Not really, no. I don't currently have it set up in my current environment.

I can tell you to go through the HFSC wizard with as minimal options as possible. You should end up with a basic shaper with 2 LANs, and some firewall rules. You need to trim the basic shaper down to only two "internet" queues (one per LAN), and have those same two queues on the WAN. Then in the Firewall floating rules, remove all of the shaping-related firewall rules, and make two new ones (one for each LAN network) and put that traffic into it's respective queue.

Here is some illustration of my still existing problem.

0_1529948491213_network.png

How can I limit this that all network never go over 25mbit?

0_1529947656376_shaping.JPG
The 25000 shown was just a test... there is now a 20000.

This is cisco link:
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html

You need to use limiters to limit ingress on the WAN. Shaping can only limit egress.

@jimp
@mupppet

Thank you.

After more research, I don't think this will be viable to replace the routers I am currently using as I need to be able to set TOS bits on certain traffic also.

Thank you for the assistance in any case.

@areynot Are you using queues under your limiters? I believe that you want one or more upload queues with the source mask set to /32 and one or more download queues with the destination mask set to /32. My understanding - and it may be flawed - is that doing so will result in each host on your LAN being assigned one upload queue and one download queue. So consider the simplest case where you make one download queue for your download limiter and one upload queue for your upload limiter, and then just assign every host on your LAN to use these queues. If you have N hosts on your network, then the most active queues you should have at any given time is N download queues and N upload queues, and your download and upload bandwidth should be shared roughly evenly across them.

At a very basic level, though, limiters (pipes) establish a cap on your bandwidth, but queues assigned to those limiters determine how that bandwidth is shared among multiple hosts.

@oguruma As with many things with computers, FILTER the Backblaze traffic and place it on a low priority queue. How exactly filter? find out what UNIQUE about this Backblaze thing, uses a special port? writing to a fixed WAN IP? FTP protocol? etc-etc-etc.

@areynot That's a tough call, since that's right on the edge of where the conventional wisdom seems to say that it matters. Setting the quantum lower gives an advantage to smaller packets, so I think the idea is that UDP traffic (like VoIP) will end up with a de facto higher priority. In practice, I'd be surprised if you could notice the difference. If I were you, with a symmetric 50Mbps connection, I'd probably be inclined to just leave the quantum at its default setting. But it's easy to try both and see if it makes any detectable difference too.

@harvy66
Thank you everyone, I now think the LImiter function is not working because the default gateway is the primary router and there are static routes to the second for inter branch traffic.

Some how, that process allows the traffic to bypass the Limiter rule on the LAN port on the 2nd router. I will change the default gateway to the 2nd router and see if the Limiter kicks in correctly. Very Strange behavior!!

i am getting this error when i try to selsct 1 wan and 1 lan
and i am not being select WAN (the PPPoE interface) as WAN.
×The specified number of connections is greater than the number of ALTQ-capable assigned interfaces!”.

Thanks ! seems to work good.

@dusan said in Optimizing for video stream:

Go to Firewall -> Rules and check out the Floating tab. There should be a rule for RTMP inbound and you should see the queue name. It's probably qOthersHigh and let's assume it is later on. Edit any other rule that use qOthersHigh and change them to use qDefault. Leave the RTMP inbound rule intact. (If there's no RTMP inbound rule, find the RTMP outbound rule instead and, also, make sure it includes WAN Interface and out Direction.)

My fault. Sorry. The Direction should be in. But any is also fine.

