You'd probably have to write a script to do that since you'd have to check if there is a connection to netflix. Why not just limit them to 80% of the traffic at all times?

Got it - thanks!

@roccor:

Null you mention some good things, i didnt think of a tracert at the time, I have so little experience with TS that finding an effective starting point is hard for me.  I'd rule out a congested ISP simply because I've had the same setup for 1.3 years now.. I play at the same times every night so I've got a historical feel for this. Could I be wrong? Sure, but IDK I kinda doubt it.

Honestly for having 3 3mb DSL lines I've got some very nice latency and throughput reading into the 10-11mb range.  I had the installers (Note: with ATT business is you order 2 or 20 circuits they must all be installed on different says) Run the 10-ish feet of cat5 into my basement making sure to route totally away from any electric, not even a 90* intersection.  My biscuit jacks are above the rack and power enters from below.  I an a bit anal about that just because I know I just bought shit for internet.  gotta squeeze every little bit I can out of it.

As far as the rules and everything.. I actually was going back through the wizard to give you details when I hit this:
You cannot set the VoIP download bandwidth on connection 0 higher than 80% of the connection.

Umm when you set 32kb/s on all three WAN uploads and 1024 on LAN download.. how the hell am I exceeding 80% of the download on connection 0 when the only connection 0 listed on the page is for WAN #1 upload?

I realize something as acutely intricate as Traffic Shaping/QOS is not for the faint of heart.  I'm a technical guy but these wizard are damn bloody obscure and like in this case totally mis-labelled.  I love pf and always will but.. ugh.

I never really began to understand the traffic-shaper until I quit using the wizard. Manually setup 1 queue at a time and confirm that it work then move on.

Post some pictures or information about your queues to see if we can find your error.

Thank you for the reply. In my opinion traffic is flowing in the queues, see attached picture, but nothing is showing on the RDD Queues Graph.

What would you check in logs or from command line to see if something is wrong? Thank you!

queues.png
queues.png_thumb

Hello, been a while that topic is old and it seem not work property… anyone have a better guide so I can get it to work property?

I only want internet to be slow during bed time but full speed on internal network, external speed need to put on limiter

Thanks

@drvirus:

thank you agiAN.

nowall what i need is as below :
i have 4/4 up/down speed
i need a  to limit speed on interface lan  total to be like 2 M …down
and limit speed on wan to be 2 M up
and i want to have queue that satisfy my needs as below :
giveport 5060 for  out of lan to be 1 M guranteed
and  shape http to 512 K
and out the other traffic in the default quque

can u just tell me  brief steps ?

i read alot and still has much conflict

i will  be thankfull for u so much

kind regards

To limit LAN just use the interface's "Bandwidth". (but I am not 100% sure I understand your intentions)
Same with WAN. Set bandwidth at interface.

Whichever interface your port 5060 will be leaving, create a wqueue there with link-share 1Mbit.
Then you want source/destination port 5060 on LAN to have minimum 1Mbit upload? Then setup a firewall rule on LAN to catch source-port or destination-port 5060 (I dunno if you want both or either) and assdign the traffic to the queue you created.

Bleh, I am tired as hell. I will be back later to possibly finish this post. :)

If you want every IP address to get its own 1500k pipe, mask by source/destination IP address on the top-level limiter and delete the child limiters. If you want all IP addresses to share the same 1500k pipe, leave it like it is.

@cmb:

em1 isn't a 10 Gb NIC, you have a 2 Gb queue on a 1 Gb NIC is the issue.

Good catch. :)

@OP, maybe your NICs or there labeling got switched around? Like LAN1 was 10Gbit but somehow the LAN1 label was changed to the 1Gbit emX NIC?

Not in all cases such as a 3x3 Mbit pipe per IP address.

@a_null:

Limiters don't really seem to work on pfSense versions above 2.15.

Only where NAT applies on the interface where the rules reside. The circumstances being discussed here work fine.

Generally where they don't work at higher speeds it's because the queue length isn't long enough (though the default is fine to >100 Mb generally). Though in VM environments, timing or scheduling issues with the VM in general can be problematic, that's usually not an issue.

@Nullity:

When you say "download something", are you referring to p2p/multi-stream or single-stream download traffic?

You need to classify your bulk downloads separately from important traffic, like twitch streams.

Best QoS/traffic-shaping tutorial (imo): http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/

I will check out that tutorial, thanks.  I mean single stream download traffic.. not p2p.

Looking for this feature too  ;D

@Harvy66:

You're the one who started it. /semi-sarc I showed documented proof that CBQ is worse than HFSC when it comes to delay and bandwidth coupling. I was using the CBQ definition of "coupling" or "decoupling", not your HSFC version. Remember, words have different meaning in different contexts, even extremely similar contexts with extremely similar usages. Context nuances are important.

I do concede that CBQ is easier to use(fewer options) and will agree that if even if using simple HFSC settings is too much, CBQ is good enough.

P.S. I am just saying I think is true, but you may also do the same.
P.P.S Nullity has properly corrected me on several occasions, which forced me to do more digging and correct myself. And I thank him for that.

CBQ, in any implementation prior to HFSC, had no mention of "decoupling" or "coupling". There is no “CBQ definition of 'coupling' or 'decoupling'”, as you put it, as CBQ is wholly unaware. Post a link to any paper that implemented any CBQ algorithm with an understanding of decoupling bw & delay. If you cannot find one, please edit your posts to remove the misinformation.

No 30-page anecdotes. Link or stfu.

thanks guys. all i can say is wow. that is super neato.

some kind of wizardry going on here.  ;D

thanks guys. moving the rules to the lan did the trick.  ;D

Long story short, freaking firewall rules that classify your traffic, like port matching, and use those rules to assign the traffic to queues. Then you shape those queues.

Here's an example of what you can do
https://forum.pfsense.org/index.php?topic=94831.msg528836#msg528836

@CDuv:

My multi-WAN is a Load Balancing.
I have no rule that dictates which Internet connection should be used (except for some very specific remote IP).

Is why, I as want to limit only one of my WAN, I had placed the limiter-applying-firewall-rule on the WAN_A interface.

If I have to create a firewall rule on the LAN interface, how could I make it limit the WAN_A traffic only?

Will packet marking that I outlined above not work?
Apply the mark if the packet is incoming WAN_A.
Then match the mark at the LAN and assign it to queue/limiter.

Edit: Changed "WAN" to "WAN_A" to clarify.

@Nullity:

Does this link offer any help?

https://forum.pfsense.org/index.php?topic=63531.0

This what I used for now.. At least I able to update all server software. But this setting, the user will go more than allocated BW (2Mbps) but yes I can control total BW for the user (480Mbps). After update I change to per IP allocation back since its our business rules. User capped at 2Mbps.

@Harvy66:

Sounds like a bufferbloat issue. Try enabling CoDel or FairQ?

Will take a look for both because I never heard any of that.