firewall: add experimental inline shaper support to filter rules

Started by dMopp, January 24, 2025, 11:09:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 24, 2025, 11:09:19 PM
First: Thank you ! Finally this helps a LOT :)

But i have a question: Is there a (official) way to tackle Bufferbloat AND using Shaping together? I would like to Prio my IPTV but without loosing the pimped bufferbloat  :|
January 25, 2025, 12:12:07 AM #1
There is an official documentation for Bufferbloat mitigation via FQ_C

https://docs.opnsense.org/manual/how-tos/shaper_bufferbloat.html

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 25, 2025, 12:16:31 AM #2 Last Edit: January 25, 2025, 12:18:06 AM by Seimus
The feature that you are pointing to is this one

Basically it should enable to put  a queue or pipe directly into a specific rules created under Firewall > Rules instead of Shaper > Rules

This gives the benefit that basicaly you can do Rules + Shaper within one entry and don't need specific rule-sets in the Shaper section. However you still need to configure the Pipe and Queues in the Shaper section.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 26, 2025, 04:50:10 PM #3
You don't get me right.

I have Bufferfloat queues / pipes already in place. But I wanna use Bandwith priorisation based on source / target / protocol (whatever) in place, too. So my IPTV is working WHILE steam is downloading big blobs. (Weight 1 as default and weight 20 or so for iptv) the traffic matching will be done by the new firewall feature
January 26, 2025, 07:25:39 PM #4
Quote from: dMopp on January 26, 2025, 04:50:10 PMBut I wanna use Bandwith priorisation based on source / target / protocol (whatever) in place, too. So my IPTV is working WHILE steam is downloading big blobs.
You should not need this -- FQ_codel should automatically handle this (i.e., prioritising bursty IPTV and putting steam in the background).
January 26, 2025, 11:25:44 PM #5
Does not work :/ IPTV is multicast here btw
January 27, 2025, 09:53:06 AM #6
What scheduler are you using?
How did you configure your shaper?

If its FQ_C, than weights dont play any role. Weights are used for WFQ, but WFQ is not handling bufferbloat.
FQ_C does not any BW prioritization.
The new FW feature, will not either do any BW prioritization, for this you need and actual scheduler capable of it. The new feature only allows you as mentioned to load the Queue/Pipe in the FW > Rule and usage of Aliases.

FQ_C as its in his name Flow Queue or Fair Queue, does an equal balancing of the BW across hosts within the same Pipe. But it can only do it if you have it properly configured + you need to shape everything. Cause what is not in the Queue/Pipe will not be served by shaper and will go bonkers.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 29, 2025, 06:44:40 PM #7
I followed the docs and yes, bufferbloat is (and was the whole time) fine. But still there is the open question, if I can COMBINE codel with WFQ? Sounds like not, but if I could, I would use the new feature to sort packets into the right pipe/queue
January 29, 2025, 07:20:51 PM #8
You actually can use WFQ and Codel, because Codel is a Queue management algorithm and WFQ is a Scheduler

Have a look at this topic, there was a user that had similar questions. I advice to read the whole topic tho.

https://forum.opnsense.org/index.php?topic=43856.msg218845#msg218845
https://forum.opnsense.org/index.php?topic=43856.msg218869#msg218869

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 30, 2025, 07:44:22 AM #9
Thanks, I know that thread but what I don't understand is, how the config actually looks like in his case. If iam guessing right:
WFQ Pipe and Codel Queues ?
January 30, 2025, 10:54:10 AM #10
Yes exactly as I posted in there step by step.

Regards,
S.

Quote from: Seimus on November 08, 2024, 04:01:52 PMIn Pipe you configure the scheduler, the Weights are configured in the Queues.

Do not enable Codel in the Pipe, cause the Codel in Pipe is only turned on for dynamic queues e.g if you dont use manually created Queues.

So do this:

Pipe:
- Configure BW
- Scheduler WFQ
- Everything else blank

Queues:
- Create Queues how many you need per a specific service
- Set proper Weights, the higher the weight the more BW chunk the classified traffic will get. Image Weight as a ratio of the total BW configured in a Pipe
- Create separate DL and UP Queues
- Enable Codel on the Queues

Rules:
- Create Queues how many you need per a specific Queue to classify the packets into that specific Queue
- Create separate DL and UP Rules to classify the packet to the specific Queues


Go thru > https://docs.opnsense.org/manual/how-tos/shaper_prioritize_using_queues.html

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions