Netgate SG-1000 microFirewall

Author Topic: playing with fq_codel in 2.4  (Read 14475 times)

0 Members and 1 Guest are viewing this topic.

Offline w0w

  • Sr. Member
  • ****
  • Posts: 540
  • Karma: +31/-6
  • kernel panic attack
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #120 on: October 03, 2017, 10:28:32 pm »

Would love to try this patch out.  This will show fq_codel on the limiter info page?  Is there are kind soul who could explain how to implement this to the lay person?
You need "System patches" package.
Create new patch and apply it. See attachment.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14474
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #121 on: October 12, 2017, 11:30:14 am »
I got asked in a PM to post some screenshots of my settings.. Figured post it here as reference.

Just apply the in/out pipe to firewall rule on your interface.. So that these do not effect your intervlan traffic if you have any.  Put a rule above to allow access to your other vlans without the pipe's applied.

These settings changed my bufferbloat tests on dslreports to A..

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #122 on: October 12, 2017, 11:45:35 am »
Why a /32 IPv4 mask?

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14474
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #123 on: October 12, 2017, 12:28:51 pm »
Because that is what comes up in the gui when  this is the rules.limiter

[2.4.0-RELEASE][root@pfsense.local.lan]/root: cat /tmp/rules.limiter

pipe 1 config  bw 85Mb
queue 1 config pipe 1 mask dst-ip6 /128 dst-ip 0xffffffff
 

pipe 2 config  bw 11Mb
queue 2 config pipe 2 mask src-ip6 /128 src-ip 0xffffffff

Is something wrong there?  It was working great!!!
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #124 on: October 12, 2017, 01:39:22 pm »
Haha, I don't know to be honest. I had mine set the same way until I noticed that, then set it to /24 to match my network (I'm IPv4 only). I haven't been on that network in awhile now but I don't remember noticing a difference. My config is otherwise pretty much the same as yours.

Maybe someone can chime in on whether that setting matters or not and exactly what it is doing?

I know that in some parts of traffic shaping GUI there are options presented that don't apply to all types of shaping.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14474
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #125 on: October 12, 2017, 01:50:20 pm »
The person that asked for the screenshot says its working great for him as well..

I just am not knowledgeable enough when it comes to shaping and limiters to know one way or the other either. I understand the basic principles is about all.  I just took the settings as given and applied them to my bandwidth at the time and yeah it drastically reduced the bufferbloat test without noticing any serious hit to the top end numbers on speedtest or during normal use.

But to be honest I had not really noticed any issues before that ;)  Other than the test showing me my bufferbloat was bad..

Looking forward to when I can apply it to my new 500/50 line when get new pfsense hardware.  I can tell you for sure that on the usg that currently stuck with that when you turn on their smart queues my download is limited to 80ish down vs the 530 I see on speedtest currently.  Seems to handle the upload ok but the download gets shit on..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #126 on: October 12, 2017, 02:21:42 pm »
Yikes, that's pretty limited!

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14474
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #127 on: October 13, 2017, 05:21:52 am »
Which is why its not on ;)  When you turn on their queues you loose the hardware offload it seems.. So yeah speed takes a hit ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #128 on: October 13, 2017, 07:36:59 am »
And that is why I am thankful for pfSense!

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14474
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #129 on: October 13, 2017, 07:55:07 am »
Oh believe me I will be back to pfsense as soon as get new hardware that can handle the speed.. The usg was a temp solution that was cheap enough to sneak through the budget committee (wife).. its was only a 100$ ;)

It can handle the speed in hardware offload.. But its feature set is so lacking.. Still running my pfsense vm for dhcp and dns since those features on usg need a huge amount of work to be viable in anything other than the most basic of home user networks.. And really just forget about ipv6 and or openvpn without manipulate of json files and having to reload them any time you reprovision the usg from the controller.. And the firewall rules are just nuts to setup on it as well..  I counting the days til I have pfsense back that is for sure ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline sideout

  • Full Member
  • ***
  • Posts: 229
  • Karma: +73/-0
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #130 on: October 15, 2017, 06:15:07 pm »
I ran this on my router at my LAN party and it worked out great.   184 people with a 300mbit modem and 2 100mbit modems , made 2 download shapers and 1 upload shaper.

i made the system patches as well so it would apply after updates.

Offline gsmornot

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #131 on: October 16, 2017, 03:59:38 pm »
I should skip this since I don't know what I'm doing but still really curious to make it work. I have gigabit service and get D's and F's on buffer bloat.

I'm sure its in the post and I have indeed read though but still don't understand. What are the steps to enable this? I have 2.4 installed.

Looks like install patches package, run patch posted on page 8 which I was going to do until it said I could not remove this so I thought I better study a bit before I keep going. If you have the energy, please tell me what are the steps and I will follow them. Thanks.

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #132 on: October 16, 2017, 04:27:42 pm »
You don't have to install the patch.

Just set up limiters (look at Johns screenshots a few pages above this) then run the ipfw commands for fq_codel and add them to shellcmd.

Run a speed test and set your limiters to 95% of the speeds you get.

Now go to your firewall rules to pass traffic and in the advanced section just select the queues you just made.

That's it.

Offline w0w

  • Sr. Member
  • ****
  • Posts: 540
  • Karma: +31/-6
  • kernel panic attack
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #133 on: October 16, 2017, 10:36:16 pm »
You don't have to install the patch.

Just set up limiters (look at Johns screenshots a few pages above this) then run the ipfw commands for fq_codel and add them to shellcmd.

Run a speed test and set your limiters to 95% of the speeds you get.

Now go to your firewall rules to pass traffic and in the advanced section just select the queues you just made.

That's it.

I don't think it's that simple. If you don't override rules.limiter with own one like TS suggests by patching php code, then any firewall config or even WAN IP change that wants and would reload this file will destroy your manually configured fq_codel, until you manually run ipfw commands again or restart firewall to let shellcmd to do it. Am I wrong?
« Last Edit: October 16, 2017, 10:42:38 pm by w0w »

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14474
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #134 on: October 17, 2017, 04:58:57 am »
No sorry it is that simple.. You do not need to make any files changes at all..  Just create the limiters and then put in the commands via shellcmd to put them in every time you reboot, etc.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)