Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    QoS impact on LAN to WAN bandwidth, hardware requirements?

    Scheduled Pinned Locked Moved
    Traffic Shaping
    3
    5
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lifespeed
      last edited by

      I have long admired pfsense from a distance, but my Draytek 2130 consumer router with hardware NAT was able to keep up with my humble Comcast 50/5 Mb connection for the past 5 years.  I upgraded the modem and service to 250/25, with the consequence being the discovery that (I think) hardware NAT is not usable in the context of QoS in a consumer router.  If I try and set the available bandwidth in QoS anywhere near what is actually available it stutters VoIP.  Other applications often running are FTP and bittorrent.

      So my PFSense question regards WAN to LAN NAT bandwidth with QoS in use.  I would like to get significant margin over my 250/25Mb connection.  1Gb symmetric would be nice for future proof and all, but I suspect I would pay dearly for that.

      Can anybody here point me to a resource regarding the impact QoS has on the hardware required for a given bandwidth?  I have seen a list on this site here, but it says stuff like "home office" and "remote worker" as opposed to actual bandwidth.  Not to mention the impact I assume QoS will have.

      1 Reply Last reply Reply Quote 0
      • N
        Nullity
        last edited by

        pfSense is a 100% software firewall/QoS system. I think ALTQ (the QoS sub-system) introduces about 10-20% CPU overhead.

        Check the "Hardware" sub-forum for some real-world examples of what speeds you can expect. https://forum.pfsense.org/index.php?board=5.0

        Bittorrent will mess up almost everything unless you limit it's download & upload speeds. It's easiest to use the bittorrent client's bandwidth limiting capabilities rather than relying on your router's QoS.

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • L
          lifespeed
          last edited by

          @Nullity:

          pfSense is a 100% software firewall/QoS system. I think ALTQ (the QoS sub-system) introduces about 10-20% CPU overhead.

          Check the "Hardware" sub-forum for some real-world examples of what speeds you can expect. https://forum.pfsense.org/index.php?board=5.0

          Bittorrent will mess up almost everything unless you limit it's download & upload speeds. It's easiest to use the bittorrent client's bandwidth limiting capabilities rather than relying on your router's QoS.

          Although I can and do limit bittorrent bandwidth within the program, I have been successful confining both bittorrent and FTP to a small range of high-numbered ports.  I then set these port ranges as low priority.  It does appear to work, at least with my current router.

          While a VoIP phone call doesn't need much bandwidth, a facetime video call or software download does.  Dynamic allocation of bandwidth is a great thing.

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            HFSC gives you strong control over bandwidth distribution while allowing other classes of flows to use spare capacity. I have a pretty over-powered system of an i5 3ghz quad and Intel i350-T2, and I'm only seeing about 10% cpu usage when running at 2Gb/s(1Gb full-duplex). Even when I used iperf to forcefully push 960kpps 64byte UDP packets, I was only seeing about 7% cpu usage. Seems UDP is much easier to process than TCP, probably because of the state validation.

            The network card is the single most important part. The second is the CPU. You really don't need a high frequency CPU, just one with a decent amount of cache and not something like an Atom that has been aggressively optimized for low power. My next system, whenever that may be, will target 2.5ghz and 8 cores with decent cache.

            1 Reply Last reply Reply Quote 0
            • L
              lifespeed
              last edited by

              @Harvy66:

              HFSC gives you strong control over bandwidth distribution while allowing other classes of flows to use spare capacity. I have a pretty over-powered system of an i5 3ghz quad and Intel i350-T2, and I'm only seeing about 10% cpu usage when running at 2Gb/s(1Gb full-duplex). Even when I used iperf to forcefully push 960kpps 64byte UDP packets, I was only seeing about 7% cpu usage. Seems UDP is much easier to process than TCP, probably because of the state validation.

              The network card is the single most important part. The second is the CPU. You really don't need a high frequency CPU, just one with a decent amount of cache and not something like an Atom that has been aggressively optimized for low power. My next system, whenever that may be, will target 2.5ghz and 8 cores with decent cache.

              Thanks for the info, HFSC sounds like what I need.  I'll have to read up on it, whether traffic is prioritized by DSCP tag (fine for outgoing as I control the tags) or port number and/or IP address (incoming, can't rely on DSCP tags).

              All the sub-kilobuck appliances sold at the pfsense store use flavors of Atom like the SG-2220 or SG-4860.  I'm not sure I need any more ports than WAN and LAN, as I have a Netgear GS716Tv3, which I think can do VLAN for traffic segregation.  If I could figure out how to use it.

              What do you think are reasonable CPUs for QoS-ing the entirety of 250Mb or greater cable connection, if not the Atom appliances?  I do use VPN occasionally, although highest performance here, while nice, is not a huge deal.  So I would want a processor with AES-NI also?  Intel NICs are a given, from what I've read.

              Thanks for the help,

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.