Hello again, it's my pipes: (coomand result -> ipfw pipe show

00001: 512.000 Kbit/s    0 ms burst 0
q131073  50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
sched 65537 type FIFO flags 0x1 256 buckets 0 active
    mask:  0x00 0xffff0000/0x0000 -> 0x00000000/0x0000
00002: 128.000 Kbit/s    0 ms burst 0
q131074  50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail
sched 65538 type FIFO flags 0x1 256 buckets 0 active
    mask:  0x00 0xffff0000/0x0000 -> 0x00000000/0x0000
00003:  18.000 Mbit/s    0 ms burst 0
q131075  50 sl. 0 flows (1 buckets) sched 65539 weight 0 lmax 0 pri 0 droptail
sched 65539 type FIFO flags 0x0 0 buckets 0 active
00004:  2.000 Mbit/s    0 ms burst 0
q131076  50 sl. 0 flows (1 buckets) sched 65540 weight 0 lmax 0 pri 0 droptail
sched 65540 type FIFO flags 0x0 0 buckets 0 active
00005:  12.000 Mbit/s    0 ms burst 0
q131077  50 sl. 0 flows (1 buckets) sched 65541 weight 0 lmax 0 pri 0 droptail
sched 65541 type FIFO flags 0x0 0 buckets 0 active
00006:  8.000 Mbit/s    0 ms burst 0
q131078  50 sl. 0 flows (1 buckets) sched 65542 weight 0 lmax 0 pri 0 droptail
sched 65542 type FIFO flags 0x0 0 buckets 0 active
00007:  4.000 Mbit/s    0 ms burst 0
q131079  50 sl. 0 flows (1 buckets) sched 65543 weight 0 lmax 0 pri 0 droptail
sched 65543 type FIFO flags 0x1 256 buckets 12 active
    mask:  0x00 0xffffff00/0x0000 -> 0x00000000/0x0000
BKT Prot Source IP/port_ Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp
40 ip      89.40.146.0/0            0.0.0.0/0        2      126  0    0  0
58 ip      216.58.215.0/0            0.0.0.0/0      14    1799  0    0  0
58 ip      216.58.209.0/0            0.0.0.0/0      571    23051  0    0  0
60 ip      185.60.216.0/0            0.0.0.0/0        2      172  0    0  0
134 ip      46.134.210.0/0            0.0.0.0/0        2      172  0    0  0
161 ip      89.161.152.0/0            0.0.0.0/0        9      392  0    0  0
162 ip      52.162.166.0/0            0.0.0.0/0        2      498  0    0  0
184 ip      93.184.220.0/0            0.0.0.0/0        1      52  0    0  0
217 ip      172.217.16.0/0            0.0.0.0/0        5      292  0    0  0
217 ip      172.217.20.0/0            0.0.0.0/0        5      246  0    0  0
233 ip      64.233.162.0/0            0.0.0.0/0        1      99  0    0  0
240 ip      157.240.20.0/0            0.0.0.0/0        2      172  0    0  0
00008:  2.000 Mbit/s    0 ms burst 0
q131080  50 sl. 0 flows (1 buckets) sched 65544 weight 0 lmax 0 pri 0 droptail
sched 65544 type FIFO flags 0x0 0 buckets 1 active
  0 ip          0.0.0.0/0            0.0.0.0/0    4214  5824241 42 48662  0
00009:  12.000 Mbit/s    0 ms burst 0
q131081  50 sl. 0 flows (1 buckets) sched 65545 weight 0 lmax 0 pri 0 droptail
sched 65545 type FIFO flags 0x0 0 buckets 0 active
00010: 512.000 Kbit/s    0 ms burst 0
q131082  50 sl. 0 flows (1 buckets) sched 65546 weight 0 lmax 0 pri 0 droptail
sched 65546 type FIFO flags 0x1 256 buckets 2 active
    mask:  0x00 0xffffff00/0x0000 -> 0x00000000/0x0000
168 ip      192.168.3.0/0            0.0.0.0/0        2      210  0    0  0
168 ip      192.168.20.0/0            0.0.0.0/0      92    18865  0    0  0
00013:  1.000 Mbit/s    0 ms burst 0
q131085  50 sl. 0 flows (1 buckets) sched 65549 weight 0 lmax 0 pri 0 droptail
sched 65549 type FIFO flags 0x0 0 buckets 0 active
00016:  12.000 Mbit/s    0 ms burst 0
q131088  50 sl. 0 flows (1 buckets) sched 65552 weight 0 lmax 0 pri 0 droptail
sched 65552 type FIFO flags 0x0 0 buckets 0 active

Any ideas?

–
Regards, Krzysztof

Latency is only affected because of bufferbloat. You could try to limit everyone's bandwidth, but fixing the bufferbloat can get you the 80/20 with little effort, fewer edge cases, and reduced complexity.

The currently simplest way is to enable FairQ as the shaper on LAN and WAN interfaces, configure the default queue on the interfaces to have Codel enabled, and to set the bandwidth to some value less than what real bandwidth you have.

In the near future, scheduled for 2.4.4, fq_Codel should be superior and easier to setup.

This is just an alternative that you may want to try.