Limiter works but Scheduler does not match any traffic for CARP

[ruffy91]

I have the following configuration:
OPNSense A-----|
                        |-------DSL Router
OPNSense B-----|

The OPNSense have a VIP 10.99.224.10 and the DSL router has 10.99.224.1

I set up the following Shaper configuration:



When looking at the status I can see that the rules match no traffic to the Schedulers:

Code Select Expand

Limiters:
10000:  35.000 Mbit/s    0 ms burst 0
q75536  50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
sched 75536 type FIFO flags 0x0 0 buckets 1 active
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 ip           0.0.0.0/0             0.0.0.0/0     12498 18565328 32 46555 274
10001:   9.000 Mbit/s    0 ms burst 0
q75537  50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
sched 75537 type FIFO flags 0x0 0 buckets 1 active
  0 ip           0.0.0.0/0             0.0.0.0/0       68     2871  0    0   0


Schedulers:
10000:  35.000 Mbit/s    0 ms burst 0
q75536  50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
sched 10000 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 1000 flows 1024 ECN
10001:   9.000 Mbit/s    0 ms burst 0
q75537  50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
sched 10001 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 600 flows 1024 NoECN

The rules are set like this (direction in respectively for down):


As I am doing NAT masquerading to 10.99.224.10 for everything I treid setting the rules to match both direction and instead set source (respectively destination for the other direction) to the VIP 10.99.224.10 but then neither Limiter nor Scheduler showed any traffic, which I understand as that my rules are correct but they are not matching correctly for Schedulers.

[mimugmail]

The status mostly only shows 0.0.0.0/0 esp. for outbound it sometimes shows nothing, but it works in general.
Have you verified with a speedtest if your setup works for you?

[ruffy91]

Yes, the limiter works but I still get  lot of bufferbloat.
I sometime even have timeouts pinging 8.8.8.8 while doing the speedtest and the ping rises > 100ms over idle.

I have the same settings at home with a single OPNsense and a cable modem where I manage to have the ping max. 10ms over idle for the speedtest.

I use the dslreports test with bufferbloat measurements.
At home with cable fq_codel improved bufferbloat from F rating to A, with the CARP OPNsense and DSL it just stays on C, no matter if I use fq_codel or not.

Edit: OK, without CARP and with cable the Svhedulers stay empty too. But there I can see a significant improvement on ping while using the available bandwidth.

Are there any additional tests I can do to check if fq_codel is doing it's thing?

[mimugmail]

You can change interface from WAN to LAN and flip the direction for testing.