Hi everyone,
I'm summarizing the findings from my German forum thread (Topic 49664) as the issue remains unsolved, and I'm hoping for new insights.
The Hardware & Goal:
System: Aoostar N1 Pro (Intel N150, 12GB RAM, igc 2.5G ports).
Connection: 5G Router (Bridge Mode, IPv4 only), providing 600/60 Mbps.
Goal: Use Shaper (FlowQueue-CoDel) to achieve Grade A(+) bufferbloat.
The Problem: When I disable the shaper, I get full speed (585/62) but Grade C/D bufferbloat. When I enable the shaper (Pipes at 550/55, correct LAN-out/WAN-out rules, empty Queues tab), my speed collapses to 300/30 Mbps, but I achieve Grade A bufferbloat.
The CPU is NOT the bottleneck. Using top -P during the test shows the N150 CPU is bored (max 20-25% load on a single core).
Summary of Troubleshooting (What I Already Tried)
I have systematically ruled out all common configuration errors and tuning parameters:
Hardware Offloads (TSO/LRO):
I disabled TSO, LRO, and CRC in Interfaces > Settings.
I verified via SSH (ifconfig -v igc0/1) that TSO and LRO were successfully disabled in the driver's options=.
Result: No change. Still 300/30.
Kernel Timer (kern.hz):
With Offloads still disabled, I set kern.hz=1000 (and rebooted).
Result: No change. Still 300/30.
Setting kern.hz=2000 made the system unstable and bufferbloat worse (Grade B/C). This tunable was removed.
Power Management (ASPM/EEE):
Following advice (like in thread 42985), I set hw.pci.enable_aspm=0 and hw.igc.eee_setting=0 (and rebooted).
Result: Made the problem WORSE. Speed dropped further to ~200/25. These tunables were removed.
Scheduler Type (FIFO):
I tested using the FIFO scheduler (instead of CoDel) on the Upload pipe.
Result: No change. The upload remained stuck at 30 Mbps.
Community Feedback (The "Queues" Debate):
Forum member @meyergru (thx for your support!) pointed out that the official documentation uses both Pipes and Queues, and my rules should target the Queues.
I explained that I intentionally left the Queues tab empty based on advice that FlowQueue-CoDel (in the Pipe) manages itself, and that this setup (empty Queues) actually gave me a better Grade A result in earlier tests (before the 300/30 bug became the main problem).
Conclusion: This configuration difference does not seem to be the cause of the 300/30 limit.
The Final, Unsolved Question: Is 5G the Culprit?
After exhausting all software tuning (ipfw, drivers, kernel, offloads, power management), my last theory is this:
Is the volatile, "bursty" nature of a 5G connection fundamentally incompatible with the ipfw shaper? The shaper relies on a stable baseline, which 5G by nature cannot provide. The shaper's math might be collapsing due to the extreme, millisecond-level speed variations.
Does anyone have experience with shapers on 5G, or any other idea what I might have missed?
Quote from: FireStorm on November 09, 2025, 11:02:00 PMI explained that I intentionally left the Queues tab empty based on advice that FlowQueue-CoDel (in the Pipe) manages itself, and that this setup (empty Queues) actually gave me a better Grade A result in earlier tests (before the 300/30 bug became the main problem).
There always needs to be queue, when you left the queue option under Pipe empty it defaults to 1 per Pipe, so 1 for UP and 1 for DOWN. When you attach rules to Pipe, it automatically attaches them in the background to the Pipe dynamic queues which attach to scheduler. The reason this is not used in the docs is when creating manual Queues you have scalability and more granular control.
There always needs to be queue!Quote from: FireStorm on November 09, 2025, 11:02:00 PMIs the volatile, "bursty" nature of a 5G connection fundamentally incompatible with the ipfw shaper? The shaper relies on a stable baseline, which 5G by nature cannot provide. The shaper's math might be collapsing due to the extreme, millisecond-level speed variations.
Its not about the shaper, its about the algorithms. By default the desired state is to have a stable BW/Throughput, because the BW you set is fixed. Various schedulers behave differently when the BW is variable. For example using FQ_C with variable BW can yield still good latency results as its an AQM.
Anyway based on your description you are always capped at 300/30, which is odd. If you would have a variable BW between 300/30 and 600/60. You should see the Throughput hover between these limits and not be hard capped.
Can you configure the shaper as described in docs and test again?
Can you show your whole configuration of the shaper (pipe,queue,rules with advanced mode)?
As well via CLI run these commands and show the output.
ipfw pipe show
ipfw sched show
ipfw queue show
ipfw show
Regards,
S.
Which shaper is it exactly?
Quote from: Seimus on November 10, 2025, 10:30:47 PMCan you configure the shaper as described in docs and test again?
Can you show your whole configuration of the shaper (pipe,queue,rules with advanced mode)?
