Traffic Shaping

I tried to implement M0n0wall as traffic shaping solution for my home network.

Configuration:
I used installed vmware appliance on my home server. There is additionial router on my 10.0.0.0/24 network who takes care of internet connection using ADSL modem and creates NAT and I created 10.1.1.0/24 network for connection to m0n0wall.
Both interfaces for m0n0wall are virtual. It is connected by lan link to border router.
During debugging I tried to get to simplest working configuration but did not manage to.
I created two rules both on wan interface one to catch all download and one to catch all upload. Connected them respectively to pipes one called download with 950 Kbit/s another called upload with 256 Kbit/s.

Problem:
When I use m0n0wall as my computers gateway everything is fine.
Problem arises when I enable traffic shaping. My Internet connection gets 10 times slower. I checked it many times using numion.com.
Without traffic shaper:
date: So, 23 lut 2008, 16:41:19
download: 988.89kilobits/sec
upload: 271.25kilobits/sec
with traffic shaper:
So, 23 lut 2008, 16:40:01
d:112.93kilobits/sec
u:27.70kilobits/sec

Question:
Where and how to look for possible errors in configuration or another problems.

I would try running the shaper again.  Verifying the correct inputs for your download and upload speeds.  I have a sneakin suspicion that you mixed up kbps vs. kBps.  m0n0 wants kbps.  If you have a 1 meg connection - enter 1000 kbps, not 100KB

Aaron

thx, for help. But that's not mistake this time I think. Here is snapshot of my app. Yes, I have 1 Megabit ADSL connection, and I give screenshot of traffic shaper config.

Wow, are you running OS X 10.1 or something?  That looks really old!

I was running m0nowall 1.3b10 and I was also getting very slow connections. (2mb vs. 6-8 normal)

I just realized something.  What is your catch all rule bandwidth/priority set to?  would it be about the same bandwidth you are seeing with the shaper on?  Your traffic may not be hitting the right rule.  Can you list your rules?

Another dev in the pfSense forum working on their new shaper said that we must disable the anti-lockout rule or else some traffic will get caught in the catch all queue and get totally slowed down.  I have no idea if that would apply to m0n0 (TOTALLY different shaper).  Worth a try, no?

Aaron

 

It's just kind of look&feel that remembers me when I was young :-P.

Here are my rules. I'm pretty sure it hits right rule, because if not it wouldn't pass :-P. I prepared this situation as debugging configuration to be sure I have not messed up.

"Another dev in the pfSense forum working on their new shaper said that we must disable the anti-lockout rule or else some traffic will get caught in the catch all queue and get totally slowed down."
Hmm... It looks like it is such situation. But I have no idea why it should be so. So if I correctly understand better debugging situation would be to create not catch all rule but just catch web rule and check if it would make move slowed down two?
Probably I'm gonna change into pfSense after all, but wanna learn why such simple thing doesn't want to work ;-/.

Hi gondar,

your rules are definitely not correct.

Besides, the descriptions look like you changed the queues from the wizard.  If you do big changes to the wizard made queues, things tend to go wrong.

Your first rules state that ANY traffic going ANYwhere will go to the download queue (and described as the catch all?)  The 2nd rule states that ANY traffic goign ANYWHERE will go to the upload queue.  That's not correct.  Your source must be TO the LAN (and therefore FROM the WAN) for the download queue.  Then FROM the LAN (aka to the WAN) for your upload queue.

I really recommend running the shaper wizard.  It does work   But some people have been reporting lower bandwidth than expected on different versions of m0no.

I'll post a link to another post where they are doing almost the same thing.  and yes, you need to either do a whitelist of traffic you want prioritized and then a catchall for everything else.  OR do a blacklist - identify the specific traffic you want lower priority and set that lower priority - everything else will pass as normal. 

Using your setup, you are not doing anything but limiting your total bandwidth on your WAN.

aaron

http://forum.m0n0.ch/index.php/topic,1819.0.html#msg5732

Same thing almost.

First of it's debug config, that's why it is only limiting traffic, I wanted to make sure . And I can accept loosing like 10% of my connection speed because of traffic shaping but not 10 times slower connection what happens here.

Your first rules state that ANY traffic going ANYwhere will go to the download queue.

I thought that If I specify that I wanna packets that come on my wan interface it's enough for the rule. And packets coming out of wan interface for the second.
I changed rules as You said it should work, but unfortunately, effect is the same as before.

I started from using wizard. It I had the same effect. It is not normal to wait for every picture on every page with connection with this speed.

What version of m0n0 are you using?  Not that I know the version differences, but other people are having very slow speed issues.. I think with 2.233(??) or something like that. 

Can you post your pipes list? 

Your first rules state that ANY traffic going ANYwhere will go to the download queue.

I thought that If I specify that I wanna packets that come on my wan interface it's enough for the rule. And packets coming out of wan interface for the second.

Nope.  It's not enough. 

Have you tried disabling the anti-lockout rule?  No idea why, but that rule seems to route traffic to the catch-all queue and give you like 10% performance.

I'm just a user tryin to help ya, buddy.  I didn't write it, heck, I haven't used m0n0 for more than a few days.  I'm using pfSense.  I'm working with (trying to) the the devs on a new pfSense shaper that is 10x less intuitive than the m0n0 shaper.  They think and design the GUIs like programmers and expect you to know the intricacies of the underlying BSD systems.  It's driving me nuts!  I'm quite sure I am driving them nuts, too!  But I think I have very valid points.  if you care to join me: http://forum.pfsense.org/index.php/topic,2718.255.html   I joined in at about page 13/14 I think.  If someone can help validate at least SOME of my points, it would sure be appreciated. 

Anyway, try the lockout rule, and 1.3b10 if possible?

Aaron