Troubleshooting traffic shaping issues can prove difficult. First, there is the chance that we have made an error in configuring our traffic shaping rules. Second, even if our traffic shaping rules are configured exactly right, they may not have the intended effect. In such cases, it often behooves us to return to the established methodology for troubleshooting IT problems: diagnosing the problem, forming a hypothesis, testing the hypothesis, implementing a solution, verifying system functionality, and documenting the problem and solution. This methodology will be covered in greater depth in Chapter 11, Diagnostics and Troubleshooting. There are some common issues, however, that crop up with traffic shaping, and we will cover them here.
Sometimes, we may find it difficult to keep P2P traffic in the P2P queue; this is a direct consequence of pfSense relying on ports to classify traffic. Many P2P applications, however, rely on non-standard or random ports. If you are having trouble with P2P traffic, there are two broad alternatives:
- Use a third-party solution such as Snort. This may be problematic if you simply want to divert P2P traffic into a low-priority queue—Snort makes it much easier to block P2P traffic than to lower its priority.
- You could make the P2P queue the default queue for all traffic. The downside of this, of course, is that you must create rules for all traffic you don't want to have relegated to the P2P queue.
There are several diagnostic tools at your disposal. If you need to get an overview of traffic on all queues, navigate to Status | Queues. This will reveal how much traffic is on each queue, both graphically (in the form of bar graphs) and numerically—it will tell you the packets per second (PPS) of the queue, bandwidth, queue length, and much more. At the very least, the Queues page will indicate what traffic, if any, is in the queues. In some cases, this may be all you need to diagnose the traffic shaping problem.
The Queues page offers a snapshot of the current traffic. If you need a cumulative summary of traffic, navigate to Diagnostics | pfTop and select queue in the View drop-down box. This will provide similar information to what you get from the Queues page, but expressed in raw totals.
If you are using limiters, navigate to Diagnostics | Limiter Info. This page will show configuration information and data for limiters and child queues.
One resource that can be useful are the logs, so,e if all else fails, navigate to Status | System Logs. The Firewall tab is the one that is most likely to yield information relevant to solving your problem. You can also click on the + button and use the Advanced Log Filter bar to further filter results. Finally, although logging of rules is not generally recommended, you can enable logging on relevant traffic shaping rules, at least temporarily, and see whether the generated logs help you to diagnose the problem.