Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic Traffic Shaping Base On Connection Intensity

    Traffic Shaping
    2
    3
    562
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lonnie
      last edited by Lonnie

      For the purposes of Traffic Shaping HTTPS traffic, is there any way that I can distinguish between connections based on their intensity (or "degree of sustained usage")? Let me explain what I mean by that.

      Ideally, I'd like all HTTP(S) connections to all start off with a high priority, but if a particular connection begins to sustain high consumption, for a decided period of time, I'd like to kick that connection down to a lower priority queue.

      In other words, if someone is just trying to load a web page, I would like that connection to be in a higher priority queue than someone who is downloading a multi-gigabyte sized file over https (like HugeFile.iso).

      As a matter of fact, this concept, of "moving a connection to a lower priority queue due to a sustained level of consumption", may be my most desired feature for all traffic I'd like to shape (not just HTTPS).

      Some Background

      I've set up priority queuing, on an ADSL connection (that's 2.7 down / 0.5 up). I've customized the wizard a lot, at this point, and it is doing a great job at prioritizing VOIP.

      I have DNS as a 2nd priority, followed by HTTP and HTTPS as 3rd priority. Everything else is set to low priority.

      Some web pages are nice enough to make large downloads happen on another port that's not 80 or 443, and because I have everything else set to a low priority, that prevents large downloads from interfering with the snappiness of web browsing.

      However, if a large download is happening over ports 80, or 443, this traffic is currently in the same priority queue as "interactive web browsing" and therefore makes humans wait longer to load pages.

      So, it would be nice if I could somehow distinguish between web browsing (traffic that is simply downloading html, css, javascript files) and "web traffic that is downloading HugeFile.iso". Since HTTPS is encrypted, maybe I can indirectly make this ditinction based on a connection's intensity over a period of time (and reassign it to a lower priority queue after some arbitrary threshold is reached).

      L F 2 Replies Last reply Reply Quote 0
      • L
        Lonnie @Lonnie
        last edited by Lonnie

        I read this:

        "By default, pfSense software only matches the first packet of a connection, which is the packet that creates an entry in the state table. If a connection starts with a different DSCP value, has no DSCP value in the starting packet, or otherwise changes DSCP values during the connection, the traffic will not be classified as expected."
        source: trafficshaper/dscp.html#caveats

        This probably means that "switching queues during a connection" (based on intensity) also isn't supported.

        1 Reply Last reply Reply Quote 0
        • F
          fa @Lonnie
          last edited by

          I came here looking for this, too. I'd be real interested if there's ever a way to achieve it. It applies to SSH connections too - they can be either interactive (typing) or bulk transfer (scp/sftp). SSH may set the differentiated services header, but it would be easier to deal with a rule based on average throughput (maybe over the last minute).

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.