Hi folks! OK, so I've setup a HFSC queue, and I've assigned the few IPs I need to prioritize. So it's a 50 Mbit/s link, I defined the service curve with: "Max bandwidth for queue." / "upper limit" / 40Mb "Min bandwidth for queue." / "Real Time" / 3Mb But what do I enter for "Bandwidth"? Do I put 50 Mbit/s inside? My main question is what clients to assign the queue to? Only the ones I want to affect with QoS (max & min), oder ALL the clients? I coluld live with ALL the clients having max and min defined since it's mostly only few clients at the time trying to max out the link, so if I put everyone in the floating rule - I should be fine, right? The problem is I can only prioritize based on IP address. Sometimes the client is pulling entertainment videos from youtube, sometimes it's performing an important presentation, I cannot know what is important and what is not. What would be the best practice for such a case? Thanx

@Harvy66: Then you have the issue that wifi has built in re-transmission, making Layer 1 latency highly unpredictable. "Air time fairness" is another potential issue if you have many generations of wifi devices, especially on 2.4ghz. Right… OK. I'm glad you replied, I thought layer 1 was "un-sniffable" without RF, thanks for confirming this! I figured it was the re-transmit, but I didn't know for sure. Would a "better" MTU or something help? What do you mean by Aritime Fairness? Like, should I turn it ON? or OFF? The Asus AC5300 has all of the facny MuMIMO options, but it's pretty opaque on what it actually does/help. @gsmornot I hear ya, however I'm a bit of a perfectionist, and for the first time around bench marking i want to get it right. Mainly having something highly repeatable. I've been using DSLReports but then got turned onto FLENT -which is netperf-wrapper in a nice interface. Thinking about this more, I should setup a Netperf server on my wired LAN side, and benchmark the Wifi first to there, then move to the pfSense. I've attached some examples of QoS with Flent. I've only managed to get ONE of the Upload, Download, or Latency at max performance, but never all at once. Ideally I want all of the lines to be very flat, with no deviance of the other classes or "random" looking data. In addition - never hitting 0mbit, keeping all values above 20 or some nice amount. You can see that it IS possible. Maybe I'll make a new thread on that, but it's mostly for WAN. It would be interesting to QoS the AP port...  hrm...      

@test4321: @tman222: One question that comes to mind right away: Are you using a proxy setup by chance (e.g. Squid)? Yes I am - is there an issue with this? How can I use both? UPDATE: looking into this article now: https://guglio.xyz/pfsense-2-3-limiters-and-squid-bugfix/ The reason I asked is because when using the squid proxy the configuration has to be altered somewhat (I have run into this same problem as well actually).  Otherwise, you are just using the limiter to limit bandwidth between local machine and the proxy, but not between the proxy and the machine online you are downloading from.  Unfortunately, I'm actually not quite how to make those modifications - was the article you found helpful, i.e. did you get it working?

Shaping/limiting only deals with bandwidth management. It may improve the stability of your network.

@Nullity: Read the pfSense wiki. After some learning, struggling, and trial & error experimentation, return to tell us how we can help you. I do not envy experiencing the pfSense learning-curve… but, we are happy to help after you've felt our pain. :) Laughing, understand!

There are still some large spikes on the upload graph, but overall everything looks much better. You may want to reduce your bandwidth even further, by small steps of like 0.1Mb, and see if you can get rid of those spikes. Diminishing returns at this point and it's up to you to play around and decide what's a good trade-off. One thing I would like to mention is that because you're using priq, and your download is so asymetric of your upload, when downloading, you're going to be saturating your upload with ACKs. ACKs are lower priority than VoIP, so VoIP should work, but anything lower than ACK or DNS is going to effectively die. Hopefully VoIP will continue to work now. Let us know.

@mloiterman: Just giving this a bump, as I would like to deal with the latency resulting from lack of upload bandwidth on my very assymetric Uverse connection. I added some instructions how to setup fq_codel in a few steps in this thread: https://forum.pfsense.org/index.php?topic=142321.msg776278#msg776278 Hope this helps, but please let us know if you have any additional questions.

Ok, thanks for clearing this up. I'll see what I can do on the torrenting.

Probably "easier" to have a local WSUS and shape all of its outgoing traffic and forward to WAN2.

Is there a reason you need/want to micromanage your bandwidth? Why can you just use something like fq_Codel that maintains low latency for all connections while semi-fairly distributing bandwidth?

https://forum.pfsense.org/index.php?topic=126637.0 is probably all you need. Depending on your upload bandwidth, you may need to tune the "quantum" and "target". In general, fq_Codel absolutely needs some tuning below 1Mb, highly desirable below 2Mb, still useful below 5-10Mb, depending on how picky you are about maximizing your bandwidth.

Thanks for taking the time to respond! That looks VERY promising, but FAR beyond my ability to sink the time into. I'm only new to pfSense and even just the basics are proving tough (ie VPN's of any sort .. yet to get one working). Maybe once there is a web UI I can give it a go. Has there been any word on that being implemented? I tried the wizard available in pfSense and as far as I can tell it hasn't had any effect. Regards, Michal

As with any shaping, you need to know how to match the traffic. No, I know of nothing specific here for that provider. Have you tried searching for Nextiva up in the search box? Otherwise try pfsense nextiva in google. :)

Great - glad it worked out for you… Shitty Ass ISPs  So they want your devices directly attached?  And you can have only 1? You could write a patch to make this edit for you, since every time you update and that file gets updated your change will be lost..

Click on the queue.

"and under LAN:HFSC the bandwidth is: 20971.52Kb (what does this means?, what does this queue means ?)" Out of the box there are no queues or shaping or limiting done… So you would of created those.. So I take it you didn't set up this pfsense? Is it current 2.4.2_p1? I would suggest you remove any old queue/limiting/shaping that would of been done by previous persons and create correctly for your current needs and bandwidth.