# Traffic Shaping Problem



## Ruler2112 (Dec 13, 2013)

I have a small mail server which also acts as a router for our public WiFi.  For obvious reasons, I have traffic shaping enabled and it has allowed the two to co-exist peacefully, not allowing customers using WiFi to interfere with the operation of the mail server.  Until today that is.

Mail is basically inoperable today.  Looking at the output of `systat -ifstat`, I see that traffic coming from the public WiFi routers is saturating the outbound link.  I do not know how to further track down what is using the traffic - what port it's on, application being used, etc.  Given the traffic shaping rules in place, I'm puzzled as to how this is happening.

Below are the snippets of my pf script that deal with the traffic shaping.  Can anyone see why this is happening?  ($ext_if is my internet connection, $adm_if is that of my admin box, and $int_if is that going to the two public WiFi routers.)


```
# Activate alternate queuing
altq on tun0 cbq bandwidth 512Kb queue { standard_out, dns_out, http_out, tcpack_out, \
                                         popimap_out, smtp_out, admintraffic_out, wifitraffic_out
                                       }
# Set up queues
queue standard_out bandwidth 72Kb priority 0 cbq(default, borrow)
queue dns_out bandwidth 20Kb priority 6 cbq(borrow)
queue http_out bandwidth 40Kb priority 5 cbq(borrow)
queue tcpack_out bandwidth 40Kb priority 7 cbq(borrow)
queue popimap_out bandwidth 100Kb priority 4 cbq(borrow)
queue smtp_out bandwidth 100Kb priority 3 cbq(borrow)
queue admintraffic_out bandwidth 90Kb priority 2 cbq(borrow)
queue wifitraffic_out bandwidth 50Kb priority 1 cbq(borrow)

...

pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port $bind_ports keep state queue (dns_out, tcpack_out)
pass out on $ext_if inet proto tcp from ($ext_if) to any port $webi_ports keep state queue (http_out, tcpack_out)
pass out on $ext_if inet proto tcp from ($ext_if) to any port $marc_ports keep state queue (http_out, tcpack_out)
pass out on $ext_if inet proto tcp from ($ext_if) to any port $mail_ports keep state queue (popimap_out, tcpack_out)
pass out on $ext_if inet proto tcp from ($ext_if) to any port $smtp_ports keep state queue (smtp_out, tcpack_out)
pass out on $ext_if inet proto tcp from ($adm_if) to any keep state queue (admintraffic_out, tcpack_out)
pass out on $ext_if inet proto tcp from ($int_if) to any keep state queue (wifitraffic_out, tcpack_out)
```


----------



## CMarinier (Dec 17, 2013)

You are only shaping TCP traffic. Could the problem be UDP traffic? You could try this to see what is coming from WiFi.


```
tcpdump -s 96 -i em1
```

Replace "em1" with the WiFi interface.


----------



## bbzz (Dec 20, 2013)

I suggest you forgo CBQ and use HFSC.


----------



## Ruler2112 (Dec 20, 2013)

That's an excellent idea about UDP possibly being what's transferred.  Next time this happens, I'll check to see what type of packets are being transferred.

I appreciate the suggestion @bbzz, but I've never heard of HFSC and while I'm not opposed to learning new stuff, CBQ is in place and for the most part functional. To be frank, when something's not working (as it wasn't when our traffic was maxxed out), it's a much higher priority than investigating a possible replacement for an otherwise functioning system. Unfortunately, there are about 20 other projects that have priority over such an investigation at this point (I'm the only IT guy in my company).


----------



## bbzz (Dec 20, 2013)

HFSC is almost identical in syntax to CBQ, if shouldn't take you much time to figure it out. CBQ just isn't that good, tried and tested.

Anyways, good luck. Feel free to ask anything.


----------