As well via CLI run these commands and show the output.
ipfw pipe show
ipfw sched show
ipfw queue show
ipfw show
Regards,
S.
hi, as requested (without adding queues):
root@OPNsense:~ # ipfw pipe show
10000: 550.000 Mbit/s 0 ms burst 0
q75536 50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
sched 75536 type FIFO flags 0x0 0 buckets 1 active
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 0.0.0.0/0 11 4857 0 0 0
10001: 55.000 Mbit/s 0 ms burst 0
q75537 50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
sched 75537 type FIFO flags 0x0 0 buckets 1 active
0 ip 0.0.0.0/0 0.0.0.0/0 4 406 0 0 0
root@OPNsense:~ # ipfw sched show
10000: 550.000 Mbit/s 0 ms burst 0
q75536 50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
sched 10000 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 NoECN
10001: 55.000 Mbit/s 0 ms burst 0
q75537 50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
sched 10001 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 NoECN
root@OPNsense:~ # ipfw queue show
root@OPNsense:~ # ipfw show
00100 0 0 allow pfsync from any to any
00110 0 0 allow carp from any to any
00120 0 0 allow layer2 mac-type 0x0806,0x8035
00130 0 0 allow layer2 mac-type 0x888e,0x88c7
00140 0 0 allow layer2 mac-type 0x8863,0x8864
00150 0 0 deny layer2 not mac-type 0x0800,0x86dd
00200 11616 2982200 skipto 60000 ip6 from ::1 to any
00201 4252 468624 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 0 0 skipto 60000 ip6 from any to ::1
00203 0 0 skipto 60000 ip4 from any to 127.0.0.0/8
60000 0 0 return proto ip
60001 53382272 67067358644 pipe 10000 ip from any to any out via igc1 // lan: DownloadPipe
60002 24291311 7102329318 pipe 10001 ip from any to any out via igc0 // wan: UploadPipe
65533 78607935 74368736814 allow ip from any to any
65534 0 0 deny ip from any to any
65535 0 0 allow ip from any to any
root@OPNsense:~ #
Quote from: FireStorm on November 11, 2025, 09:41:17 PMQuote from: BrandyWine on November 11, 2025, 03:44:23 AMWhich shaper is it exactly?
flowqueue-codel
Do you get the same odd results if you use the Zenarmor flow control plugin?
Never tried, but I am open to do so, any particular thing I need to take care?
Quote from: FireStorm on November 11, 2025, 09:52:29 PMQuote from: Seimus on November 10, 2025, 10:30:47 PMCan you configure the shaper as described in docs and test again?
Can you show your whole configuration of the shaper (pipe,queue,rules with advanced mode)?
As well via CLI run these commands and show the output.
ipfw pipe show
ipfw sched show
ipfw queue show
ipfw show
Regards,
S.
hi, as requested (without adding queues):
root@OPNsense:~ # ipfw pipe show
10000: 550.000 Mbit/s 0 ms burst 0
q75536 50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
sched 75536 type FIFO flags 0x0 0 buckets 1 active
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 0.0.0.0/0 11 4857 0 0 0
10001: 55.000 Mbit/s 0 ms burst 0
q75537 50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
sched 75537 type FIFO flags 0x0 0 buckets 1 active
0 ip 0.0.0.0/0 0.0.0.0/0 4 406 0 0 0
root@OPNsense:~ # ipfw sched show
10000: 550.000 Mbit/s 0 ms burst 0
q75536 50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
sched 10000 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 NoECN
10001: 55.000 Mbit/s 0 ms burst 0
q75537 50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
sched 10001 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 1514 limit 10240 flows 1024 NoECN
root@OPNsense:~ # ipfw queue show
root@OPNsense:~ # ipfw show
00100 0 0 allow pfsync from any to any
00110 0 0 allow carp from any to any
00120 0 0 allow layer2 mac-type 0x0806,0x8035
00130 0 0 allow layer2 mac-type 0x888e,0x88c7
00140 0 0 allow layer2 mac-type 0x8863,0x8864
00150 0 0 deny layer2 not mac-type 0x0800,0x86dd
00200 11616 2982200 skipto 60000 ip6 from ::1 to any
00201 4252 468624 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 0 0 skipto 60000 ip6 from any to ::1
00203 0 0 skipto 60000 ip4 from any to 127.0.0.0/8
60000 0 0 return proto ip
60001 53382272 67067358644 pipe 10000 ip from any to any out via igc1 // lan: DownloadPipe
60002 24291311 7102329318 pipe 10001 ip from any to any out via igc0 // wan: UploadPipe
65533 78607935 74368736814 allow ip from any to any
65534 0 0 deny ip from any to any
65535 0 0 allow ip from any to any
root@OPNsense:~ #
Looking at the config, there is a lot of misconfiguration compared to the official docs.
If we exclude the fact you didn't use manual queues, the another main misconfiguration are your rules.
60001 53382272 67067358644 pipe 10000 ip from any to any out via igc1 // lan: DownloadPipe
60002 24291311 7102329318 pipe 10001 ip from any to any out via igc0 // wan: UploadPipe
You don't use this shaper on the LAN. It needs to be configured on the WAN for both directions.
Please use the official docs adjust your config step by step to match the docs. Than retest and show the commands again once you have the correct configuration.
https://docs.opnsense.org/manual/how-tos/shaper_bufferbloat.html
Regards,
S.