Regardless, would moving to HFSC make sharing/borrowing between interfaces easier?

Shaping can't work across interfaces, but if there's a way to get two or more interfaces to bridge to a pseudo-interface, and assuming you can shape that pseudo-interface, you could probably do it.

When you shape an interface, you shape the data leaving the interface. Shaping your LAN interfaces effectively slows how quickly you can download. With the naive setup for multi-LAN, you can't say how little bandwidth each gets, but how much. If you have 10Mb to split, you may give your guest 2Mb and your main LAN 8Mb.

You may also want to try enabling CoDel on the child queues. If you have less than 1Mb/s, you may not want to do it. CoDel seems to have issues with 1500MTU with bandwidths less than 1Mb.

Curiously, pfsense can do rather basic marking of 802.1p (layer2) - but not diffserv in layer 3.

You're not shaping your downloads because everything is going to qLink and everything is under qDefault for your upload.

Like KOM said, in a nutshell HFSC lets you specify the minimum amount of bandwidth you want to provide a queue, and HFSC will fairly distribute the bandwidth that meets your minimums.

Thanks guys for your clarification.

Let see if I get the logic.

1MB/1MB

If we setup limiter we chose mask source…

Each source will have 1MB/1MB pipe.

1MB/1MB

If we setup limiter we chose nothing  in the mask.

We have 1 pipe 1MB/1MB for all our sources?

Them 10 users will share 1MB/1MB?

Thanks.

@Derelict:

Your WAN IP address should be something other than your gateway IP address.

IP addresses on a subnet must be unique.

i have edited my first post, perhaps its clearer than before.

I know that there were issues with the vmxnet3 drivers in older versions of pfsense, but they've now included it in the later builds.  However, I do agree that while it does work, it may not be the optimal solution.

I am now wondering if vmware is the cause of my packet loss….

Please, read the linked thread. Seriously don't have time to extract info for your from 8+ pages thread.

Right. I was talking Limiters and Shapers as two distinct things.

Limiters work on 2.2 as long as NAT or other redirection isn't involved on the subject interface.

@chain:

I don't have a floating rule on the firewall just phone zone and shaper configuration that is the default setting I just adjusted it 200Kb. Do you what to see something different?

I see a rule that allows OpenVPN from the phones? Do the phones actually VPN back to the server? If so, you need to set the queues for the VPN rule since the traffic is tunneled internally.

Thanks man, that's what I've been doing, I am just hoping to get a one liner rule for this. My rule list are becoming convoluted..

Does anybody know where the root cause of the problem is?
Is it into the base FreeBSD kernel, into pfSense patches to FreeBSD kernel, into the userspace ipfw-classifyd?

Ahh.. Seems to be a text field. I wonder if it's actually internally doing string compares. If it is, shorter strings are better.

@MordyT:

All traffic to / from OPT5 - get a minimal of 1/1Mbps (because phones are important). Highest priority.
All traffic to / from OPT4 - get a maximum of 1/1Mbps (because a guest shouldn't be able to eat more). Lowest priority.
All traffic to / from OPT3 - get a minimum of 3/3Mbps (Because corp needs some speed). 2nd highest.
Rest of traffic to / from OPT2, LAN - whatever is there. 3rd highest.

I have dual WAN links, although they are for failover. The speeds are not the same (40/15Mbps and 6/768Kbps) but the rules can apply to either equally.

You say it's simple, and yet you start with wanting to guarantee 1/1 Mbps when you might have a failed-over situation where you could only have 6Mbps/768Kbps. given that 768K is less than 1M, you cannot guarantee 1M up in that situation.

I don't have multi-WAN at present. I fought with the shaper for a long time, and especially the shaper AND transparent Squid, which is a complete bust in any 2.2 version…

I gave up on transparent squid. I also gave up on anything to do with …the wizard (I'd rather have this bottle infrontofme than a frontal lobotomy) I run codelq, no settings, on WAN and LAN. Codelq should not need any settings, so I ignore the fact that the GUI brings up settings with it selected. I run the limiter. I get something more closely approximating fair sharing (with priority sensitivity) than anything I did with the shaper before.

I should have another post describing what I do with it more fully around here someplace. Here we go:
https://forum.pfsense.org/index.php?topic=99529.msg555886#msg555886

I guess that does not specifically mention "weight" which is hiding under "advanced" for each child limiter. That's how you do priority in the limiter. Help is vague but range is from 1-100 and I have made the assumption in lack of documentation that the total weight should add to 100. So I'd give your phoneQs 40, your corpQs 30 your general Qs 20 or 25 and your guestQs 10 or 5 for a total of 100.

You need to provide a lot more detail, such as:

What type of NICs do you have? (from Interfaces > assign, e.g. emX, vmxY) What type of interface is WAN (Static IP, DHCP, etc)? If WAN is static, do you have a gateway selected on Interfaces > WAN? (you should) What type of interface is LAN (Static IP)? If LAN is static, do you have a gateway selected on Interfaces > LAN? (you should not)

The shaper error is telling you that the count of interfaces you gave does not match the type and number of interfaces capable of using shaping, so like the note on the ticket said, the two most common explanations are that it either doesn't think you have enough WANs (e.g. missing gateway on WAN), or you don't have enough LANs (gateway set on LAN when it shouldn't be), or perhaps the type of NIC you have no longer supports altq.

You might want to take a look at this thread and sideout's config for LAN party use. It is made specifically for giving priority to gaming.

https://forum.pfsense.org/index.php?topic=99503.0

@Harvy66:

The numbers may be wrong, but the ratios shouldn't be far off, and that's a lot of qLink traffic relative to the other queues.

It looks off by about 100x (assuming a 4mbps down rated DSL line), so that would be about 300Kbit/s of traffic on qLink.

I agree that there shouldn't be any traffic on qLink by default (if he ran the shaper wizard) since there are no auto-generated rules to pipe into qLink.

Without knowing exactly what the rule-set are, it'd be difficult to nail this down. For all we know, he's managed to get a floating rule in to pipe SQUID or local traffic down qLink (which is what I'd do but I create my entire shaper config by hand).

You can't do that, at least not on inbound traffic if you have more than 1 internal interface.

For outbound, you can use PRIQ or CBQ and allow the weight ratio to distribute accordingly.