Making CBQ child bandwidth % changes by config.xml will accept anything I want. Via the GUI I get errors if I change the parent bandwidth value.  Currently running ver 2.3.1_1 and the GUI still doesn't show child bandwidth values in the Shaper by Interface. So apparently not fixed with the last patch.

Does anyone in an escalated position read these issues and are inclined to fix them?  Because XLM shaper restores function, it seems this may entirely be a GUI issue.  Since the GUI doesn't have the % field for entry the XML shows a valueless entry of <bandwidth></bandwidth>rather than say <bandwidth>50</bandwidth>.

If you know the IP and port of your corp website, you can use HFSC (or your fav traffic shaper), and carve out some guaranteed bandwidth for your corp website.

A simple forum search will get you several posts on some complete traffic shaping configs.

Hello Harvy66,

Thanks for your reply.
However, I'm not sure I understood what you meant by "you can't share bandwidth between interfaces…".
Am I doing that here?

What I don't understand are:

why my floating rule, as described in my original post, is not matching the OpenVPN traffic at all (it would be great to get this one working),

why, once or twice, I found the OpenVPN tunnel connection states bound to the lo0 interface.

Any idea on the above two queries?

1. The WAN knows nothing about the packets inside of the VPN tunnel. All it knows is the tunnel traffic goes into the VPN queue. As long as that queue has enough bandwidth assigned, all is well.
2. The WAN knows nothing about the packets inside of the VPN tunnel. It won't be able to differentiate traffic for the different queues inside the tunnel.

thank you…although I was expecting another answer...a more positive one  :(

Hi, thanks Nullity and Harvy66…. this worked. It's not as practical like the limiter but it works too.

Thanks for the clarification Derelict.

Yes I know I have to apply/reload the firewall rules.  I actually had to reboot the entire box in order to get things working properly again.  Not sure if it's a bug or something.

LoboTiger

https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

The tl;dr version of user-defined rule processing is:
Rules defined on the floating tab are processed first
Rules defined on interface group tabs (Including OpenVPN) are processed
Rules defined on interface tabs (WAN, LAN, OPTx, etc) are processed last

And remember, PFSense doesn't look at "packets", it only looks at the first packet. All subsequent packets for a flow are not evaluated.

@Harvy66:

Your LAN interface is set to 1Gb/s. Your traffic is probably going into the default queue of qLink, which is limited to….. 1Gb/s. If you want your traffic to be under your qInternet, you need to place it in there somewhere

Errr, this was what I was trying to ask back in my other thread  ;D
https://forum.pfsense.org/index.php?topic=111762.msg623842#msg623842

@Harvy66:

Prioritizing is the wrong way to think about shaping Shape the bandwidth. Decide how much bandwidth you want each class of traffic to have when your connection is fully loaded I recommend HFSC. Don't use "Real Time", just use "Bandwidth", and treat "Bandwidth" as your minimum bandwidth Make your default queue your "P2P" queue, then classify traffic out of the queue. Most P2P traffic is hard to classify and most high priority traffic is easy to classify.

Hello Sir thanks for the reply, your comments have opened my eyes and given me a better idea. I will go about it, I have a few more questions if you could help. When I use the wizard, it asks me how much bandwidth in % I want to allocate to my P2P and I normally put 2%. Then I normally reconfigure it after I chose HFSC, but how do I put my P2P as my default? also in my any to any firewall rule under my WAN and LAN interface I put "qACK/qDefault" and WAN I used "none/qP2P". I did this- I wont lie because I am still new to pfsense and traffic shaping- because I looked around the site for some information.

But when I do tests ( 2 laptops connecting to same vlan and running youtube on 480p while torrent is being downloaded) it seems
the torrent still eats up a lot of Bandwidth. Am I doing something wrong?

80% is the rule of thumb. Some connections are worse, dedicated connections should be nearly perfect. I use 99% myself with a dedicated connection and I get 1ms of bufferbloat, so I know it's working.

@pfuser0:

You neglected to mention what algorithm you were using. HFSC does not even use the "Priority" parameter, and plain old Priority queueing has it's own set of fundamental problems.

Thanks.
I'm using PRIQ, but I don't remember actually choosing it over HFSC. I'll try switching.
It still looks like qLink was being used for LAN<–>WAN traffic. In my setup the only LAN<->LAN traffic hitting the router is management traffic (no DNS/DHCP).

Anyone willing to share their insight into Queue Limit?

You are worrying about things that are currently not very useful to you. Here, read this QoS tutorial.

The wizard is intended to be 1 setup that can work well everywherd, so everyone gets the qLink setup because it causes no harm to those who do not run multi-LAN.

Queue limits make little difference. Most defaults are optimal. Search the forum for more info.

@ stiadmin,

did you found a solution?

I generally set the direction to both on Floating rules when choosing direction and WAN as the interface.

Your best bet here is to create Alias's for the games with ports and protocols then create floating rules and assign them to qGames.  If you choose to use TCP/UDP combo for protocol then make sure to choose qACK for your rules.

Also choose the WAN interfaces for floating rules as well.

@mattlach:

So, the improved buffer bloat is what I was expecting, but at what cost?  A loss of ~10Mbps up and down?  That's more than some peoples entire connections…

The loss of bandwidth is proportional to the stability of your connection. You may be "losing" 10Mb/s of your bandwidth to maintain a low bloat, but I only need to lose about 1.5Mb/s.

And when you say "at what cost", it almost sounds sarcastic because the cost is so low. So you lose 7% of your bandwidth, but now your ping will be between 80ms and 200ms lower during saturation of your connection. You can still play games. And some connections are latency sensitive, like HTTPS. With 11 round trips, a 200ms ping increase will take 2.2 seconds before your web page starts to download. With a 2ms ping, it will take 22ms. That's the difference between instant and twiddling your thumbs.