Netgate SG-1000 microFirewall

Author Topic: Shaping / Limiting Advice Needed  (Read 268 times)

0 Members and 1 Guest are viewing this topic.

Offline mloiterman

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +2/-0
    • View Profile
Shaping / Limiting Advice Needed
« on: December 28, 2017, 10:08:06 am »
Background
Multi-WAN and Multi-LAN

  • WAN1 - Comcast: 1,000 Mbs download x 40 Mbs upload
  • WAN2 - Uverse: 25 Mbs download x 2 Mbs upload
  • LAN1 - Primary LAN
  • LAN2 - VOIP LAN

I primarily use the WAN1 connection and have designated WAN2 as a dedicated VoIP link and as a failover for WAN1.

Issue:
Although it's pretty rare, when my WAN1 connection goes down, I'm forced to use the WAN2 connection as my primary. 

In general, that works as it should in terms of the failover working and routing correctly.  But, because the WAN2 upload is so limited, a lot of latency is introduced.  I'm thinking this is because it can't keep up with all of the ACKs.  This makes the connection almost unusable.

Objective
  • Reduce latency on WAN2 during heavy use.

Questions
  • Should I use a limiter or a shaper to address this issue?
  • If I should use a shaper, which one?
  • If I should use a shaper, I think I would need to shape the WAN2 and LAN1 and LAN2, right?  How should I configure this?  Should I use a dedicated link or the Multi-Wan?  I really don't want to shape WAN1.

Eager to hear everyone's thoughts.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2273
  • Karma: +208/-12
    • View Profile
Re: Shaping / Limiting Advice Needed
« Reply #1 on: December 28, 2017, 11:06:01 am »
I would recommend using fq_Codel limiter per WAN interface. Other than the lack of UI to setup, it's very simple to use. Mostly just set your bandwidth.

This long lived post should have all the info you need. https://forum.pfsense.org/index.php?topic=126637.0

Offline mloiterman

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +2/-0
    • View Profile
Re: Shaping / Limiting Advice Needed
« Reply #2 on: December 28, 2017, 12:07:12 pm »
Quote
This long lived post should have all the info you need. https://forum.pfsense.org/index.php?topic=126637.0

I saw that, and while I'm extremely comfortable on the command line, I'm reluctant to introduce those kinds of "non-standard" modifications on what I consider to be a production machine.  For now, I'd like to stick to the official tools provided by the GUI...even if they're not as good as fq_Codel.

Offline tman222

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +10/-0
    • View Profile
Re: Shaping / Limiting Advice Needed
« Reply #3 on: December 29, 2017, 10:11:51 am »
Quote
This long lived post should have all the info you need. https://forum.pfsense.org/index.php?topic=126637.0

I saw that, and while I'm extremely comfortable on the command line, I'm reluctant to introduce those kinds of "non-standard" modifications on what I consider to be a production machine.  For now, I'd like to stick to the official tools provided by the GUI...even if they're not as good as fq_Codel.

The changes are actually pretty straightforward -  all you would have to do is configure Limiters and queues in the GUI and then issue one command from the command line to to apply fq_codel.  To make it persistent between reboots the Shellcmd package can be used. 

As an alternative to fq_codel you can try using the FAIRQ scheduler together with Codel applied to the queues instead.  All that can be configured in the GUI.  This should yield pretty similar performance to fq_codel.

Hope this helps.

Offline mloiterman

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +2/-0
    • View Profile
Re: Shaping / Limiting Advice Needed
« Reply #4 on: December 30, 2017, 01:35:58 pm »
Quote
This long lived post should have all the info you need. https://forum.pfsense.org/index.php?topic=126637.0

I saw that, and while I'm extremely comfortable on the command line, I'm reluctant to introduce those kinds of "non-standard" modifications on what I consider to be a production machine.  For now, I'd like to stick to the official tools provided by the GUI...even if they're not as good as fq_Codel.

The changes are actually pretty straightforward -  all you would have to do is configure Limiters and queues in the GUI and then issue one command from the command line to to apply fq_codel.  To make it persistent between reboots the Shellcmd package can be used. 

As an alternative to fq_codel you can try using the FAIRQ scheduler together with Codel applied to the queues instead.  All that can be configured in the GUI.  This should yield pretty similar performance to fq_codel.

Hope this helps.

Is there a FAQ or some additional details on how to set up what you're describing?  I'm not very proficient with traffic shaping and when I tried to setup what you described, essentially nothing was added.  Nothing shows when I do, for example:

Code: [Select]
ipfw sched show
« Last Edit: January 05, 2018, 09:28:18 am by mloiterman »

Offline mloiterman

  • Jr. Member
  • **
  • Posts: 73
  • Karma: +2/-0
    • View Profile
Re: Shaping / Limiting Advice Needed
« Reply #5 on: January 05, 2018, 09:29:35 am »
Just giving this a bump, as I would like to deal with the latency resulting from lack of upload bandwidth on my very assymetric Uverse connection.

Offline tman222

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +10/-0
    • View Profile
Re: Shaping / Limiting Advice Needed
« Reply #6 on: January 06, 2018, 11:44:53 am »
Just giving this a bump, as I would like to deal with the latency resulting from lack of upload bandwidth on my very assymetric Uverse connection.

I added some instructions how to setup fq_codel in a few steps in this thread:

https://forum.pfsense.org/index.php?topic=142321.msg776278#msg776278

Hope this helps, but please let us know if you have any additional questions.