write the darn config manually???  I am pretty sure I know what I need things to look like.

Aaron


Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 03, 2008, 02:36:34 pm
Can i have access to your box.

I didn't understand much of your posting but i am not able to replicate some of your errors here.

Or please after you find the error send me config.xml and rules.debug?!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 03, 2008, 06:35:13 pm
Attached just a demonstartion of what the can be done with the new shaper as for queue creation.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 03, 2008, 07:15:48 pm
Attached just a demonstartion of what the can be done with the new shaper as for queue creation.

Yup, it's true! I think he took that screen cap from my box ;)

Thanks for the help.  I think it's working now! There are some bugs, but it's workable.

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 03, 2008, 10:04:56 pm
Now that I am able to configure my queues, Is there a way to get a list of the rules that are generated by the wizard? 

I don't mind having to input them manually (I need to anyway for my setup), but it would be helpful to have a detailed list with how they are configured so I can set them up on my network.  I just don't know every port, tcp flag and everything else that I need to match rules

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ridnhard19 on April 03, 2008, 10:48:36 pm
I got the new image; thanks for posting! its working now.

I've started working with the new shaper config and I've been unable to get the queues to show traffic relating to the rules the wizard or I define in the floating rules section.

I've done the following to try to get them to work:
-Removed the default accept all traffic rule from the LAN area
-Disabled the webGUI anti-lockout rule
-Added a lan network 2 lan address rule for port 80 to keep access working to the web gui
-Added a lan network 2 lan addres rule for tcp/udp 53 (DNS) to keep access working to the web (in theory, but no rule to * destination on port 80.
-Added basic queues using the wizard but to only include a priority of http traffic (adds rules to the floating rules area)

I go grab a big file from the web and see where my traffic ends up in the queues and it always goes to the default queues.

I've been able to get it to separate in the corresponding queues but I have to put the rules in the specific tab of the interface (LAN in this case) and then it works as we would expect.

Do you have any suggestions based on above as to what I could be doing wrong?

Thanks!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 03, 2008, 11:21:41 pm
I have a few observations/requests that I think will help everyone.. I just struggled with these things for quite a while.  Most of these are cosmetic, but very helpful to the end user.  Maybe another dev can help polish up the GUI to make it more consistent with the rest of pfSense?

1. Default queues - Is it possible to have the shaper GUI automatically create Default Queues for each level of child queues?  This is driving me nutz!  Especially when the error messages do not specify which queue layer is missing a default queue.  Also, a note that says you must have exactly 1 default queue for each part of the tree would be helpful.

2. Error checking and notification before Applying rules?  For Example, When the child total bandwidth is more than the parent, I have to wait for the rules to apply and reload just to find out that some math or parameter is wrong.  Then I have to click thru each queue to figure out what everything adds up to be and where I need to change things.  Perhaps a list that auto-add's the current layer's total bandwidth as you are entering it?  So you will automatically see you are at 105%

3. Editing a queue name after it has been created is still not functioning

4. Modifying queues flagged as Default: It is good that the "Add new queue" and "delete" buttons are invisible on a default queue, because you must have a default queue.  But what happens if there is 2 default queues by accident or I need to delete it for some reason?  It is not obvious what a user needs to do to modify that queue.  Can there be a label that says "Note: in order to delete or modify this queue, the Default Queue flag must be removed"?

5. I think the tree view is very helpful to give people a visual representation on the queue layers/tree.  Is it also possible to have a list view of the queues and their most common parameters like we would see in a Rule list (Also like m0no's Pipes or Queues view)?  This would give us a bird's eye view of all of the queues for easy troubleshooting.  (Just think about asking people on the forum to list their queues.. it's easy to take a screen cap to find obvious things.)  It is a pain in the rear to have to click on each and every queue to verify basic settings when things go wrong.

6. As noted in my PM - creating a queue AND specifying service curve parameters - after pressing SAVE the queue creation fails and fails silently (with no error message).  We are only able to add service queue parameters AFTER the queue has been created.

7. When using "Add New Queue" button - a. Perhaps it should say "Add Child Queue" to be more accurate? b. There is no way for the user to know which queue he/she is adding a child to.  It would be great to have the tree light up and make placeholder where the queue is going to be placed... but at LEAST a label that says "Add a child queue to xxxx parent" would be very helpful.

8. That's all for now :)  That'll keep you busy!

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 03, 2008, 11:25:41 pm

I've started working with the new shaper config and I've been unable to get the queues to show traffic relating to the rules the wizard or I define in the floating rules section.


I had the same problem several times.  I think it is due to the queue rules not loading because of a config error.  Did you get an error that scrolled across the top of your screen? 

Also, Try Reset States.
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 12:43:33 am
so now that we have a mostly functioning shaper GUI, I need to understand the rules. 

I need to understand the floating rules concept more.

My understanding is that we can have rule and "flag" those packets matching the rule... then continue to match rules until the Quick option is found.  The concept is great!...  The GUI is not.

1.  The advanced options section does not even have the parameters labeled.  How do we know what to put in these fields?   And I think we are missing options necessary for the shaper?  ie. Where can I find the TCP flags section and the TOS section? These appear to be missing, unless I am blind?  How exactly does the advanced section for flags work?  The advanced section tells us what we can do, but not  what type of parameter is valid here.   What on EARTH is the "Maximum new connections / per second" for, and why does it have a drop-box with numbers of unknown units?

Since I need my network back and fully operational by Friday afternoon, I need to be able to get these rules in place or else go back to 1.2 release.  These GUI issues must be addressed. I'm not trying to be harsh, but this shaper was claimed to be "90% completed", but in reality it is still in alpha stage.

ie. Do I just type in "VoIP" for the first unnamed parameter and that is my flag?  And then on the network matching rule, do I use "VoIP" in the 2nd (unnamed) field as the flag that is necessary to match with that particular rule?  Is it possible to use multiple flags in these parameter fields?

So, in my situation, I need to match the traffic type (ack, VoIP, web, ssh, etc).   Then I need to match a Network address to determine which queue to place the packet in.  Then how does that queue pass the packets to it's parent queue?

So, for VoIP(Generic low-delay TOS), what exact rules do I need to flag a packet as "VoIP" and continue down the list of rules. 

These questions are exactly what end users (like ME) are going to be asking.  Why not give the answer before we need to answer 5233 of the same question in the forum?

Thanks for the help.
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: GoldServe on April 04, 2008, 02:38:14 am
Full ISO install would be nice. Somehow the full install update file killed my full install. Can not find kernel when it rebooted.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 04, 2008, 04:43:04 am
so now that we have a mostly functioning shaper GUI, I need to understand the rules. 

I need to understand the floating rules concept more.

My understanding is that we can have rule and "flag" those packets matching the rule... then continue to match rules until the Quick option is found.  The concept is great!...  The GUI is not.

1.  The advanced options section does not even have the parameters labeled.  How do we know what to put in these fields?   And I think we are missing options necessary for the shaper?  ie. Where can I find the TCP flags section and the TOS section? These appear to be missing, unless I am blind?  How exactly does the advanced section for flags work?  The advanced section tells us what we can do, but not  what type of parameter is valid here.   What on EARTH is the "Maximum new connections / per second" for, and why does it have a drop-box with numbers of unknown units?
The advanced option is the same as in 1.2 it just has 2 more fields that just mark the packets as in every marking thingy i have used.
To learn more how to use them just see http://cvs.openbsd.org/faq/pf/tagging.html.
The tag = mark in that page.
The tagged = marked.

Quote
Since I need my network back and fully operational by Friday afternoon, I need to be able to get these rules in place or else go back to 1.2 release.  These GUI issues must be addressed. I'm not trying to be harsh, but this shaper was claimed to be "90% completed", but in reality it is still in alpha stage.
You do not know what an alpha stage means and do not make silly claims.
I do not think there is anything in there anymore to hold you from creating a working config apart some error checking from preventing the user doing silly things.

