I've got about 2700kbit/s of downstream (after overheads) to go around 36 clients.  :-[  Let's not even consider upstream.
Gaming traffic is actually quite minimal (<30Kbit/s per client; more if the client is a game host)
It's a matter of managing the other services (web surfing, streaming youtube/ tagged videos etc) so that they can't saturate the line.  Line saturation is a big culprit in making latencies skyrocket.
Since most of the services being capped either use TCP (able to re-transmit, responds to ECN) or have buffers (streaming videos), dropping the packets on the downstream to force the source to throttle back actually works remarkably well.
Comparatively, most online games use UDP (TCP is used only for authentication) and don't have netcode optimized for lag compensation and interpolation (like Halflife engine), dropping/ limiting the packet stream is out of the question.

Glad to be of help.  ;D  I kind of totally forgot about the queues being tagged to in/ out interfaces.  ::)

Check the wizard again, I am pretty sure you can whitelist an IP or somesuch.

I encountered this problem too, all traffic isn't limited to the queue correctly.
Can i do that? and how to do? thanks!

Yes.
If you set the bandwidth share to higher than you need, then the shaper reserves that amount of bandwidth for your calls until all the packets have cleared.

@tekzone:

Hello,

I am looking at Pfsense for doing some QoS.

In the current situation, we have an "Admin LAN" that includes all of the staff's computers. This LAN has a bad tendancy to eat all the Internet bandwidth for random downloads. We have decided to put some QoS on this LAN. We have a Fortinet box doing this at the moment.

The problem with the Fortinet box is that is doesn't split the bandwidth in a very smart way. Basically if someone downloads a huge ISO file, they get all the bandwidth and everyone else has slow or no Internet access. This is not a good solution at all since people can't work anymore…

Would this be the case if I apply QoS with Pfsense ? The Admin LAN would be a priority class. Would the bandwidth be shared equally amongst all the computers in this LAN ? Is there is special mechanism ?

Thank you in advance for your help,

Antoine

It should work fine if you just fire up the traffic shaper to give priority to the Admin LAN and set your WAN/ LAN root queue bandwidth properly.  You must set it to what you can get, not what you theoretically should get.  To be safe, set to 90% of what your connection is rated for.

For whatever the reason, I've found that Linux based routers don't handle situations like that well.  Even those that use HFSC don't seem to queue the requests properly.  A single bandwidth hog slows down the rest.

pfSense seems to handle this very well even without trying to limit/ prioritize per host.  It just seems to split the bandwidth quite evenly as it goes.

@xaviero:

guess not, only need 2 box…

1 box for dual wan which contain load balancer n fail over
other box for traffic shaping n maybe with proxy....

Ok, thanks xaviero, I having difficulties understanding the possibility of this.

This is how my setup looks without using any form of shaping, so it's possible for me to shape the dual wan using 1 extra box? Could somebody help me understand where in the following diagram it would be included. The internet lines are different speeds so i wish to shape each line slightly different.

I was under the impression i would need a shaper at location (a) and (b) in the following diagram therefor using 3 boxes, shaping only being able to shape between 2 interfaces etc.

If i was only using 2 boxes would this shaper be placed at ©? If so, how does it know which internet line to base the shaping of traffic / bandwidth available etc?

Internet1       Internet2
  ||                  ||
    a\              b/
    Load Balancer/failover
             |c|
       LAN Switch
          |       |
         pc1...pc6

Thanks in advance for anybody who takes the time to read this, and any feedback is appreciated.

Thanks  :)

@jonnytabpni:

I may be on to something here (in my head):

What if I set the "penalize" setting to the whole LAN subnet, then manually create a rule and place it at the top to override this?? Would this work?

had no idea…. maybe u can try it first..
i think policy routing that u use now, maybe the best one

if u mean by client IP address, than it can't

pfsense qos is based on cbq and altq

Both are VIA C3's (I think) running at 1Ghz. Both have 512Mb RAM

may be u can increase the qwanack n qlanack , try double it….

Good afternoon :) Cacheboy works on throtling videos :)

jigp 1.2.2

check your pm.

In theory the limiter could be used to setup a dynamic pipe/queue for each flow (sort of) through the router.  That would let you set the exact bandwidth each flow would be allowed to use.  pfSense doesn't currently support doing that via the gui though, probably for good reason.

Take a look at the dummynet documentation at http://www.dummynet.com/

Dynamic queue creation: mask …

It is possible to associate a mask to a pipe so that bandwidth and queue limitations are enforced separately for packets belonging to different flows.

The mask command lets you specify which parts of the following fields contribute to identify a flow:

[proto N] [src-ip N] [dst-ip N] [src-port N] [dst-port N]

where N is a bitmask where significant bits are set to 1. You can specify one or more masks, or the all keyword to mean that all fields are fully significant.
The default (when no mask are specified) is to ignore all fields, so that all packets are considered to belong to the same flow.

Whenever a new flow is encountered, a new queue (with the specified bandwidth and queue size) is created.

WARNING!!! the number of dynamic queues that can be created in this way can become very large. They are accessed through a hash table, whose size you can define using the buckets NN specifier after the mask command.

This would probably be pretty resource intensive to keep up, it probably isn't suitable for actual real life use.

hi

make high priority of queue for queue where high priority data is passing…

thanks, i will read it 1st