What am I doing wrong?
-
If you're running a 5Mb line, why did you set your queue's bandwidth to 2Mb? You're supposed to set it to 90-95% of the lowest measured bandwidth for the link. If you indicated your need VoIP priority in the wizard, then it should have created qVOIP. I would suggest that you blow it away and try it again. Perhaps you should look into PRIQ instead of HFSC as it's easier to understand and get working.
-
This is a secondary shaper, there is no voip to worry about and I want to limit all traffic to no more than 2mb as that is less than half of the total available.
it looks like this:
[test pc] –-- [PFsense2]–---[Lan] –----[PFsense1]–----[Internet]
The shaper that I posted screenshots for is on PFsense2. The shaper on PFsense1 is the one with the voip rules and all that
-
AH sorry.
A point about HFSC. It doesn't "limit" you, it tries to give you as much as it can based on service guarantees you define. So, even if you say your main queues are 2 Mb, if you don't have any other contention on the line then you're going to get full bandwidth. If you want to limit the amount of bandwidth used up to a maximum, you need a limiter, not a shaper.
-
Whenever someone starts downloading (most obvious during windows updates) that one computer grabs all the bandwidth and everything else is slow as hell.
you're upload looks correct, but your LAN isn't and your download is the issue, so you need to fix your LAN. Rate limit your LAN interface as well. Of course you may want to communicate with PFSense without consume your Internet bandwidth, so create a default queue, place it under qInternet, and create a rule that drops all LAN traffic into qLink. Make sure you have an upper limit set on qInternet.
You do not want qLink to be your default, error on the side of caution. Not to mention it's crazy simple to identify LAN traffic, but a bit more difficult to identify Internet traffic.
-
I hear what you're saying Harvy66, but at this point, I could use some pointers on just exactly how to do what you're suggesting.
-
The simplest way is just to rate limit your LAN interface. Otherwise, like I said, just set the Upper limit on qInternet, there is a field called "upperlimit", set that, and create a default queue under qInternet
Of course the picture is just for reference, it's not 100% correct.
-
It was already set that way
-
But your default queue is qLink, which is not being shaped to anything meaningful.
-
The most helpful tutorial on QoS/traffic-shaping can be found at http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/
The author explains how to control both egress in ingress. He also has real-world experience and "practices what he preaches."
Please read his post multiple times. I have, and I honestly think it is the best tutorial available, assuming you mostly understand the many factors involved.
-
What I do, which may not be what you do, and remains (to my testing) incompatible with transparent squid on the same box…
Avoid wizard. Backup configuration before starting. Traffic shaper screw-ups can be epic and being able to back out and do over is a good plan. I've personally never had a good outcome from the wizard, YMMV.
Traffic shaper, first tab "by interface" Wan (codelq, set nothing, it's codelq, nothing should need to be set) Lan (same.) Enable.
Third tab, Limiter, create LanIn (this is what you think of as "out" to the world) and LanOut (this is what you think of as "in" from the world) set values for the traffic limits you want on the directions. You may tune these later on. These should be (or possibly become at the next step) yellow folder icons.
Leave "mask" set to none here.
With those created and enabled, select LanIn and add queue, which should be a white page icon. Under the the lanin queue I named it LanInQ) , select source addresses. Same with LanOut, create LanOutQ, Destination addresses.
Change firewall rules, LAN, "advanced" "In/Out" to run traffic in LanInQ/LanOutQ.
Lanin (traffic into LAN, out to world is pretty closely controlled (you actually have direct control here) LanOut is a bit less under your direct control, but the setting does have an influence.
This specific setup is to divide the bandwidth among hosts "evenly" (only even if they all want more than they can have) - you can also use other variations to provide pipes of a specific limited BW; I came down on the side of BW is wasted if not used, so if one hog gets it all when nobody else is using it, fine, but I needed to make sure that if 9 or 90 other folks showed up they would get a "fair" share as near as possible, and this mostly does that (far better than just capping everyone's BW, which means the hogs are on there longer hogging and nobody's speed is EVER good.)
The limiter numbers do need to be less than the actual BW, but not by quite as much as you are proposing (90-95% is generally fine) - I look at what my "quality" figures (ping times) are running to adjust my tuning - if the limiter size is too large, the ping times go to heck in a handbasket.
I played around with HFSC for quite a while before arriving here, and here does what I want much better, IME.