BTW, for an interface you need a default queue. It does not mean that for every 'level' you can have a default queue just that for the LAN section you need explicitly ONE AND ONLY ONE DEFAULT QUEUE IN THAT 'LEVEL'.
The same applies to WAN/OPT1 or any other interface. Any of them should only have only one default queue.


Quote
ie. Do I just type in "VoIP" for the first unnamed parameter and that is my flag?  And then on the network matching rule, do I use "VoIP" in the 2nd (unnamed) field as the flag that is necessary to match with that particular rule?  Is it possible to use multiple flags in these parameter fields?

So, in my situation, I need to match the traffic type (ack, VoIP, web, ssh, etc).   Then I need to match a Network address to determine which queue to place the packet in.  Then how does that queue pass the packets to it's parent queue?

So, for VoIP(Generic low-delay TOS), what exact rules do I need to flag a packet as "VoIP" and continue down the list of rules. 
You have a box labeled DSCP(diffserv codepoint) and you do not need TOS for that if you have DSCP.

Quote
So, in my situation, I need to match the traffic type (ack, VoIP, web, ssh, etc).   Then I need to match a Network address to determine which queue to place the packet in.  Then how does that queue pass the packets to it's parent queue?
I do not think this even makes sense but am trying to give you some help.
If you want you can do things as.
1- Floating rule tag packets for VoIP. In the advanced section on the mark input just type "VoIP"
2- On specific interface tab just create a rule that has in the marked input "VoIP" and the specific network you want plus the queue you want it to go to.



Quote
These questions are exactly what end users (like ME) are going to be asking.  Why not give the answer before we need to answer 5233 of the same question in the forum?

Thanks for the help.
Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sai on April 04, 2008, 06:00:02 am

These questions are exactly what end users (like ME) are going to be asking.  Why not give the answer before we need to answer 5233 of the same question in the forum?

because the dev wil not know what the end user needs help with. docs and howtos are usually written by the enduser.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 07:16:31 am
because the dev wil not know what the end user needs help with. docs and howtos are usually written by the enduser.

I've already committed to writing the howto.  But not everybody reads directions, either ;) 

The dev will know what the end user needs help with by end users (like me) who are not afraid to give good feedback and take significant amounts of time to document the problems so they can be fixed or made idiot-proof before release to the public. 

It is my experience that if you can get end users to USE your program or product and you watch how they do things, you can use that insight to make your program more user friendly.  The moment a user says "Huh?" is where a dev should take note and make something more intuitive or at least give a note explaining what we need to do here.  Then you continue on in the process, carefully watching the end user, until they hit the next "huh?" and take note again.

Test and test again until the system flows smoothly for every different kind of situation the users will encounter (as much as possible).  In my experience, the GREAT products out there thrive on getting feedback from users and refining and refining based on that feedback.  The more feedback, the better things become because the dev has the most insight on what people are doing with the product.  Not everyone has an in depth knowledge of BSD, altq, HFSC.  Isn't that the point of making a GUI? 

I hope the feedback I offer is appreciated.  Working with other companies to report issues has been GREATLY appreciated because their product can become better as a result. 

In this situation, I *AM* a customer, offering my time and experience to try to help, but it is not well received. 

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 04, 2008, 08:01:00 am
Yeah but you make comments on the product by judging it.

If you want to help please tell me what you find unnatural in there and not accuse something does not work only to you it seems counter intuitive.

A firewall is not something simple if you click the advanced options. This try to be addressed with wizards just for this class.

I have attached a picture of what the service curve parameters need to look like when added to the queue.
It works since the first time just it seem that you do not know how to enter them.

Valid values for units in the service curve parameters are (Kb, Mb, Gb, b, %) and they are case sensitive.

You cannot rename a queue cause that means that you want to create a new one. Delete the old and create a new one is not that it is something that difficult afaik.
Furthermore it is not consistent to allow a queue to be renamed cause of the rules that reference it. When you delte a queue it is automatically removed from rules to not break your config.(Just a rule afaik to protect the silly user ;).

P.S. the picture is taken from a debugging output that's why some labels are misaligned.





Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 09:24:44 am
Yeah but you make comments on the product by judging it.

If you want to help please tell me what you find unnatural in there and not accuse something does not work only to you it seems counter intuitive.

I don't try to be a jerk, honest!  I get frustrated, but I just try to give objective information.  I didn't write the errors for my health :) 
Quote
Valid values for units in the service curve parameters are (Kb, Mb, Gb, b, %) and they are case sensitive.
Yes, I knew these parameters.  I just rebooted a couple times and now queue creation is working just fine with the same values that previously failed.  Hmm??

I am wondering if a lot of my errors are because of the errors I got about not being able to write to the file system and not being able to write to the config?  Maybe this is a bigger problem, outside of the shaper in pfSense or BSD?  Or maybe I have intermittent defective hardware or driver problem for ALIX?

Quote
You cannot rename a queue cause that means that you want to create a new one. Delete the old and create a new one is not that it is something that difficult afaik.
Furthermore it is not consistent to allow a queue to be renamed cause of the rules that reference it. When you delte a queue it is automatically removed from rules to not break your config.(Just a rule afaik to protect the silly user ;).

Fair enough.  Just sometimes people make spelling errors.  If the error was on the parent, it is a lot of work to create 10-15 queues again ;)  Something to consider?  I would love to have a "create parent queue" button.

Entering hex values to convert TOS to diffserv: please file this under unnatural :) 

I remember the diffserv options used to be listed out like TCP Flag radio buttons were:
Low Delay: yes no don't care
Reliability: yes no don't care

I googled for the hex value equivalent of low-delay TOS  ... I can't find a specific value, and I don't have time to become an expert on diffserv.  Where did the radio button go?  Or do I remember it from m0n0?  But for now, can you give me a value that will work for VoIP?  Pretty Please? Plus, I would really love the list of rules the wizard puts out so I can get a config running by this afternoon.

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: hoba on April 04, 2008, 09:30:50 am

Entering hex values to convert TOS to diffserv: please file this under unnatural :) 

I remember the diffserv options used to be listed out like TCP Flag radio buttons were:
Low Delay: yes no don't care
Reliability: yes no don't care

I googled for the hex value equivalent of low-delay TOS  ... I can't find a specific value, and I don't have time to become an expert on diffserv.  Where did the radio button go?  Or do I remember it from m0n0?  But for now, can you give me a value that will work for VoIP?  Pretty Please? Plus, I would really love the list of rules the wizard puts out so I can get a config running by this afternoon.

Aaron

TOS is not DiffServ. Please consult wikipedia if unsure about this and what the difference is between TOS and DiffServ. For TOS you could have these radiobuttons but DiffServ is different. You also can only use either or as both techniques use the same bits in the IP-Header.

http://en.wikipedia.org/wiki/Type_of_Service
http://en.wikipedia.org/wiki/Differentiated_services

m0n0 only supports TOS but DiffServ is superior as it allows more levels of control.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 09:53:07 am

TOS is not DiffServ. Please consult wikipedia if unsure about this and what the difference is between TOS and DiffServ. For TOS you could have these radiobuttons but DiffServ is different. You also can only use either or as both techniques use the same bits in the IP-Header.

http://en.wikipedia.org/wiki/Type_of_Service
http://en.wikipedia.org/wiki/Differentiated_services

m0n0 only supports TOS but DiffServ is superior as it allows more levels of control.

Thanks for the clarification.  I'll take a look at that.  Ermal told me to use Diffserv when I asked about TOS. "You have a box labeled DSCP(diffserv codepoint) and you do not need TOS for that if you have DSCP."

