Traffic Shaping

• C

  My Shaper Config File For All To See! Works great with VoIP!
  • charincol

  21
  0
  Votes
  21
  Posts
  12605
  Views

  C

  Do not try to import my original config file into your system.  It was only posted so as to help others understand a little bit better how the traffic shaper works and what was working for me at that time.  If it is too confusing for you to decipher, then you probably need to learn more about TCP/IP, ports, and protocols.
• S

  Help please - three priorities - VOIP, RDP, ALL ELSE
  • scotttiamit

  16
  0
  Votes
  16
  Posts
  7148
  Views

  H

  This isn't pfSense, so you don't have fancy hostgroupaliases, queuegraphs and so on. You have to set it up and simulate a maxed out line and do phonecalls and terminalsessions under that condition and tweak it until you are happy with it.  ;) I'll pm you something later when I'm at home. I don't think it makes sense to discuss that public as the m0n0 shaper is completely different compared to pfSense. I suggest closing this thread.
• M

  Status queues
  • mentalinc

  8
  0
  Votes
  8
  Posts
  3879
  Views

  L

  @mentalinc: and an lil extra questionL: shaping will only work on upstream data as by the time downstream gets to my box its far to late as the pipe has been saturated and my HTTP traffic for example is sitting at the ISP waiting its turn. is that correct? Yes, the traffic shaper in pfSense can only shape packets exiting an interface but it can also shape downlaods by shaping the traffic exiting lan card to your pc (you can look at it from the perspective of your box uploading to your pc). In other words, download shaping isnt dependent on your isp alone, pfsense actively shape downloads just the same as uploads. However if you saturate your link traffic will be queued up in your box and possible at your isp as well (or your isp will drop extra traffic), so its a good idea to set ur max download & upload speed to a fraction below what your isp advertised, that way your box will limit the traffic before your isp policing or shaping kicks in, you sacrifice some bandwidth to gain better control over your traffic.
• C

  Traffic Shaping - 4096 16x256 for IP
  • camil

  6
  0
  Votes
  6
  Posts
  3818
  Views

  H

  (ab-)use the voip queue for that. run the shaper and add an IP for the voip queue. after it has finsihed edit the queue and set the traffic limit at upper limit and dump the realtime value. set the priority lower. that's it. then copy these for as many clients as you need. however you have to keep the math in mind or you'll get an alert because of assigning more bandwidth than you have.
• M

  "Hard" limit for the queue
  • m1s1u

  17
  0
  Votes
  17
  Posts
  15354
  Views

  B

  Possibly.  Try it in beta2 –Bill
• R

  Feature request: add own custom port in traffic shapping wizard
  • rexster

  2
  0
  Votes
  2
  Posts
  2401
  Views

  B

  @rexster: in addition to many known ports, it'll be great if we can add our own custom ports for traffic shaping. tia rex Copy an existing rule. –Bill
• M

  Multiple Interface Shaping
  • msamblanet

  14
  0
  Votes
  14
  Posts
  6300
  Views

  B

  @sullrich: Not at this time.  Patches accepted. Patches accepted (although I know exactly what needs to be done, I backed out the code for this back in June due to other issues) - but be warned the shaper is under heavy development, you will want to coordinate any work you do with me. Or again, donations are accepted - at this point a quiet machine with Intel FXPs would be appreciated.  I can no longer do shaper development on my (silent) Soekris as there's an OS level bug that affects the NICs on this machine. –Bill
• R

  Shaping opt1
  • rexster

  19
  0
  Votes
  19
  Posts
  7462
  Views

  R

  cant wait any longer :) so i get the testing snapshot 2-19-06 iso and do clean install. then trying traffic shaping again. still… same error. tnx&rgds, rex
• L

  Traffic Shaping Rules
  • Leoandru

  3
  0
  Votes
  3
  Posts
  2586
  Views

  L

  Here is another thing I observed today.. This rule: pass out on  dc0 from any to 192.168.1.7  keep state tagged unshaped tag qHighDownL            (subset of rules posted earlier) dc0 - LAN interface Does not work for traffic originating from the firewall itself. Squid and ssh traffic to 192.168.1.7 for example would fall into the default queue instead of qHighDownL, so does all traffic to any ip whos traffic originated at the firewall. It only works for traffic comming through WAN. Squid is boud to lo 127.0.0.1 while ssh is bound to the any address *. Is there any reason why this rule don't work for such traffic? I though about it and still can figure out why. EDIT: tried iperf from firewall to lan pc with ip address 192.168.1.7 -> the traffic found its way into the correct queue. however the others stated above still don't get queued properly. Could it have have something to do with the direction in which the connections were establish?
• D

  Shaping between 2 ADSL connections
  • decibel83

  7
  0
  Votes
  7
  Posts
  3077
  Views

  H

  Sure, that's what this forum is meant for  ;D
• M

  How to difference the metropolitan bandwith from de internet bandwith
  • marlboro

  2
  0
  Votes
  2
  Posts
  2003
  Views

  S

  Wow, I don't think you'll be able to do this very easily. That would require a lot of rules…
• M

