Actions
Regression #11952
closed
Traffic matching rules with limiters is not handled by DUMMYNET
Status:
Closed
Priority:
High
Assignee:
Category:
Traffic Shaper (Limiters)
Target version:
Start date:
05/24/2021
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
21.05
Release Notes:
Force Exclusion
Affected Version:
2.6.x
Affected Architecture:
Description
Traffic limiters have no effect when applied in 21.05 or 21.09 in a multi-wan environment.
3 ISPs - each 1Gbit up / 1 Gbit down.
6 limiters created (1 up, 1 down for each of 3 ISPs), each with a child queue. Each uses droptail as queue management algorithm, and FQ_CODEL as scheduler, limited to 25 Mbit/s. Child queues use droptail as the queue management algorithm. All 6 limiters are identical for testing purposes.
Limiters applied as floating MATCH traffic rules. As traffic passes counters increase as expected, yet applied pipes have no effect
Currently no other firewall rules enabled on the system. For reference, this was working as is on 2.4.
anchor "userrules/*"
pass out quick on { ix0 ix1 ix2 } inet proto icmp from any to any icmp-type trace tracker 1621863034 keep state label "USER_RULE: ICMP policy routing traceroute workaround"
pass in quick on { ix0 ix1 ix2 } inet proto icmp from any to any icmp-type { echorep,echoreq } tracker 1621863105 keep state label "USER_RULE: ICMP limiter drop echo-reply under load workaround"
match in on { ix0 } inet from any to any tracker 1621861885 dnqueue( 1,2) label "USER_RULE"
match in on { ix2 } inet from any to any tracker 1621862371 dnqueue( 3,4) label "USER_RULE"
match out on { ix2 } inet from any to any tracker 1621862389 dnqueue( 4,3) label "USER_RULE"
match in on { ix1 } inet from any to any tracker 1621862308 dnqueue( 6,5) label "USER_RULE"
match out on { ix0 } inet from any to any tracker 1621861900 dnqueue( 2,1) label "USER_RULE"
match out on { ix1 } inet from any to any tracker 1621862327 dnqueue( 5,6) label "USER_RULE"
[21.09-DEVELOPMENT][admin@gw01]/root: ipfw sched show
00001: 25.000 Mbit/s 0 ms burst 0
q65537 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 droptail
sched 1 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 20480 flows 65535 ECN
Children flowsets: 1
00002: 25.000 Mbit/s 0 ms burst 0
q65538 50 sl. 0 flows (1 buckets) sched 2 weight 0 lmax 0 pri 0 droptail
sched 2 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 20480 flows 65535 ECN
Children flowsets: 2
00003: 25.000 Mbit/s 0 ms burst 0
q65539 50 sl. 0 flows (1 buckets) sched 3 weight 0 lmax 0 pri 0 droptail
sched 3 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 20480 flows 65535 ECN
Children flowsets: 3
00004: 25.000 Mbit/s 0 ms burst 0
q65540 50 sl. 0 flows (1 buckets) sched 4 weight 0 lmax 0 pri 0 droptail
sched 4 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 20480 flows 65535 ECN
Children flowsets: 4
00005: 25.000 Mbit/s 0 ms burst 0
q65541 50 sl. 0 flows (1 buckets) sched 5 weight 0 lmax 0 pri 0 droptail
sched 5 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 20480 flows 65535 ECN
Children flowsets: 5
00006: 25.000 Mbit/s 0 ms burst 0
q65542 50 sl. 0 flows (1 buckets) sched 6 weight 0 lmax 0 pri 0 droptail
sched 6 type FQ_CODEL flags 0x0 0 buckets 0 active
FQ_CODEL target 5ms interval 100ms quantum 300 limit 20480 flows 65535 ECN
Children flowsets: 6
[21.09-DEVELOPMENT][admin@gw01]/root: ipfw queue show
q00001 50 sl. 0 flows (1 buckets) sched 1 weight 0 lmax 0 pri 0 droptail
q00002 50 sl. 0 flows (1 buckets) sched 2 weight 0 lmax 0 pri 0 droptail
q00003 50 sl. 0 flows (1 buckets) sched 3 weight 0 lmax 0 pri 0 droptail
q00004 50 sl. 0 flows (1 buckets) sched 4 weight 0 lmax 0 pri 0 droptail
q00005 50 sl. 0 flows (1 buckets) sched 5 weight 0 lmax 0 pri 0 droptail
q00006 50 sl. 0 flows (1 buckets) sched 6 weight 0 lmax 0 pri 0 droptail
Files
Updated by 
Updated by 
Actions