The question remains: WHERE and HOW do I set the rule that will identify my VoIP traffic?  I can't find the option for generic Low-Delay TOS and I don't know the DiffServ value.  If I need to enter a DiffServ value, what hex value do I use?  I can't run the shaper wizard or it will destroy my queue sets, and I need to set manual rules anyway. I don't really want to use IP or MAC to identify traffic, but I guess I can in the immediate term. 

This is why I have asked a couple times for the detailed list of rules the wizard generates ;)  I can use them as a template.  I know just enough to be dangerous ;)  I know high level stuff, and even some low level things.  But I do not possess the knowledge for getting into bit level details of diffserv and stuff like that.

I just need to create rules to ident traffic... something like this:
High Priority flag: dest 80, 443, 53, 5100, 22, etc
VoIP: low-Delay TOS (or equivalent diffserv) .. or I may have to list individual IPs
catchall (Not sure how to create this one???)

Then rules for each /16 subnet to put the ident flags in the appropriate ack & queue for that subnet.
If this does not sound correct, please let me know. 

Thanks for your help!
Aaron




Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 04, 2008, 11:20:14 am
Here is a trick.

Keep your QUEUE config in opt1 interface.
Run the wizard and select only one conection(either multiwan or multilan) follow the wizard and it will create the queues and rules.
After finishing the wizard and having the rules ready to modify you can than go to Firewall->Traffic shaper ->By queues view
Select the opt1 interface from the list and select "copy/clone queues" over the Lan interface and than Wan if you want the same there to.

Now just follow the rules on the floating tab and modify those at your will.

That should keep your config and give you a template of rules.

Is this ok for you?

I cannot give you the template since it is generated in code and they are not hardcoded rules.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 11:58:38 am
Here is a trick.
Is this ok for you?
I cannot give you the template since it is generated in code and they are not hardcoded rules.

That sounds like a good trick!  I just ran it like that, but got this error on on the last screen that has "finish" button.

Warning: Invalid argument supplied for foreach() in /etc/inc/shaper.inc on line 41 Warning: Invalid argument supplied for foreach() in /etc/inc/shaper.inc on line 41 Warning: Invalid argument supplied for foreach() in /etc/inc/shaper.inc on line 41 Warning: Invalid argument supplied for foreach() in /etc/inc/shaper.inc on line 41 Warning: Invalid argument supplied for foreach() in /etc/inc/shaper.inc on line 41 Warning: Invalid argument supplied for foreach() in /etc/inc/shaper.inc on line 41 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/shaper.inc:41) in /usr/local/www/wizards/traffic_shaper_wizard.inc on line 535

D'oh!  The end result is this error and these queues (the rules generated, but with only 2 queues)
php: : New alert found: There were error(s) loading the rules: pfctl: should have one default queue on vr1 pfctl: errors in altq config The line in question reads [ should have one default queue on vr1 pfctl]:

since my queues are destroyed now anyway (I did copy them to OPT1..?? But I think I ran the wrong wizard) I'll start over fresh one more time.  *crosses fingers*

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 04, 2008, 12:06:44 pm
could you tell me what options did you choose during the wizard? And which wizard you ran?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 12:26:08 pm
I believe I ran:
Single Lan multi Wan    traffic_shaper_wizard.xml

1 "connection" (again, is this referring to LAN or WAN connections?)
LAN: HFSC
WAN: HFSC, 4mb upload, 16mb download
voip, generic low delay, 512/512
penalize IP: 10.0.0.244, 20% (dummy address just to get the rules for templates)
p2P check, catchall check, 20%
no gaming options
Other network protocols: defaults except I set Higher on: VNC, ARD, PPTP, IPSEC, HTTP, DNS, ICMP

I just ran the wizard again without error.  The difference this time is that I REMOVE SHAPER before running the wizard.  Perhaps it was having problem with the existing queues in the config?  I dunno

Aaron
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 04, 2008, 12:32:29 pm
When you choose multiple Wan wizards it refers to internet connections.

For multi LAN wizards it refers to number of internal networks ie number of local interfaces that will be connected to local networks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: SlickNetAaron on April 04, 2008, 05:41:39 pm
When you choose multiple Wan wizards it refers to internet connections.

For multi LAN wizards it refers to number of internal networks ie number of local interfaces that will be connected to local networks.

I know that after multiple runs thru the wizard, but my point is that it's not obvious.  Some wizard(s) do specify Local and WAN, some just say num of connections.

Anyway, more bug time!  ::)

1. The rules page loads VERY slowly and often fails to complete loading.  Attaching a couple screen caps.  Almost every time I have to refresh the list to get a full populate.  Mostly on the floating rules, but WAN is having same issue.  I am guessing this an issue outside of the shaper?

2. Rules created by the wizard

3. Floating rules interface:
I like the concept of tagging a LOT.  But, I think that mixing the queues in with the firewall rules is confusing. Maybe I'm just not knowledgeable enough, but I am paranoid of the interaction of creating Pass rules in the firewall to use the shaper queues.  I just reloaded 1.2 Release and making shaper rules with targets, TOS & TCP flags just seems a lot more intuitive. Plus, it idents my VoIP correctly.

I have decided that I am going to use 1.2 Release for the time being.  I'll get out of your hair, let you work. 

Please, Please, Pretty please... test everything and polish things up before releasing this again. Walk through what a user would do in a few scenarios.  Forget your intimate knowledge of what you created, and try to go thru it like you have never seen it.  Of course test with real traffic to make sure rules are matching (I think absolutely everything is ending up in the catch all queue for me right now! I didn't check the lockout rule tho.) Read each label and try to config using only the directions on the screen.  You will see what I mean.

I look forward to a 1.3 beta where others have tested the shaper and things are working much better.
I'll keep an eye on this thread.  Please feel free to ping me if you would like me to do some testing or get some feedback.

Regards,
Aaron

EDIT: I am still committed to writing a HowTo.. But I'd like thing to be in more final form before I prepare it.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: superwormy on April 10, 2008, 08:36:51 am
How much do I need to contribute to get a 1.2 package for this? I can't send much immediately but I could send $50 immediately if it means I can:

1.5mb T1 connection
a) Limit DMZ upload/download to/from WAN to 512kb/sec
b) *Not* limit DMZ upload/download to/from LAN

Is this possible/is $50 enough to get access to the 1.2 packages?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on April 16, 2008, 03:25:02 am
Hi,

i know that maybe i wasn't supposed to do that, but i've downloaded the last update image from the location ermal gave me the last time, named

pfSense-Full-Update-1.2-RELEASE-20080402-1748.tgz

Do not use it!! The kernel doesn't load on my machine after the update, i will try to figure out how to fix that...


albe
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 16, 2008, 01:00:46 pm
k3rmit is this an embedded update?!

Since others have reported to upgrade just fine!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on April 16, 2008, 04:52:24 pm
sorry to have such few time to follow this thread ermal, i still owe you an answer regarding a shaper error... which is: i managed to disable it, reset the configuration and reconfig again correctly. I suppose something got wierd with the first shaper setup, that subsequently created an interpretation error with the update.

To answer your last question, no, is not embedded and thanks for the new link you sent me, i will have a look at it tomorrow morning (it's midnight here).

cheers


albe

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: bogus on April 19, 2008, 05:44:33 am
Well, I haven't been around for some time and if I see the postings during my absence it looks like no many people having problems to setup and configure the new shaper.
Sorry, but I do have some difficulties to get it working.
The lastest available update (20080409-1911) does not have the new shaper, or at least to wizard looked like to old one.
So I downloaded 20080402-1748 and applied it to a fresh 1.2-RELEASE installation (downgrading from 20080409-1911 does not worked).
Once finished the basic configuration I moved the "Default LAN rule" to the floating tab and disabled the webGUI anti-lockout rule.
To keep it simple the load-balancing pools have been created but no rules to use them have been created.
Only the floating tab is having one rule.
So far everything good, I still could access to webGUI and the clients could access the internet.