  Confused by generated rules
  • msamblanet

  4
  0
  Votes
  4
  Posts
  3294
  Views

  B

  @Leoandru: Well Its killing my upload shaping see thread: http://forum.pfsense.org/index.php?topic=630.0 I understand that when the packet is nat'd u no longer know where its from.. But doesn't the filter policy sort that out, I mean once the packet comes in on lan its tagged and the filter policy will take care of the queuing. so the any -> any rule wouldn't be needed. when I get time I gonna manually modify /tmp/rules.debug and test that theory. I really need to get upload shaping working by ip addresses. Actually, you may be on to something, I'll have to think about it a little more.  We might not need the "pass out" rules at all as tags are sticky.  Looks like a case of overthinking.  I'll ponder removing that and if it makes sense (and works) this might see an MFC to 1.0. –Bill
• P

  After I enabled Shaping …
  • psychosematic

  7
  0
  Votes
  7
  Posts
  3889
  Views

  B

  Sorry about that :-/  I'm working on something to make this situation a little better and introduce a little more visibility into bandwidth reservations. –Bill
• E

  No traffic shaping between lan and opt1
  • Emab

  5
  0
  Votes
  5
  Posts
  2926
  Views

  B

  Until all the bugs and issues are resolved in the current code I'm not making any other changes, it's too difficult to troubleshoot.  And no-one has convinced me that the last changes I made have fixed the issues (nor have I been convinced that they haven't). –Bill
• M

  Voip Traffic Shaping on WAN for Asterisk (DMZ)
  • markmcc

  1
  0
  Votes
  1
  Posts
  3459
  Views

  No one has replied

• P

  Devide the speed equaly
  • Plecto

  6
  0
  Votes
  6
  Posts
  3755
  Views

  H

  The one rule has to be set to source any, destination IP of LAN-Client, the other rule has to be source IP of LAN-CLient, destination any. just like the VOIP-Rule is.
• C

  Update to what is working for me.
  • charincol

  2
  0
  Votes
  2
  Posts
  2328
  Views

  S

  One major bug that was just discovered was the shaper no longer subtracted 20% from the upload and download values.  If anyone is having trouble with the shaper please re-run the wizard again and subtract 20% from the upload and download values.
• N

  Traffic shaper doesn't work?
  • neutralman

  2
  0
  Votes
  2
  Posts
  2507
  Views

  S

  Search.  There are atleast 10+ discussions about this.
• R

  Traffic shaping and IPSEC
  • rdonnici

  2
  0
  Votes
  2
  Posts
  2385
  Views

  S

  No, shaping on IPSEC is not supported at this time.
• S

  Traffic limit
  • sid

  5
  0
  Votes
  5
  Posts
  3461
  Views

  S

  Thanx!! ???
• L

  Shaper Questions
  • Leoandru

  3
  0
  Votes
  3
  Posts
  2847
  Views

  L

  @billm: Correct.  NAT occurs before filter policy (which is what classifies traffic).  There are alternatives, but we're not geared up to use them (and using them isn't terribly scalable at this time). –Bill OK.. policy filtering works fine. just wanted to be sure that if NAT was enabled that the packets were translated before (NAT always sees the packet first right?). I wouldnt worry about alternatives to something that aint broken, and its not limiting in any way as far as I can see.
• K

  Traffic Rules … 2 Targets?
  • Koops

  5
  0
  Votes
  5
  Posts
  4226
  Views

  B

  @Leoandru: been doing some reading on altq and came upon this: http://www.benzedrine.cx/ackpri.html Finally, the rules passing the relevant connections (statefully) are extended to specify what queues to assign the matching packets to. The first queue specified in the parentheses is used for all packets by default, while the second (and optional) queue is used for packets with ToS (type of service) 'lowdelay' (for instance interactive ssh sessions) and TCP ACKs without payload. not sure if it has the same binings to the gui in pfSense. but my guess is that its related. We invisibly create the ACK queue.  ALTQ only shapes outbound on an interface, we create rules for BOTH interfaces and that's what the queues relate to.  An inbound (on the internal interface) and an outbound (on the external interface). –Bill
• M

  Shaper wizard
  • mbedyn

  15
  0
  Votes
  15
  Posts
  7293
  Views

  S

  conf.default/config.xml shoulhave some in it
• S

  Vonage
  • simpat1zq

  22
  0
  Votes
  22
  Posts
  11661
  Views

  B

  @sullrich: Bill is working on the issues.  Everyone stay calm. Wait for B2 - I just fixed another old bug and have had some reports of better performance already.  There's more coming, but I'm trying to keep those changes out of 1.0. –Bill
• M

  Errors from Traffic Shaper Wizard
  • msamblanet

  2
  0
  Votes
  2
  Posts
  2600
  Views

  S

  Reinstall from 0.99. This is being manually set in our shaper wizard so this should not be happening.
• R

  Traffic Shaper Wizard broken in 0.97?
  • rneily

  3
  0
  Votes
  3
  Posts
  2560
  Views

  C

  If you are still having problems, make sure your specifying one protocol per rule.  For example, if you are shaping both TCP and UDP traffic for a specific port, use a rule for each protocol.
• E

