FLAWLESS VoIP w/ Saturated Download - No Wasted Bandwidth!!

eri--

Anybody tried this?!

chpalmer

Im watching this thread with great interest. If I get time Ill try it when I get home.

Im a voip system tester so have a few lines coming in here.

hidden772

@eri--:

qlanRoot: linkshare 1024Kb/s (this is parameter m2 no bandwidth set, if you can set m1 = 0 and d to your link latency might help).
qwanRoot: linkshare 800Kb/s (this is parameter m2 no bandwidth setif you can set m1 =0 and d to your link latency might help).
qVoIP{up, down}: linkshare( m1 = 1.3Kb, d = 5, m2 = 120Kb ) realtime(  m1 = 1.3Kb, d = 5, m2 = 120Kb )
qACK{up, down}: linkshare(m1=500b, d = 100, m2 = 25%)  'it is b == bits/s
on the other queues do whatever you want just don't set realtime paramter.

Can you please test this, i am very interested in your results and this might save you 100$ :).

Sorry, I've been busy for the last few days.  I'll try and get to this sometime today.  I'll post back with the results.  Thanks!

hidden772

@eri--:

qlanRoot: linkshare 1024Kb/s (this is parameter m2 no bandwidth set, if you can set m1 = 0 and d to your link latency might help).
qwanRoot: linkshare 800Kb/s (this is parameter m2 no bandwidth setif you can set m1 =0 and d to your link latency might help).
qVoIP{up, down}: linkshare( m1 = 1.3Kb, d = 5, m2 = 120Kb ) realtime(  m1 = 1.3Kb, d = 5, m2 = 120Kb )
qACK{up, down}: linkshare(m1=500b, d = 100, m2 = 25%)  'it is b == bits/s
on the other queues do whatever you want just don't set realtime paramter.

qlanRoot/qwanRoot results
First off, if I set Bandwidth = (blank) and Linkshare = 1024Kb/800Kb, filter errors occur:

There were error(s) loading the rules: /tmp/rules.debug:13: syntax error/tmp/rules.debug:16: queue qwanRoot has no parent /tmp/rules.debug:16: errors in queue definition /tmp/rules.debug:18: queue qwandef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:20: queue qwanacks has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:22: queue qVOIPUp has no parent /tmp/rules.debug:22: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [13]: altq on xl0 hfsc bandwidth queue { qwanRoot }…

If I set Bandwidth = 0 and LInkshare = 1024Kb/800Kb, then I lock myself completely out of the pfSense box.  I had to un-rack it, reset to factory defaults, and re-run through the configuration wizard.  ???

qVOIPUp/Down results
Realtime m1 = 2Kb, D = 5, and m2 = 120Kb I get the following error:

There were error(s) loading the rules: pfctl: m1 must be zero for convex curve: qVOIPUp/tmp/rules.debug:23: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ m1 must be zero for convex curve]: …

If I remove realtime m1 and d, and leave 120Kb for m2 then the filter loads properly.

If realtime m1 = 0Kb, d=50, and m2 = 1024Kb then I receive the following error:

There were error(s) loading the rules: pfctl: linkshare sc exceeds parent's sc/tmp/rules.debug:19: errors in queue definition pfctl: linkshare sc exceeds parent's sc /tmp/rules.debug:21: errors in queue definition pfctl: linkshare sc exceeds parent's sc /tmp/rules.debug:23: errors in queue definition pfctl: linkshare sc exceeds parent's sc /tmp/rules.debug:25: errors in queue definition pfctl: linkshare sc exceeds parent's sc /tmp/rules.debug:27: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ linkshare sc exceeds parent's sc /tmp/rules.debug]: …

Next, if Realtime m2 = 120Kb, and Linkshare m1 = 2Kb, d=5, m2=120Kb then:

There were error(s) loading the rules: pfctl: m1 must be zero for convex curve: qVOIPUp/tmp/rules.debug:23: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ m1 must be zero for convex curve]: …

qwan/lan acks results
If I use Linkshare m1=2Kb, d=5, m2=120Kb I receive:

