New Traffic Shaper

[keropiko]

Hello all.

First of all thank you to the opnsense team for the great work and the fluent update to 25.1 with no problems.

I would like to ask something related to traffic shaping.
I have noticed in the firewall rules, a new "experimental" section for traffic shaping (choosing direction and shaper in the rule) that reminded me of the long,long past using shaping in pfsense.

Is the Firewall/Shaper section going to change towards this approach in the future or will both co-exist in opnsense?
Are there any advantages/disadvantages?

Should we prefer the classic shaper of opnsense, start migrating to the new way for traffic shaping or use it only for limiters?

Sorry for the many questions and thank you in advance for any reply.

[abulafia]

I understand the new "experimental" section in the firewall rules can replace the "rules" in the shaper setting, nothing more.

[Seimus]

I think you misunderstand this.

There is no new Traffic Shaper. Its still the same, difference is that the new feature allows you to use FW rules(pf) for the Pipe/Queue instead of using the Rules in Shaper section (ipfw). This gives the possibility to use Rules that are based on aliases, nested aliases, groups, nested groups etc.

Currently this feature is experimental meaning it may or may not work/behave as expected.

The feature that you are pointing to is this one

Basically it should enable to put  a queue or pipe directly into a specific rules created under Firewall > Rules instead of Shaper > Rules

This gives the benefit that basicaly you can do Rules + Shaper within one entry and don't need specific rule-sets in the Shaper section. However you still need to configure the Pipe and Queues in the Shaper section.

Regards,
S.

Regards,
S.

[keropiko]

Hi and thank you for the replies.

In base of priority? Let's say i have generic traffic shaping rules for a subnet in the firewall/shaper section, if i add a specific firewall rule with the experimental new feature for a client in the same subnet, which shaper will be used first?

[abulafia]

Does anyone have insights into whether this new (beta) feature is working?

I am looking to use firewall rules to move my DHCPv6 traffic to a WFQ pipe and all my other IPv6 UDP traffic to a FQ_Codel pipe (which would otherwise eat the DHCPv6 traffic for some unknown reason).

[Seimus]

Hi and thank you for the replies.

In base of priority? Let's say i have generic traffic shaping rules for a subnet in the firewall/shaper section, if i add a specific firewall rule with the experimental new feature for a client in the same subnet, which shaper will be used first?

https://forum.opnsense.org/index.php?topic=36326.msg177133#msg177133

check this

Regards,
S.

[Seimus]

Does anyone have insights into whether this new (beta) feature is working?

I am looking to use firewall rules to move my DHCPv6 traffic to a WFQ pipe and all my other IPv6 UDP traffic to a FQ_Codel pipe (which would otherwise eat the DHCPv6 traffic for some unknown reason).

Yes its working. But keep in mind the Shaper section in Firewall rules is not a magic fix, its just another stage where you can configure ~ input shaper into the Pipe/Queue, e.g. Using pf FW rules instead ipfw rules in the shaper section.

The issues you describe is expected if you have just one Queue and one Pipe for everything. You need to split planes for the types of traffic to a separate class Pipe + Queue using WFQ or QFQ and give it a dedicated BW.

There is a topic for this opened, and actually a DOC as well was written and PR merged it should be soon visible in the official documentation. For now its in official docs git repo.

https://github.com/opnsense/docs/blob/master/source/manual/how-tos/shaper_control_plane.rst

Regards,
S.