  Custom Traffic Shaping?
  • ealvar

  2
  0
  Votes
  2
  Posts
  2975
  Views

  S

  By default SSH interactive (keystrokes) get handled by our ACK queues. So if you add a SSH entry you'll end up priortizing bulk copies as well (most likely not what you want). So the jist of it is that it should already work :P Scott
• S

  Shaper Bug
  • sharingzee

  13
  0
  Votes
  13
  Posts
  7370
  Views

  S

  Uh, it wasn't fixed in 0.96.4.
• B

  Traffic shaper VOIP add PRIMUS talkbroadband
  • bruor

  1
  0
  Votes
  1
  Posts
  3024
  Views

  No one has replied

• J

  Traffic shaper conflicting rules
  • Jesse7

  8
  0
  Votes
  8
  Posts
  6243
  Views

  B

  @sullrich: Traffic shaping is voodoo^W an artform. No kidding…it's bad when the person who probably understands our shaping code the most gets it wrong half the time.  ALTQ is a real pain in the &&^% to set up right with the design requirements we put down.  It was certainly easier to punt to ipfw to assign traffic to queues, but in reality, it never worked quite right (and we want to pull ipfw from base). --Bill
• A

  I need help with traffic shaper
  • aleph

  13
  0
  Votes
  13
  Posts
  10659
  Views

  H

  The speed at the interface setting should be the physical linespeed of your interface, NOT the speed something is limiting you to by throtteling bandwidth. The Trafficshaper will create queues that go inside that bandwidthsetting. There's a note at the interface bandwidth option: "The bandwidth setting will define the speed of the interface for traffic shaping. Do not enter your "Internet" bandwidth here, only the physical speed!" Reading helps  ;D
• B

  Shaper and speed issues
  • benoit

  1
  0
  Votes
  1
  Posts
  4088
  Views

  No one has replied

• S

  Port forward to transparent proxy on OPT1
  • sirocco

  1
  0
  Votes
  1
  Posts
  2951
  Views

  No one has replied

• E

  My sharper is not working ok…
  • ebpbs

  2
  0
  Votes
  2
  Posts
  3021
  Views

  S

  @ebpbs: Queues http://www.abnet.republika.pl/Queues.jpg Rules http://www.abnet.republika.pl/Rules.jpg I upload to very hard and my ping is that : http://www.abnet.republika.pl/Ping.jpg What is wrong ? Sometimes I use m0n0wall and this rules is ok. We are still working on the shaper.  Our system is not even remotely close to m0n0wall.
• J

  Speed decline
  • j0sh

  9
  0
  Votes
  9
  Posts
  6814
  Views

  S

  @thinair: I also notice a fairly dramatic drop in throughput when I turn traffic shaping on. When routing between two internal networks (LAN and DMZ) I get around 40-45Mb/s, when traffic shaping is on it's down to 3.5-3.6Mbps.  This is using NetCPS on either endpoint computer.  I have a 4.4Mb/s down and 0.8Mb/s up WAN link, so I just have kept traffic shaping off as well. My hardware is a P3 500MHz Celeron, 128MB RAM, 256MB CF card, one 3com NIC. There is a post in the forums that explains why this is the case.  It was written by Bill not even a few days ago.
• B

  Queues not loading
  • belyache

  6
  0
  Votes
  6
  Posts
  4971
  Views

  H

  pfSense console setup 0)  Logout (SSH only) 1)  Assign Interfaces 2)  Set LAN IP address 3)  Reset webGUI password 4)  Reset to factory defaults 5)  Reboot system 6)  Halt system 7)  Ping host 8)  Shell 9)  PFtop                          <–-------------------------------- I'm talking about this option at the CONSOLE menu, not the webgui. 10)  Traffic Logs Enter an option: You can access it via ssh as well if ssh is enabled at system>advanced in the webgui.
• J

  Some errors.
  • Jesse7

  3
  0
  Votes
  3
  Posts
  5247
  Views

  J

  @hoba: Actually this bug could derive from two for the next version already fixed bugs: 1. "no scheduler specified": earlier versions had support to select different schedulers. that support was dropped. The setting could be found at the advanced settings page. Due to a non complete removal this error could pop up if you save advanced settings AFTER you have run the shaper wizard. This is fixed in CVS 2. "qwanroot has no parent": This could be cause by not having a bandwidth set at your wan interface in the bandwidthfiled at "Interfaces>WAN". Please check that setting and set it to 10 mbit/s if you have a nic running at 10 mbit there or 100 mbit/s if the link is 100. This also is fixed in the new upcoming release and won't be necessary with this new version. So: Check WAN Bandwithfield, then run the shaper and don't save advanced settings after that and you should be fine for now….hopefully  ;D Next version won't need these workarounds. You are right I don't have it set!  I have been meaning to set that option too.  I don't have it set for Lan either so my traffic shaping is probably not working so well. I think I will do a clean install on the next version,  I just hope I can remember all my settings :). Thanks for your help.