There were error(s) loading the rules: pfctl: m1 must be zero for convex curve: qwanacks/tmp/rules.debug:20: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ m1 must be zero for convex curve]: …

If I use Realtime m1=2Kb, d=5, m2=120Kb I receive:

There were error(s) loading the rules: pfctl: m1 must be zero for convex curve: qwanacks/tmp/rules.debug:20: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ m1 must be zero for convex curve]: …

It looks like Realtime can only have m2 value, nothing for m1/d

Further, if I use a combination of Realtime m2=120Kb, and then Linkshare m1=2Kb, d=5, m2=120Kb I receive this error:

There were error(s) loading the rules: pfctl: m1 must be zero for convex curve: qwanacks/tmp/rules.debug:20: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ m1 must be zero for convex curve]: …

By the way, 1.2Kb is not allowed, nor are "bits" an option in the GUI (thus, the reason why I used 2Kb instead).

The snort option (http://www.xmission.com/~hidden/aatqos/) looks a lot easier than this so far.  ;D

It goes without saying that due to all these errors, I am unable to "test" anything.  Any other ideas?  Thanks again for all your help.

eri--

Those are all pfctl problems i will post a link to a pfctl which doesn't have these problems so you can test it again, if you want to do that.

From my testing this configuration is the way to go but seems PF guys have misunderstood some things about HFSC.

Btw, thanks for your help on this. I just want to test it as much as possible so on 1.3 you just need the wizard and get done.

qlanRoot/qwanRoot results
First off, if I set Bandwidth = (blank) and Linkshare = 1024Kb/800Kb, filter errors occur:

There were error(s) loading the rules: /tmp/rules.debug:13: syntax error/tmp/rules.debug:16: queue qwanRoot has no parent /tmp/rules.debug:16: errors in queue definition /tmp/rules.debug:18: queue qwandef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:20: queue qwanacks has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:22: queue qVOIPUp has no parent /tmp/rules.debug:22: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [13]: altq on xl0 hfsc bandwidth queue { qwanRoot }…

If I set Bandwidth = 0 and LInkshare = 1024Kb/800Kb, then I lock myself completely out of the pfSense box.  I had to un-rack it, reset to factory defaults, and re-run through the configuration wizard.  Huh

this might be a shaper rule generation error.

hidden772

@eri--:

Those are all pfctl problems i will post a link to a pfctl which doesn't have these problems so you can test it again, if you want to do that.
Btw, thanks for your help on this. I just want to test it as much as possible so on 1.3 you just need the wizard and get done.

Glad to help.  I'll be able to do some testing today & Wednesday, and then won't be able to test again until Feb 5.  I'll watch for the link to a pfctl.  Thanks.

eri--

Grab  pfctl command, from here that allows you to set m1 smaller than m2. So you can try my posted config.
For the q{Lan, Wan}root use what didn't gave you errors.

The procedure is simple:
1- on your pfSense machine login with ssh
2- select option 8
3- copy /sbin/pfctl to /sbin/pfctl_old
4- scp the attached pfctl to /sbin
5- retry the previous suggested config and report.

Thanks.

jakep

I tried so many different ways with the original pfctl - no dice.  the calls were consistently bad when i saturated the pipe.  as soon as i replaced pfctl with the above version, everything worked great!  No more call quality issues!  I just made the change today.  I'll be back with more details of my settings once i've confirmed it works for a few days. i have 5 phones behind pfsense connected to a public Asterisk server on the other side of the US (DC to LA).  My connection is a T1 over the Internet (not a private line).

raruler

The afforementioned pfctl is no longer there, does someone have a copy to share?

eri--

Be patient soon a alpha version will be released that has this fix.
If you feel like an alpha tester, i suppose you are since are willing to copy extraneous binaries to your firewall, than be ready for it.

raruler

@ermal:

Be patient soon a alpha version will be released that has this fix.
If you feel like an alpha tester, i suppose you are since are willing to copy extraneous binaries to your firewall, than be ready for it.

Thanks!

jakep

Just got a report back from the users that it is not perfect, but a lot better!  These problems may not be relating to shaping though.  I'm thinking my PSTN gateway provider may not be perfect.