Now I walked through the single LAN Multi WAN Wizard:
   numberofconnections: 3
   Put in the values of my ADSL connections (still don't know if I should substract the PPPoE overhead? But guess, yes!) and select HFSC scheduler.
   Enable Prioritize Voice over IP traffic.
   No Penalize IP or Alias.
   No Lower priority of Peer-to-Peer traffic (At a later stage I do want this but for now I want it as simple as possible).
   No Prioritize network gaming traffic.
   Yes Other networking protocols, set HTTP and MSN to higher priority and SMTP. POP3, IMAP and Lotus Notes to Lower priority.
   Finish.
   
The following rules at the floating tab have been created:
Code: [Select]
Proto  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description 
UDP * * * * * qVoIP   DiffServ/Lowdelay/Upload 
TCP * * * 1863 * qACK/qOthersHigh   m_Other MSN1 outbound 
TCP * * * 6891 - 6900 * qACK/qOthersHigh   m_Other MSN2 outbound 
TCP * * * 6901 * qACK/qOthersHigh   m_Other MSN3 outbound 
UDP * * * 6901 * qOthersHigh   m_Other MSN4 outbound 
TCP * * * 80 (HTTP) * qACK/qOthersHigh   m_Other HTTP outbound 
TCP * * * 443 (HTTPS) * qACK/qOthersHigh   m_Other HTTPS outbound 
TCP * * * 25 (SMTP) * qACK/qOthersLow   m_Other SMTP outbound 
TCP * * * 110 (POP3) * qACK/qOthersLow   m_Other POP3 outbound 
TCP * * * 143 (IMAP) * qACK/qOthersLow   m_Other IMAP outbound 
TCP * * * 1352 * qACK/qOthersLow   m_Other LotusNotes1 outbound 
UDP * * * 1352 * qOthersLow   m_Other LotusNotes2 outbound 
* LAN net * * * * none      

I would expect that HTTP traffic would go into qOthersHigh and receiving an email (8MB attachment) with Thunderbird into qOthersLow.
OK, the outgoing port is set to 587 because port 25 is blocked here, but the incoming is default on port 110.

But it does not, everything goes into qDefault (WAN and LAN).

Do I need to configure something else?

Cheers
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: voona on April 19, 2008, 05:56:17 am
Hi guys,

Happy to pledge 50$ to get openvpn tunnels working with the Shaper.. Is this possible? Will it be implemented?

Regards,
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 19, 2008, 07:04:31 am
Well, I haven't been around for some time and if I see the postings during my absence it looks like no many people having problems to setup and configure the new shaper.
Sorry, but I do have some difficulties to get it working.
The lastest available update (20080409-1911) does not have the new shaper, or at least to wizard looked like to old one.
So I downloaded 20080402-1748 and applied it to a fresh 1.2-RELEASE installation (downgrading from 20080409-1911 does not worked).
Once finished the basic configuration I moved the "Default LAN rule" to the floating tab and disabled the webGUI anti-lockout rule.
To keep it simple the load-balancing pools have been created but no rules to use them have been created.
Only the floating tab is having one rule.
So far everything good, I still could access to webGUI and the clients could access the internet.

Now I walked through the single LAN Multi WAN Wizard:
   numberofconnections: 3
   Put in the values of my ADSL connections (still don't know if I should substract the PPPoE overhead? But guess, yes!) and select HFSC scheduler.
   Enable Prioritize Voice over IP traffic.
   No Penalize IP or Alias.
   No Lower priority of Peer-to-Peer traffic (At a later stage I do want this but for now I want it as simple as possible).
   No Prioritize network gaming traffic.
   Yes Other networking protocols, set HTTP and MSN to higher priority and SMTP. POP3, IMAP and Lotus Notes to Lower priority.
   Finish.
   
The following rules at the floating tab have been created:
Code: [Select]
Proto  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description 
UDP * * * * * qVoIP   DiffServ/Lowdelay/Upload 
TCP * * * 1863 * qACK/qOthersHigh   m_Other MSN1 outbound 
TCP * * * 6891 - 6900 * qACK/qOthersHigh   m_Other MSN2 outbound 
TCP * * * 6901 * qACK/qOthersHigh   m_Other MSN3 outbound 
UDP * * * 6901 * qOthersHigh   m_Other MSN4 outbound 
TCP * * * 80 (HTTP) * qACK/qOthersHigh   m_Other HTTP outbound 
TCP * * * 443 (HTTPS) * qACK/qOthersHigh   m_Other HTTPS outbound 
TCP * * * 25 (SMTP) * qACK/qOthersLow   m_Other SMTP outbound 
TCP * * * 110 (POP3) * qACK/qOthersLow   m_Other POP3 outbound 
TCP * * * 143 (IMAP) * qACK/qOthersLow   m_Other IMAP outbound 
TCP * * * 1352 * qACK/qOthersLow   m_Other LotusNotes1 outbound 
UDP * * * 1352 * qOthersLow   m_Other LotusNotes2 outbound 
* LAN net * * * * none      

I would expect that HTTP traffic would go into qOthersHigh and receiving an email (8MB attachment) with Thunderbird into qOthersLow.
OK, the outgoing port is set to 587 because port 25 is blocked here, but the incoming is default on port 110.

But it does not, everything goes into qDefault (WAN and LAN).

Do I need to configure something else?

Cheers

Did you remove the qucik from the Default lan rule?!

Please send me even your rules.debug to me privately to give you a more complete answer.
Go to Diagnostics->Edit file on the textbox enter /tmp/rules.debug and send that output.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: bogus on April 19, 2008, 07:12:49 am
Yes, quick is not selected.

My rules.debug should have arrived.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: bogus on April 19, 2008, 01:49:11 pm
Just an update for all those interested before I get into the next issue.

Finally, we  managed to get the queues correctly utilized.
It looked like the all rules were correctly created but in /tmp/rules.debug Ermal found that no queues were assigned to the rules.

So I started (try and error) to get the queues assigned.
First I disabled all rules using the toggle button in front of each rule and applied the changed.
Then I started enabling the first rule using the toggle button and applied the changes..checking the rules.debug..same before.
But when I opened the same rule and changed the queue to some other...press save and apply... checking the rules.debug..jepp, queue assigned.
Ok, changing back to the correct queue and now the correct queue was assigned in rules.debug, gooood!
The rest of the rules I just opened and removed the disabled flag and applied one by one.

Now the traffic shaper is working with single WAN, lets get to the next level - load balancing.

I do not remember if it was mentioned in this thread before but I'm not sure how to get my traffic balanced over my three connection.
Yes, I have it working with 1.01, 1.2 betas and RCs but it seems to be different with the new shaper.
As soon I create the LB rule on the LAN tab I'm out (yes, anti lockout-rule disabled).

Well, after enabling the anti lockout-rules I'm back in and it seems to work.
Two parallel http downloads were using two different connections.
For me it looks like that with my current setup the anti lockout-rule is not an issue.
May be later when I try to catch all p2p which is the major reason for me do traffic shaping?

But why I got locked out?

This is how the new rule looks like in rules.debug:

pass  in  quick on $lan  route-to { ( vlan1 192.168.20.254 ) , ( vlan2 192.168.30.254 ) , ( vlan2 192.168.30.254 ) } round-robin  from 192.168.100.0/24 to  any keep state  label "USER_RULE"

Pass in quick! That was the first Ermal asked. But on the LAN tab it does not appear in the rule properties.
So I cannot enable/disable it.

