Netgate SG-1000 microFirewall

Author Topic: playing with fq_codel in 2.4  (Read 21289 times)

0 Members and 2 Guests are viewing this topic.

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #240 on: February 17, 2018, 04:33:25 am »
I am getting ready to make the plunge on 2.4.2_p1. I am been using the wizard with Multiple LAN/WAN (I currently have 10 VLANs, 1 WAN and three VPN_WAN connections. I do so enjoy and envy those people that have 100/50 and 50/25 connections, but I have been curse with using AT&T and my DSL is 18/2, so I need to squeeze to most optimal setup.

I have been reading, but was wondering if some has possibly started a new thread so that I can be up to date on all the tricks to make this work smoothly?

Offline gsmornot

  • Jr. Member
  • **
  • Posts: 44
  • Karma: +1/-0
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #241 on: March 02, 2018, 03:32:44 pm »
Quick question. If I run the command ipfw sched show I see fq_codel. If I look in the gui at diagnostics limiter, I see fifo. Is that what I should see? The limiters are working fine but I wonder if fq_codel is really applied to the stream or is what I see just the result of setting limiters.

Edit: Just to see what happens, I left everything in place but removed the entry from shellcmd and restarted. This restored the system settings related to limiters. The result on DSLReports is A+ across the board. Limiter info in the GUI populates info now about the limiters. Maybe I missed something in this process but this is much better for me. I notice as shown in the screen shots and as mentioned here in other places that I use schedules 1 and 2 in my script but the system limiters do not. My DSLReports ratings prior to this change were D and F. I have a feeling its something I'm missing but for the moment I am getting the result I was after.

One caveat about this current config. I have gig symmetrical that will do 920 each way without limiters. With my current config it tests at @750 which is fine.
« Last Edit: March 06, 2018, 10:21:20 am by gsmornot »

Offline whitewidow

  • Newbie
  • *
  • Posts: 23
  • Karma: +1/-0
    • View Profile
Re: playing with fq_codel in 2.4
« Reply #242 on: March 07, 2018, 10:16:21 pm »
I figured I'd share my config as I spent some time today with little to do at work on converting over to fq_codel setup for my pfSense setup. I have a 1Gig Verizon FIOS line coming in which is rated at 940 down and 880 up. I have a pretty straight forward setup going as I only split up into 3 queues and basically high prioritize my games and VOIP to high and lower all my p2p / plex download traffic to everything else.

I have the Shell Command to create the proper queue setup:

I have an upload and download limiters with 3 buckets at 880Mb/s and 940Mb/s respectively. In those queues, I have a high, default and low at a 75, 25, 5 weight.

Source and Destination in the config gets a little squirrelly for me as I want to make sure I have a clear break in my upload and download traffic so I didn't select either there as I handle that in the rules config.

I have a series of match floating rules with logging setup so I can validate. All shaping is selected on my WAN interface:

My rules examples are a bit big so I linked them a little different:

Default queue

Low priority rule

For floating rules and pipes, the in and out are switched as noted in the help text. I did check that in my speed test as I can see the speeds are exactly what I expected. I noticed much better performance when compared with the other schedules stock in pfSense.

My speedtest results made me happy:

Edit 1: I seem to have a slight problem with matching my internal (Private) IPs properly. I've gotta do a little more testing to figure out why they aren't matching. My WAN rules work perfect though so it's a start. I just want to make sure I can get internal stuff matched as well.

From what I remember about limiters I thought that the Mask need to be set depending if the traffic is in bound or outbound.

I have my Upload mask set to "source address" and download to "destination address" for the limiter and each queue nested under.

Is this correct? Seems it works and I see traffic passing. I didn't with it set to "none"