Need some help understanding how to traffic shape inbound
-
You have to remember that when a state is created, it has an in and out interface. If you have, say, qGames on WAN and qGames on LAN and you create a floating rule on WAN out that matches the traffic to the game server and puts it on qGames, the returning traffic related to the same state will be automatically placed in qGames on LAN.
Queues are selected when the initial state is created.
This was the most difficult concept for me to grasp when I started with the pfSense shaper. Once understood it becomes pretty easy to make the shaper to what you want.
I dont think i fully understand? when i view the rules created by the wizard i only see outbound rules. Are you saying this automaticlly creates inbound rules? Sorry i am new to traffic shaping so i really dont understand any of it. how would you recommend i set up the rules? is it something i can do with the Wizard or will i have to do it manually?
-
When a state is created outbound when the connection is established, the queue for return traffic of the same name (ie qGames) will automatically be used on the appropriate interface (ie LAN).
-
So far i cant get this to work, i can see the p2p traffic under the p2p category i can see Leagues use under games and the games does have highest priority and yet the game still hits 140+ping and does not appear to actually being given priority. I did figure out how to use hfsc and just set % of bandwidth but this is not what i want. I dont want to have to set out %'s and just have bandwidth go unused otherwise. Surely there is a way to setup things so that everything has the potential to use the full bandwidth but certain things get priority?
You don't have to worry about that. The percentages (bandwidth and link share) only come into play when the shaper has to make a decision about what to forward first when outbound on the interface is congested.
Think about it this way (which is overly-simplified.) If you have two queues, qPriority (linkshare 80%) and qBulk (link share 20%). If all of the traffic is in qBulk, it can use 100% of the bandwidth. If all traffic is in qPriority, it can use 100% of the bandwidth. If there is traffic in both qPriority and qBulk and there is congestion outbound on the interface, the shaper will send 4 packets of qPriority for every 1 of qBulk. if the queue on qBulk fills up, subsequent qBulk traffic will be dropped.
-
So far i cant get this to work, i can see the p2p traffic under the p2p category i can see Leagues use under games and the games does have highest priority and yet the game still hits 140+ping and does not appear to actually being given priority. I did figure out how to use hfsc and just set % of bandwidth but this is not what i want. I dont want to have to set out %'s and just have bandwidth go unused otherwise. Surely there is a way to setup things so that everything has the potential to use the full bandwidth but certain things get priority?
You don't have to worry about that. The percentages (bandwidth and link share) only come into play when the shaper has to make a decision about what to forward first when outbound on the interface is congested.
Think about it this way (which is overly-simplified.) If you have two queues, qPriority (linkshare 80%) and qBulk (link share 20%). If all of the traffic is in qBulk, it can use 100% of the bandwidth. If all traffic is in qPriority, it can use 100% of the bandwidth. If there is traffic in both qPriority and qBulk and there is congestion outbound on the interface, the shaper will send 4 packets of qPriority for every 1 of qBulk. if the queue on qBulk fills up, subsequent qBulk traffic will be dropped.
Alright, how would you recommend i set up the traffic shaping to make this work how i want? so far while i can get it setup with the wizard like i said if i start downloading a torrent to test it the game ping shoots form 12ms to 140+ so something i did was wrong as it does not appear to be giving the game priority. I did have the ports right and the games traffic was showing up under games in the queue status but it was not getting its packets out first.
-
I'd put the game queue at, say, bandwidth and link share 60% and the torrents at like 5%. If it's really important I'd also set a realtime value on the game queue at, say 10%. Note also that if you want pings to reflect what's really going on you need to put them (icmp) in the game queue.
Then test and see how it does.
-
I'd put the game queue at, say, bandwidth and link share 60% and the torrents at like 5%. If it's really important I'd also set a realtime value on the game queue at, say 10%. Note also that if you want pings to reflect what's really going on you need to put them (icmp) in the game queue.
Then test and see how it does.
wouldnt this just mean that the torrents can only ever use 5%? or am i not understanding that correctly? I would like the torrents to be able to use all of the bandwidth when nothing is going on. is that what that does or is that limiting it to always be 5%?
-
No. It means that they get 5% of the backlogged queue, which is only an issue when there's congestion.
There is no way to give something else priority without dropping bittorrent traffic. That's the name of the game.
Something has to get dropped to make room for the traffic you set as priority.
-
No. It means that they get 5% of the backlogged queue, which is only an issue when there's congestion.
There is no way to give something else priority without dropping bittorrent traffic. That's the name of the game.
Something has to get dropped to make room for the traffic you set as priority.
alright so like this?
http://imgur.com/vSCvFdj
-
No. Upperlimit is a hard-set 5%. That tells the shaper to drop traffic in excess of 5% of the parent queue. Get rid of it unless that's what you want.
-
No. Upperlimit is a hard-set 5%. That tells the shaper to drop traffic in excess of 5% of the parent queue. Get rid of it unless that's what you want.
ohh ok so bandwidth at 5% or blank? and then upper limit just turned off? Sorry that i am being so slow with this but thanks a lot for all the help. Also would you recommend Codel Active Queue? i dont fully get what it is but it makes it sound like a good thing from the wiki it brings me too.
-
Set bandwidth and link share (m2) to the same value.
-
I leave codel unchecked.