Any idea?

Cheers

Btw.
Where are all the success stories?
I believe it would help a lot if more people could post a brief description how they did and what pitfalls they run into! And even more important, how to get around or avoid!
Not only that others would benefit but also free-up Ermals back.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on April 19, 2008, 03:14:55 pm
So now it is working?!

Anyway you get locked out since the route-to rule catchs up your request and gets sent out of the firewall and not to the server running on the pfSense machine. So it seem that you need to keep that anti-lockout rule.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: bogus on April 20, 2008, 09:32:42 am
Yes, it is working now.
Thank you very much for your support.

Now I have to re-read about what you said about load-balancing, squid and traffic shaper.

Cheers
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: falcon on April 23, 2008, 10:03:38 pm
I have a simple question how does this differ to the normal traffic shapper ?


which one would suite me better.

we host websites on port 80 and 443 , i want to set the http/mail/ssh to be priority traffic in and out, mostly out for one netwrok and low proiroty traffic for another network no matter what it is
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: lambert on April 24, 2008, 03:03:39 pm
Just out of curiosity, how much was the total bounty, and how much of the bounty is still outstanding?

I'm just looking for a dollar amount, not a list of shame.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on May 09, 2008, 04:08:30 am
Ciao everybody,

had a chance to install the latest iso (the firmware update wasn't updating at all) and everything is working nicer now, with floating rules created automatically by the wizard according to definitions.

Still, i'd like to report a couple of bugs:

1. multi lan single wan wizard at the last passage is like

(http://wizard 1.jpg)

   and then

(http://wizard 2.jpg)

2. the rules creation after the wizard reports the following errors:

Quote
php: : There were error(s) loading the rules: pfctl: should have one default queue on em0 pfctl: should have one default queue on bfe0 pfctl: should have one default queue on rl0 pfctl: errors in altq config - The line in question reads [ should have one default queue on em0 pfctl]:
php: : New alert found: There were error(s) loading the rules: pfctl: should have one default queue on em0 pfctl: should have one default queue on bfe0 pfctl: should have one default queue on rl0 pfctl: errors in altq config The line in question reads [ should have one default queue on em0 pfctl]:


didn't have the chance to test rules effectiveness, will let you know as soon as i have the occasion (=continuous non interrupted time :-)

cheers


albe
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on June 04, 2008, 02:37:25 pm
Hi again,

i'm testing the shaper now and must say that besides minor glitches it is working quite fine.

First, the above reported bug is one in the wizard, because i didn't fill the p2p shaping percentage text filed, it didn't check that while clicking Next, went on and BAM, error in the end: i specified that now, so it is creating queues and floating rules correctly.

I'd like to ask something though:

1. I can't reproduce the exact procedure to get there, but somehow, while creating additional queues and assigning them to additional floating rules, it lost all floating rules.
2. The order of rules application on traffic seems to be interface rules and then floating rules: in a case such as mine, one has lots of rules created for each interface, considering floating rules didn't exists for pfsense in the past and it was the only way to regulate traffic, therefore those rules will all use the qDefault queue and will override all those nice floating rules created by the wizard, making them useless, unless you assign to each and every interface rule the corresponding queue. Can the rules application order be reversed?
3. i assigned 4130Kb to the WAN interface, 1Mb to the VOIP queue, and the results of the wizard queue creation are:
        qAck: 19.846% band, ls m1 0b, ls d 500, ls m2 19.846%
        qDefault: 9.923% band
        qVoIP: 32Kb, rt m1 0b, rt d 10, rt m2 1Mb
        qOthersHigh: 9.923% band, ls m1 0b, ls d 200, ls m2 9.923%
        qOthersLow: 4.9615% band, ls 4.9615%, ls d 200, ls m2 4.9615%

    same thing for all siblings on other interfaces. Question is: the total amount of bandwidth from these rules doesn't match the one assigned to the WAN interface, why?

On the side note, i'd like to point out that the queue definition interface works well, but limits for values should be checked at entry or submission time, not at changes application, or you will get strange errors which are not always easy to debug. (i.e. bandwidth overallocation for subqueues).

Hope i explained myself well enough..

Thanks

albe

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on June 04, 2008, 04:25:06 pm

Correction at point 1: the f*#@ing pfsync was configured and the conf was overwritten from the first machine. sorry for that.

Correction at point 3: i did assign 1 Mb to VOIP in the wizard.

Finally: i'm struggling to make the catch all queue from LAN to DMZ and viceversa woro, to no avail. communications are always crawling... like 200bps... what's wrong? I double checked everything, i'm monitoring via pftop that the traffic is falling in the right queues, but nothing... even with 80Mb set in the queue and 100Mbit in the interface, the traffic is always crawling. Specifically i'm trying to copy a file from DMZ to LAN: all rules interestd in this have been assigned the right queues. I even created a dedicated ACK queue for such traffic, but it didn't change anything...

any clue?

thanks.

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on June 05, 2008, 04:08:10 am
Can you please send me your rules.debug to ermal _at_ pfsense.org just to check the order of the evaluation or it might be that the rules produced by the wizard are without the quick keyword and you can edit the floating rules to be terminating but that will mostly break the policy.
I am sorry there is no easy fix to such a thing since there is no easy way to update the existing policy to conform to the new shaper :(.

For the DMZ - LAN problem i would suggest trying living the queue policy in effect only for the internet connections ie on the Traffic shaper config delete the queue policy for LAN and DMZ and see if it suits you with shaping only on outbound. Usually it would suffice since the other part is throtled by the ISP and packets will be driven by the outgoing policy.

If you need a more specific answer please give me some more detailed specification even in private if you wish.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: dps on June 09, 2008, 03:17:46 am
Guys,

 How can i have access to the image with the multi nic shapper?

Thank You!

Duarte Santos
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: Perry on June 09, 2008, 04:00:17 am
If you donate xxx$ to it you'll get access.

Please read every reply in this topic before asking any additional questions.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: medien on June 09, 2008, 07:01:05 am
multi lan in 1 WAN is very interesting.i hope you can develop per ip bandwidth limiting.thats what everybodys newbie waiting i think.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on June 09, 2008, 12:04:30 pm
Well expect surprises fro 1.3 or give it a thought/contribution for 1.2 :P.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on June 27, 2008, 07:03:20 pm

Good Day to all!

Our small company needs a firewall with the following features. Does pfSense support the following requirements? We are willing to donate if it can fulfill the needs stated below.

1. Support Dual WAN
2. Traffic Shaper for Dual WAN ( distribute bandwidth equally for every workstation that uses the internet ) <--- i think this is the bounty?
3. Web Proxy
4. Samba

Hope somebody can give me some info. Thanks and more power!

Chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on June 28, 2008, 05:39:26 am
The current implementation that is ported to 1.2 that the bounty covered offers this through CBQ and with intimate knowledge with HFSC.

Actually 1.3 would be the release which will really be my recommendation for this.

AFAIK you can sponsor it somemore to get the 1.3 improvements to 1.2.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: tomdchi on June 28, 2008, 10:00:09 am
I just sent $100 to paypal@chrisbuechler.com.  I just started using pfsense last week and 1.3 would be a great help! 

My paypal address used was billing@alumnipropertygroup.com

Thanks!
Tom
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: tomdchi on June 29, 2008, 08:34:12 pm
Just upgraded and WOW, this new shaper is AWESOME!!  Just what I needed!!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sullrich on June 29, 2008, 11:23:15 pm
Just upgraded and WOW, this new shaper is AWESOME!!  Just what I needed!!

Nice!!!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 01, 2008, 10:24:05 am

Hello I have donated $25 to paypal@chrisbuechler.com. Hope this little donation can bring more innovations! :) How can test this features? Thanks in advance and more power!

Chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 02, 2008, 12:00:01 pm
For all of you that are running the new shaper with multiple interfaces there is a bug that will prevent it from working correctly.
Please see http://cvstrac.pfsense.org/chngview?cn=23485 and make the change manually for now until a new update is released to you.

@ccfiel
read your private messages.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 02, 2008, 09:21:07 pm

I have tried the new filter.inc. but there is an error when loading pfsense. Fatal error: Call to undefined function: get_configured_interface_with_descr() in /etc/inc/filter.inc on line 431. any ideas? :)

Chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 03, 2008, 01:44:00 am
Just change the lines i have sent in the link above.

What you have done is taking the filter.inc from RELENG_1(aka 1.3), DO NOT DO THAT.
RELENG_1 is way changed from RELENG_1_2.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 03, 2008, 04:24:20 am
hello ermal , oh i see. I just want to make sure if what i did is correct. this is what i have in line 2170. so i have to delete this 4 lines?

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out on \$lan proto icmp keep state label "let out anything from firewall host itself"
pass out on \$wan proto icmp keep state label "let out anything from firewall host itself"
pass out on $wanif all keep state label "let out anything from firewall host itself"

and add this 3 lines ?

# let out anything from the firewall host itself and decrypted IPsec traffic
pass  out  on  {$oc['if']}  proto  icmp  keep  state  label  "let  out  anything  from  firewall  host  itself"
pass  out  on  {$oc['if']}  all  keep  state  label  "let  out  anything  from  firewall  host  itself"

is this correct?

Chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 03, 2008, 06:16:17 am
Just replace the file in /etc/inc/filter.inc with the content from this LINK (http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/etc/inc/filter.inc?rev=1.575.2.368.2.65.4.7;only_with_tag=RELENG_1_2_RELEASE_BRANCH) and you should be ok.

Otherwise you just need to delete this 2 lines:
pass  quick on  {$oc['if']}  proto  icmp  keep  state  label  "let  out  anything  from  firewall  host  itself"
pass  quick on  {$oc['if']}  all  keep  state  label  "let  out  anything  from  firewall  host  itself"

and make them

pass  out  on  {$oc['if']}  proto  icmp  keep  state  label  "let  out  anything  from  firewall  host  itself"
pass  out  on  {$oc['if']}  all  keep  state  label  "let  out  anything  from  firewall  host  itself"

Whichever your prefer.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: venis_LA on July 03, 2008, 10:04:00 am
i'm a newbie and want to know where and how can i contribute to get a copy to test 1.3 ... many thanks thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 03, 2008, 10:52:00 am
You want access to the new shaper on 1.2 or have you replied on the wrong thread?

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: venis_LA on July 03, 2008, 12:27:28 pm
i want access to the new shaper .. thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 03, 2008, 01:20:34 pm
Well you can send the offerings at ermal.luci@gmail.com and i will give you the link to the new shaper.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 04, 2008, 05:21:33 pm


ermal, would the new traffic shaper allow you to distribute evenly bandwidth to the active workstations. example i have 2mb bandwidth. first  workstation 1 download a file so it gets the 2mb. after minute workstation 2 start download another file so workstation 1 gets 1mb and workstation 2 gets 1mb. is this possible with the new traffic shaper?

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 04, 2008, 06:44:33 pm
yes, just use CBQ discipline and it will setup you up for that.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 05, 2008, 11:19:40 am

Hello ermal. I have send you a private message about the traffic shaper

Chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: venis_LA on July 07, 2008, 09:25:28 am
Hello Ermal, I've made myccontribution but have not gotten any links to the new shaper,kindly advise. Thanks.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 07, 2008, 11:13:32 am
Check you mail i sent the reply with instructions.

Sorry but my connection has been spooky and am replying from another location right now.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 09, 2008, 08:35:58 am

ermal, i have notice that sticky connection was missing. is this a bug?

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 09, 2008, 09:31:27 am
Will check it before making available the other image.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 09, 2008, 11:10:50 am
ok thanks ermal! and load balance does not work :(
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 09, 2008, 12:09:51 pm
What do you mean by load balance does not work?!
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 09, 2008, 01:32:05 pm


ermal, I have tried to enable the load balance but only the WAN1 will get all the load but it works well in 1.2 official release. is this also a bug? or just missing something?

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 09, 2008, 03:12:44 pm
Can you please send me your rules.debug privately.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 09, 2008, 07:55:54 pm


Hello ermal, pm sent :)

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 10, 2008, 09:03:23 pm
Hello ermal,

i got this error. :( think this is the load balancer error. any ideas?

Jul 11 01:52:21    php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:146: syntax error pfctl: Syntax error in config file: pf rules not loaded The line in question reads [146]: pass in quick on $lan route-to { ( xl0 192.168.3.1 ) } from 192.168.0.0/24 to /32 keep state label "USER_RULE: Make sure DMZ 2 traffic goes to WAN2 DMZ"
Jul 11 01:52:21    php: : There were error(s) loading the rules: /tmp/rules.debug:146: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [146]: pass in quick on $lan route-to { ( xl0 192.168.3.1 ) } from 192.168.0.0/24 to /32 keep state label "USER_RULE: Make sure DMZ 2 traffic goes to WAN2 DMZ"

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 11, 2008, 12:51:41 am

ermal, problem solve :) just change my ip /32 to /24
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 11, 2008, 02:10:46 am

ermal,
       load balance is now working :) and sticky connection option appears :)  i am now testing your traffic shaper. My first problem is that the system can only see one interface. is this normal?

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 11, 2008, 02:49:43 am

ermal,
       I tried to used  by queue tab and clone shaper. is this good?

chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 11, 2008, 10:44:05 am
Well i think the vx driver is not on the list of hardware interfaces that support ALTQ, the traffic shaper.

I searched a little bit and i cannot come to a conclusion can you please verify if it supports it or not?

Instructions to enter it on the list of supported ALTQ interfaces:
Go to Diagnostics->Edit File
load /etc/inc/interfaces.inc
search for "is_altq_capable" function
add it to the list there - after ,"ste" add the line ,"vx"
Save
Go to the traffic shaper and it should show the interfaces
Make a simple configuration and reload the rules.
If it does work report back so it get added to the list.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on July 11, 2008, 07:47:28 pm
you right ermal vx is not supported :(

php: : New alert found: There were error(s) loading the rules: pfctl: vx1: driver does not support altq The line in question reads [ vx1]:
Jul 12 00:21:49    php: : There were error(s) loading the rules: pfctl: vx1: driver does not support altq - The line in question reads [ vx1]:

so i need another new lan cards
chris
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: tomdchi on July 16, 2008, 12:50:59 pm
bug?

I have am trying to use the penalty box feature and added an alias to it during the wizard setup.  It does not look like that it is working.  The penalty box used to have its own que and I finaly noticed that it was added to the qotherslow.  I am not seeing any traffic going through this que even though there are people using ip's associated with the alias.
Anything special I need to do?

Thanks,
Tom
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on July 16, 2008, 01:20:25 pm
Try to see if you are overridng the selection with a policy/rule on the interfaces tab.
Since the wizard creates a ruleset but you have to be careful when adding rules on the interfaces since they override every rule on the floating tab that does not have quick checked.

Read previous posts where i go in detail about this.
If you are doing this for optional interfaces too please check posts before cause you need to apply a fix for that
till the new update goes out after the move to FreeBSD 7 has settled.

Ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: tomdchi on July 16, 2008, 08:30:17 pm
That was it!  I missed the quick part in reading the posts. 

Thanks!
Tom
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: JustinHoMi on August 02, 2008, 01:39:16 pm
Could the total bounties received be posted in the first post?

