@dennypage There are many ways to approach this but my suggestion does take icmp and other protocols out of the equation. The firewall floating rule ONLY includes tcp and udp. I just installed pfsense the other night and curiously ran into the same issues running ping and traceroute with my windows laptop having the “repeating” issue along with dropped pings. This change resolved my issue and still controls bloat. Cake has this feature aimed towards a 11:1 or higher rate. Finding a way to drop duplicate acks is another avenue worth exploring for extending the ingress bandwidth at the expense of more cpu usage. I started with openwrt and the sqm folks learning much over the years.

@mloiterman DiffServe Code Points? What do u mean? All DNS queries are given the same priority as the TCP ack. Creat a floating rule that would intercept queries on your DNS resolver provider. The way I set up my DNS is somethin like this: AdGuard Home for pfSense Then I use NextDNS for my upstream DNS What optimization have you done on your pfsense? Have you tried playing around with the System Tunables?

@slu The ixl driver doesn’t support ALTQ traffic shaping. You can use Limiters though.

@enesas How are you doing it? It matters whether you have a web server or something like Teams. The web server is an incoming connection; Teams is outgoing. For the latter see if this helps: https://forum.netgate.com/post/1084271

@snitem Limit every vlan (each for 1 appartement) To 60 down and 9 up Set the bloat limiter On your wan with floating rule to the exact up / down you get for your wan connection A fair method for all users They have a 60/9 connection protected by a pfS And you can also tweak the limiters with a time based scheduler But be aware limiters on 2.6 CE Are a bit well as far as I know not working BR NP

@michmoor Normally that faster connection is the primary WAN (its failover, so it only uses the cable until it goes down) but it's still crap because the upload is so low. 50Mbps doesn't go very far when you have multiple machines fighting for it. And then when my cable ISP (annoyingly often) goes out and it fails over to running off Starlink, and in some cases (like my work laptop) I can't control it to separate the backup traffic from "needs to work all the time" traffic because I'm not an admin and they set it up to run everything over VPN that pfsense can't see the content of, so I need to find some alternative way to prioritize per-host.

@abel406 said in Limiter not work: guess that's one of the handycaps of using it for home or lab That's not a thing. I suggest starting a new thread about what isn't working, if it's not limiter related?

@steveits said in Wizard causes bug on VOiP/SIP: There is this bug which is marked as fixed in 22.05 and the upcoming 2.7 I have read it. That seems exactly like this bug. Strangely, I had the VOIP prior to 2.6.0 so this bug was not in 2.5.x and was reintroduced in 2.6.0

Limiter: WAN Down [image: 1671902673259-cfa1be8b-07b8-42e5-bca8-75536c23c63e-image.png] [image: 1671902721795-71d93f82-ec99-4638-b410-1e1a3a3f2ea8-image.png] WAN Down Queue [image: 1671902756540-8207ed47-31c6-4d06-b248-139cf2a2aee8-image.png] WAN Up [image: 1671902779160-6abd8191-66bf-40fa-8140-b7c9f5801489-image.png] [image: 1671902792982-7b94ffcd-b857-48cb-88d8-719a524ef471-image.png] WAN Up Queue [image: 1671902811946-552ee1ae-3ee0-4429-bdff-65130be02653-image.png] Floating Rule: [image: 1671902871373-c1e705c4-ae8c-4a8b-9ac9-1cd89f303655-image.png] [image: 1671902922607-3a563a94-1400-4c29-98de-7779e30632b7-image.png] [image: 1671902953198-f19765d6-71bc-41ec-b5fc-d64b21a0d300-image.png]

@steveits I think I got it. I will try. Thank you very much.

@svaldes Yes. The easiest way is probably to run the wizard and put that server IP in as a VoIP server. Note you can always rerun the wizard, or create your own floating rules, rename rules/queues created, etc.

@racing_shadows Thanks for sharing. I did not find anywhere to set bandwidth for a que, just the interface. Also, I use PRIQ.

Confused about this one thing, with a 290 main queue and a 225 queue for everything else, why do I still get latency? Even if the 225 is saturated, there should be enough bandwidth where the main queue isn’t jammed no? Or another way to put it, shouldn’t the queue only take into effect if the threshold is exceeded? I mean that literally and not literally, I don’t know how it technically works, but I would assume the queue would flow naturally, if I have 10 checkout lanes in a supermarket, and I have 8 people waiting, that shouldn’t cause a jam?