-
You might want to go to Diagnostice->Edit File, enter /tmp/rules.debug, then hit Load. Look for the section that looks like this:
altq on em2 hfsc queue { qLink, qInternet } queue qLink on em2 bandwidth 25% hfsc ( default , linkshare 25% ) queue qInternet on em2 bandwidth 10Mb hfsc ( linkshare 10Mb , upperlimit 10Mb ) { qDNS, qACK, qVPN, qBulk, qOpenWireless, qLowPrio } queue qDNS on em2 bandwidth 5% hfsc ( realtime 5% , linkshare 5% ) queue qACK on em2 bandwidth 10% hfsc ( linkshare 10% ) queue qVPN on em2 bandwidth 10% hfsc ( realtime 5% , linkshare 10% ) queue qBulk on em2 bandwidth 50% hfsc ( linkshare 50% ) queue qOpenWireless on em2 bandwidth 2Mb hfsc ( linkshare (2Mb, 5000, 1Mb) , upperlimit (2Mb, 5000, 1Mb) ) queue qLowPrio on em2 bandwidth 5% hfsc ( linkshare 5% ) altq on em0_vlan223 hfsc queue { qLink, qInternet } queue qLink on em0_vlan223 bandwidth 25% hfsc ( default , linkshare 25% ) queue qInternet on em0_vlan223 bandwidth 100Mb hfsc ( linkshare 100Mb , upperlimit 100Mb ) { qDNS, qACK, qVPN, qBulk, qLowPrio } queue qDNS on em0_vlan223 bandwidth 5% hfsc ( realtime 5% , linkshare 5% ) queue qACK on em0_vlan223 bandwidth 10% hfsc ( linkshare 10% ) queue qVPN on em0_vlan223 bandwidth 10% hfsc ( realtime 5% , linkshare 10% ) queue qBulk on em0_vlan223 bandwidth 50% hfsc ( linkshare 50% ) queue qLowPrio on em0_vlan223 bandwidth 10% hfsc ( linkshare 10% ) altq on em0_vlan1004 hfsc queue { qLink, qInternet } queue qLink on em0_vlan1004 bandwidth 20% hfsc ( default , linkshare 20% ) queue qInternet on em0_vlan1004 bandwidth 10Mb hfsc ( linkshare 10Mb , upperlimit (10Mb, 2000, 2Mb) ) { qOpenWireless } queue qOpenWireless on em0_vlan1004 bandwidth 50% hfsc ( linkshare 50% )And post it, along with the characteristics of your internet service (that example is for a 100/10 cable connection.)
-
Set bandwidth and link share (m2) to the same value.
Thanks so much i now have it working and everything behaves as expected. My torrents can take up the speed when nothing is going on but as soon as i start playing games they get dialed back enough that my games ping remains unaffected.
-
Oh yeah sure here is that file.
set limit tables 3000 set optimization normal set timeout { adaptive.start 0, adaptive.end 0 } set limit states 100000 set limit src-nodes 100000 #System aliases loopback = "{ lo0 }" WAN = "{ bfe0 }" LAN = "{ xl0 }" IPV6TUN = "{ gif0 }" #SSH Lockout Table table <sshlockout>persist table <webconfiguratorlockout>persist #Snort tables table <snort2c>table <virusprot>table <bogons>persist file "/etc/bogons" table <bogonsv6>persist file "/etc/bogonsv6" table <negate_networks># User Aliases # Gateways GWIPV6TUN_TUNNELV6 = " route-to ( gif0 2001:470:a:45d::1 ) " GWWAN_DHCP = " route-to ( bfe0 ) " set loginterface xl0 set skip on pfsync0 scrub on $WAN all fragment reassemble scrub on $LAN all fragment reassemble scrub on $IPV6TUN all fragment reassemble altq on bfe0 priq bandwidth 25Mb queue { qACK, qOthersDefault, qP2P, qGames, qOthersHigh, qOthersLow } queue qACK on bfe0 priority 6 priq ( ecn ) queue qOthersDefault on bfe0 priority 3 priq ( ecn ) queue qP2P on bfe0 priority 1 priq ( ecn , default ) queue qGames on bfe0 priority 5 priq ( ecn ) queue qOthersHigh on bfe0 priority 4 priq ( ecn ) queue qOthersLow on bfe0 priority 2 priq ( ecn ) altq on xl0 hfsc queue { qInternet } queue qInternet on xl0 bandwidth 25Mb hfsc ( ecn , linkshare 25Mb , upperlimit 25Mb ) { qACK, qP2P, qGames, qOthersHigh, qOthersLow } queue qACK on xl0 bandwidth 19% hfsc ( ecn , linkshare 19% ) queue qP2P on xl0 bandwidth 98% hfsc ( ecn , default , linkshare 5% ) queue qGames on xl0 bandwidth 98% hfsc ( ecn , realtime 9% , linkshare 15% ) queue qOthersHigh on xl0 bandwidth 25% hfsc ( ecn , linkshare 15% ) queue qOthersLow on xl0 bandwidth 4.75% hfsc ( ecn , linkshare 4.75% ) no nat proto carp no rdr proto carp nat-anchor "natearly/*" nat-anchor "natrules/*"</negate_networks></bogonsv6></bogons></virusprot></snort2c></webconfiguratorlockout></sshlockout>As i said my internet is a 25/25 Fiber to the house connection. I messed with the settings a bit, i tried seeing what would happen if i set p2p and games bandwidth to 98% and then set the backlog and such and it seems to be working. Either can take up most of the link if it wants but when they both want the link games wins.
-
Set bandwidth and link share (m2) to the same value.
Thanks so much i now have it working and everything behaves as expected. My torrents can take up the speed when nothing is going on but as soon as i start playing games they get dialed back enough that my games ping remains unaffected.
Awesome.