What will be required to get this included in pfsense 1.2.1?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: dvserg on August 03, 2008, 12:14:46 pm
Could the total bounties received be posted in the first post?

What will be required to get this included in pfsense 1.2.1?
You can look 1.2.1 beta
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: JustinHoMi on August 05, 2008, 05:38:52 pm
Huh?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: trendchiller on August 10, 2008, 01:44:50 pm
1.2.1 will be a version to fix up the bugs from 1.2 and introduce FreeBSD 7

No features will be added...
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: far182 on August 12, 2008, 12:53:36 am
I would love to contribute.  Can I get a confirmation that there is an embedded version of the new shaper for people who contribute?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on August 12, 2008, 03:48:55 am
yes.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: far182 on August 12, 2008, 09:49:36 am
This sounds great.  Also, at some point will this make it into the public product?  Or will this always be private?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on August 12, 2008, 09:56:01 am
You decide :P read before posting just showing respect for an endless thread going more endless.

This thread is the only documentation available about the new shaper and buring it with posts is not doing any good.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: far182 on August 13, 2008, 04:56:43 pm
I just sent $100 to paypal@chrisbuechler.com.  Looking forward to the PM with instructions on where to get the new shaper.  :)

I know it's a small token, but I will try to help and contribute more when I can.  Personally, I would like to see this made available to everyone.  This way it can be tested and improved faster.  Personally, I will be testing this on my home Embedded router with 1.2 Release.  My ultimate goal would be to set this up in our work production environment (many locations).  I would prefer to wait until it's in a RELEASE version before putting it into production.

What kind of donation would be big enough to make this public and part of the RELEASE?  Basically, very very very stable.  I might be able find some contributors.

I have read through every thread on this post, but for testing I was hoping I might get some help with configuring for my test environment.  Please let me know how it's recommended to configure the shaping using my setup.  I have a ALIX3 with LAN, WAN, and WIFI.  I have a 6mb/768Kb DSL.  Right now I have the WIFI disabled as I was warned that shaping doesn't work with 3 interfaces.  Right now (with 1.2 RELEASE)  I have a nice shaping configuration for my LAN & WAN.  Basically VOIP is put on highest priority.  I have also put all HTTP/HTTPS traffic into another queue and made it low priority. Here is my config (attached):

P.S.  I want to bridge my WIFI with my LAN.

Thank You!

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: djamp42 on August 14, 2008, 10:49:00 am
I think I can throw some money into this if..

Traffic Shaper works with MultiWAN

And

Captive Portal works with MultiWAN

Also

I need to be able to load share across uneven links, (Cable modem, and a T1 for example).

Also fail over of traffic should one link go down be automatic.

Let me know if this is possible and I'll see what i can offer.

Adam
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: heiko on August 14, 2008, 12:19:10 pm
I hope, Ermal will released a new build, if 1.21 is out and stable.... :)
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: JustinHoMi on August 14, 2008, 08:30:57 pm

What kind of donation would be big enough to make this public and part of the RELEASE?  Basically, very very very stable.  I might be able find some contributors.


I would like to hear an answer to this question too.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: far182 on August 15, 2008, 12:20:32 am
Well I guess my paypal account (verified one) lost my credit card I had in there.  So it's waiting until my eCheck clears on the 18th for the $100.  Bottom line is that the $100 is on it's way.  For now, I added my credit card back in (into paypal) and just donated another $25 via PayPal.  It says it's been sent.

Thanks again for the fantastic work!  I look forward to access to the updated image.  I get a new PFSense ALIX box tomorrow and would love to be able to load it up with the new stuff.

Thank You
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: far182 on August 20, 2008, 06:59:06 pm
Hi Ermal.

Anychance I can get the new shaper tonight?  That would be great!

Thank You
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: djmizt on August 20, 2008, 08:49:14 pm
Ermal

can you post the current build date  ..im running on build date Mar 18 21:13:51 UTC 2008

I know this is way behind but this is what i got from your old pm for the link

can you pm me the new link ..non of my shaping is working and I dont want to fudge it too much because its a production box ..i have a test box now that i can load any new builds ..thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on August 25, 2008, 04:46:08 pm
I was on vacation and will update you all soon.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: kapara on August 27, 2008, 02:53:43 am
Contributed $50.  I have no real need for it but would like to play with the functionality.  Thanks for the effort.  It looks like this feature has really helped many people here.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on August 27, 2008, 08:35:49 am
Thank you for the support it really helps go on :).
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: far182 on August 27, 2008, 08:55:19 am
Hi Ermal.

Anychance I can get the link to the shaper?  Thanks!

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: kapara on September 01, 2008, 12:23:36 am
Hi Ermal,

I sent the money via Paypal to paypal@chrisbuechler.com.  $50 for pfSense and $50 for you for the shaper.  I got a receipt from Paypal but no acknoweldgement that funds were received by someone from pfSense.  What is the next step to get the shaper?

Thanks,

Mark
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: kapara on September 22, 2008, 11:03:34 pm
Hi ermal,

Have not heard anything about getting the shaper.....Am I missing something?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ccfiel on October 05, 2008, 07:41:26 pm


Hello Ermal,

   
     
       Good day, Just want to know when will be your traffic shaper be available in 1.2.1?


Regards,

Chris Ian
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on October 06, 2008, 11:54:36 am
Well i have synched the code just need to make a build of it.
I still think that waiting after 1.2.1 is released would be better but i will see what i can do before that.

@Kapara,

i have sent you a pm not sure you ever got it?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: kapara on October 17, 2008, 12:47:36 am
@ermal

Never got the PM.  :(
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: k3rmit on December 02, 2008, 05:28:04 am
Ciao everybody,

i'm here just to say that finally i had a chance to play with Ermal's baby and after a lot of tuning it is working perfectly (as of now :) in my production network.

The wizard does a lot, but here are the encountered difficulties:

1. the queues created will have a corresponding floating rule to match them: problem is that if you have an already configured firewall with normal rules (per interface) that match the wizard created floating rules, the normal will win making the floating useless, thus the shaping. To make the shaping work, you'll have to modify each and every normal rule you have to follow the desired queue.
2. if you have a redundant configuration, pay a LOT of attention on your CARP and pfsync bandwidth shaping, or you'll end up with sync issues and routing troubles (=angry users)
3. the queues created by the wizard had to be tuned because they were creating a LOT of dropped packages. This is because i have a 250 PCs network and the default qlimit is too little for the amount of requests. Also the percentages (funny sometimes) of bandwidth allocated had to be tuned.

I also had some woes with the queues management GUI, but in the end i'm very happy to see that the shaper is working fine.

So, here are a some hints for newcomers:

1. follow this forum thread and read carefully Ermal's instructions
2. RTF(unny)M on HSFC, ALTQ and pf if you want to have an idea on what's happening and fix it in case
3. a dump of the filter reloading is created everytime at /tmp/rules.debug: have a look at it in case
4. interface rules comes first, so don't feel lost if packets are not queued in your nice little floating rules
5. watch carefully the network traffic in the first days, and tune the filter with the help of pftop and tcpdump (both from ssh console)
6. stress test it or you'll end up with angry users and/or clients :-)

Thanks to Ermal who made this possible.

Cheers,


Albe
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 02, 2008, 03:29:33 pm
Hello, I have gone over this thread quickly and would like to know more about the shaper itself.. I'll explain my needs first

I have been using pfsense for a while but the results are not what I expect .. yet

I manage two buildings, student housing, which means alot of p2p and well the service suffers alot from it, it's been very difficult to keep people happy for a few years now, either we restrict too much or we get bad performance.

Here's the setup:

building one, 250 users, 10mbit fiber over ethernet connection, pfsense gateway/server/router , no other shaping than pfsense
building two, 170 users, 10mbit fiber over ethernet connection, windows server gateway/router + linux server, quota per month/throttling down system (over 10gb users are put in a queue for the remainder of the month)

building one has actually better performance (ironically) than building two, because building two has a bunch of computer tech students that do more damage than the fashion design majority in building one.

I need something to manage bandwidth, in both buildings, we can't upgrade to better service it's expensive enough already. I have tried to make something myself under freebsd with dummynet last year but I lack the experience and mostly the time, network and computer stuff is like 5% of my job.

If this project (and please be honest about it) can really help my situation I would be willing to contribute 500$ per building ( I would introduce the system in building one first)

I am looking at traffic of roughly 1TB/week from these 10mbit links
There is no voip, no captive portal, no domain accounts, just plug and play free internet sharing from the wall in each room. Each time we restrict ports etc it complains, and let's face it p2p apps use ANY port. Sometimes when there is too much traffic some users can't even have internet at all and complain. If I can't find a solution with software like this I'm going to have to buy hardware for it, which means even more money with unknown results.

We want to allow fast reliable access to Web, email, IM and that's about it. The rest they can have, but I wish it would be so slow they would not care using it

So let me know if you think it would work

Thanks in advance
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on December 02, 2008, 04:29:41 pm
Can you try a snapshot of 2.0 and use the limiter?
Actually it is dummynet just used with pf.
You might want just a simple layer of dummynet, 2 limiters(pipe) or queues(childs) in dummynet with appropriate src/dst mask which will share the bandiwdth according to online users and you can use ALTQ to prioritize types of traffic like HTTP ACKs better than normal HTTP traffic etc....

We are getting there on protocols shaping(l7 detection) but not finished.

If it is satisfies you in 2.0 i can merge it back on the 1.2.1 build, based on your contribution, i will make available after the 1.2.1 release of pfSense.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 02, 2008, 05:34:21 pm
I did not notice it was possible to download a 2.0. I will try to install it, since its not a full release I must first check to see if the network is functional with it for a little while, I really can't afford alot of downtime. I will take a look at it and if it seems to help then I can contribute to get help configuring it properly since I'm not that much of an expert

But just to be sure, you are confident the type of network I have can be handled by this? If so this piece of software is worth alot of money to us and will be rewarded accordingly.. I mean they sell machines that do this for like 3k. This is sort of ip-based traffic shaping right?

I'll post back after I upgrade to 2.0 snapshot

thank you for your reply so quickly

Marc
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 02, 2008, 05:47:17 pm
Sorry, my first post might have seemed out of context, I now read the entire thread, realized it spanned over a year and understood that you are pretty much done with this and it's included in pfsense2. however, pfsense2 is described as not recommended, I really REALLY want to try it but my 250 users might not like it if it fails, is it stable enough? or am i gonna have to go over there at 2 am next sunday because it crashes?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on December 03, 2008, 12:45:51 am
If you want to use it just for shaping and basic firewalling it should be safe to try.

Can you post your requirments so i can give you a suggestion on how-to?
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 03, 2008, 10:02:04 am
Like I said in my first post, it is a very simple network. I am not good with diagrams but I will try my best


Internet          ---> Fiber-to-Ethernet Box ----> pfsense server --------> multiple unmanaged 10/100 switches -----> 250 end users
Point-to-point             10mbit/10mbit                P4 computer                     some with gigabit uplinks                       wireless APs will most         
Fixed Ip                                                         eth0 wan                       most of the network is wired                    likely be added next
to Telco                                                        eth1 lan                          (80%) for 10mbit, rest is 5e                    summer

About the server:

Right now it is doing everything

DHCP, DNS, NAT, Firewall, Traffic Shaper
Should these functions be divided in two computers to have the stable release sharing the internet, and another one shaping the traffic so that there is added redundancy or it is sufficient?

Server is 10.0.10.1 subnet is 10.0.10.xxx to 10.0.11.254

Objective is to offer fast reliable service for basic internet features for students : web, mail, IM, games, web phones/cams. and restrict p2p and other traffic that is clogging the network to a crawl

Recently the wiring was redone, so each floor (1 to 5) has a feeder coming from the first switch to its switch room, then two additionnal switches are connected to each other per floor.

I'm trying to include as much information but I think thats pretty much it

On a side note, the last pfsense I installed was from the "live cd" release. I noticed the 2.0 snapshots only say "alpha alpha". Is the install procedure still similar? Just to know what to expect.

Thank you in advance. Again if this is successful I'd be more than willing to pay you for your trouble and research if you supply me with a "custom" build and some support for setting it up (which is pretty much what you are doing now)

Thank you so much for everything so far!! I feel, and hope this might be the solution of many of my troubles of the past few months

Marc
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 04, 2008, 12:14:22 am
Tomorrow morning I will go and install 2.0 over there

if you can post a few tips about the installation and configuration of the new features

i.e "limiter", and "http ack queue"

thanks ermal
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 04, 2008, 03:07:35 pm
i installed 2.0 snapshot today, seems to be working well. However I would like help to configure the shaper and limiter for my needs if you dont mind

thanks in advance
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: sporkme on December 06, 2008, 12:37:00 pm
Howdy,

It's been some time since I've played with pfsense, but right now I've got a hard drive with the "click of death" so I have to reinstall.  For now, I'm trying 1.2.1-RC2, but since I'm now somewhere with a 30/5 and a 6.0/768 connection, I'd really like to try the new filter.  I have not received any updates from Ermal regarding new builds for quite some time.  Is there anything new forthcoming?  Would a basic config from 1.2.1-RC2 work with the older snapshot?

Thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on December 07, 2008, 08:06:41 am
@sporkme
it is coming as i always said after 1.2.1 is released.

@matermblay
Run a traffic shaper wizard with pfSense for your needs that will take care of the prioritizing of ACK and protocols.
You may look at the rules generated to see if it actually what you expected.
For the limiter you need to decide if you want to divide equally the traffic to each user or youwant to assign more weight to http traffic and than less weight to other traffic.
Give me more details about what policy you need and i will recommend what changes you need to do to filter rules generated by the wizard to integrate the limiter in there.

As i said per protocol shaping/filtering is coming real soon but you can start with this one.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 07, 2008, 11:00:50 am
@ermal

thank you for your reply, I ran the shaping wizard but it stopped all traffic, then I saw another post that said it was looking at the "queue status" page that did this, so i will try running it again without looking at the queues monday, which wizard do you suggest i run based on my setup?

also in previous posts you told me i could increase http performance by making a http ack queue, could you teach me how please?

As for the limiter i tried setting the pipes but it did not do anything i must be doing it wrong. I would like to prioritize http but if it doesnt work i will split bandwidth to everyone equally.. something alongthe lines of 800kbitdownload/400kbit upload for all

thank you for your help
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on December 08, 2008, 08:06:46 am
The ACK queue is created by the wizard and you can take a look at the rules generated the use that queue.
It will become clear when you see it configured.

For the limiter yes you created it but you have to apply it in the rules on the 'In/Out' section.
Depending on the needs.
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: matremblay on December 08, 2008, 11:20:45 am
sorry i dont know if i am stupid or something but i really dont get the limiter. where is this in/out section?

I added the queues, checked the "enable" box, saved, and clicked apply settings
nothing, i can still download at 1000KB

Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: ermal on December 08, 2008, 02:43:35 pm
In the rules! Firewall->Rules
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: kapara on December 10, 2008, 12:58:58 am
@ermal

Never got the PM about the traffic shaper to try out.   ???

Thanks
Title: Re: Traffic shaper changes [90% completed, please send money to complete bounty]
Post by: cmb on January 25, 2009, 02:31:29 pm
This bounty is completed, for support, head to the 2.0 board.