No traffic shaping for input/download?

(Juan Carlos Fernandez) #1

NethServer Version: 7.5.1804 (final)
Module: FireQoS

I’m trying to understand how traffic shaping works, looking to:

  • /etc/firehol/fireqos.conf
  • /etc/squid/squid.conf

I found out that traffic shaping rules over web proxy (Squid) is done by marking packages for later processing by FireQoS class matching rules.

Acording to FireOS documentation matching rules can by checked by running:

// NS7 Input/Download
fireqos status red1-in

// NS7 Output/Upload
fireqos status red1-out

FireQoS traffic shaping is working for Upload

# fireqos status red1-out
FireQOS 3.1.5
(C) 2013-2014 Costa Tsaousis, GPL


red1-out: eth1 output => eth1, type: ethernet, overhead: 
Rate: 335Kbit/s, min: 12Kbit/s
Values in Kbit/s

 CLASS   high    low defaul 
CLASSI   1:11   1:12 1:8000 
COMMIT    167     33     12 
   MAX    301    301    335 

PRIORI      4      4      4 
 QDISC fq_cod fq_cod fq_cod 

 color code (packets):  backlog  |  dropped  |  delayed  |  requeued 
 Class Utilization on red1-out (eth1 output => eth1) - values in Kbit/s
 TOTAL   high    low defaul 
   255    177     76      1 
   208    130     76      2 
    99      3     95      2 
    77      -     77      - 
   161     48    108      4 
   142     29     96     16

However, same behavior is not seen for Download

# fireqos status red1-in
FireQOS 3.1.5
(C) 2013-2014 Costa Tsaousis, GPL


red1-in: eth1 input => eth1-ifb, type: ethernet, overhead: 
Rate: 1612Kbit/s, min: 16Kbit/s
Values in Kbit/s

 CLASS   high    low defaul 
CLASSI   1:11   1:12 1:8000 
COMMIT    806    161     16 
   MAX   1450    322   1612 

PRIORI      4      4      4 
 QDISC fq_cod fq_cod fq_cod 

 color code (packets):  backlog  |  dropped  |  delayed  |  requeued 
 Class Utilization on red1-in (eth1 input => eth1-ifb) - values in Kbit/s
 TOTAL   high    low defaul 
  1645      -      -   1645 
  1629      -      -   1629 
  1635      -      -   1635 
  1634      -      -   1634 
  1630      -      -   1630

Am I missing something? Is this normal?

(Filippo Carletti) #2

I see traffic in the high column for red1-in.
Maybe your config is missing priority rules or you looked when there was no high priority traffic.

(Juan Carlos Fernandez) #3

Where? I’m only seen lines (-) on high column. I’m curently downloading a pfSense video on youtube and the only column having traffic is default class.

Also, I have rules for web proxy stating that my IP should be marked for high class traffic shaping:

Web%20Proxy%20Rules
Web Proxy Rules.png849x271 10.3 KB

My IP is included on high-priority IP range

(Filippo Carletti) #4

Here’s the output from fireqos status red1-in in my firewall:

red1-in: en4 input => en4-ifb, type: ethernet, overhead: 
Rate: 85000Kbit/s, min: 850Kbit/s
Values in Kbit/s

  CLASS    high hotspot     low default 
CLASSID    1:11    1:12    1:13  1:8000 
 COMMIT    8500     850     850     850 
    MAX   85000   17000   76500   85000 

PRIORIT       4       4       4       4 
  QDISC fq_code fq_code fq_code fq_code 

 color code (packets):  backlog  |  dropped  |  delayed  |  requeued 
 Class Utilization on red1-in (en4 input => en4-ifb) - values in Kbit/s
  TOTAL    high hotspot     low default 
    220       -       -       -     220 
    561       -       -       -     561 
    574       -       -       1     573 
    262       1       -       -     261 
    489       1       -       -     488 
    345       -       -       -     345 
    200       2       -       -     199 
    598       2       -       -     597

I think that there may be some corner cases where traffic is not marked or marks are not set on connections. I’d start ruling out squid, temporarily disabling the web proxy.
I’ll try to reproduce the problem on Monday.