Traffic Shaping is just not working. What am I missing?
-
I've trying to implement some traffic shaping with my pfsense 2.3.2-RELEASE. But after the configuration wizard and the reset of the firewall states, there is no change in the traffic flow at all. So I think, I'm missing something.
My desired behavior is (in a nutshell)
-
HTTP -> Lower priority
-
ICMP -> Higher priority
-
SSH -> Higher priority
Here's my setup
WAN = ADSL via PPPoe (512 Kbit/s upload / 6144 Kbit/s download)
LAN = My internal gigabit network
Here's my configuration
I'm using the Multiple Lan/Wan (traffic_shaper_wizard_multi_all.xml) wizard and PRIQ as scheduler.
485 Kbit/s upload / 6144 Kbit/s download
PRIQ as scheduler
Firewall rules
Everything seems fine.
Results
I start a ping and everything is fine. 45ms is the result in this case. I start a http download with 300 KB/s and the icmp response raises up to 800ms. So I think there is something wrong with my setup because the rules are not helping at all.
I've watched multiple youtube videos and read multiple blog posts/tutorials about traffic shaping with pfsense but it's just not working (here). What can I do/check/change? I would appreciate any help or hint.
-
-
With your floating rules, which interface is selected? WAN? All?
Btw you can directly embed images in your posts here without having to link to Imgur. Expand Attachments and other options to see more.
-
I've trying to implement some traffic shaping with my pfsense 2.3.2-RELEASE. But after the configuration wizard and the reset of the firewall states, there is no change in the traffic flow at all. So I think, I'm missing something.
My desired behavior is (in a nutshell)
-
HTTP -> Lower priority
-
ICMP -> Higher priority
-
SSH -> Higher priority
Here's my setup
WAN = ADSL via PPPoe (512 Kbit/s upload / 6144 Kbit/s download)
LAN = My internal gigabit network
Here's my configuration
I'm using the Multiple Lan/Wan (traffic_shaper_wizard_multi_all.xml) wizard and PRIQ as scheduler.
485 Kbit/s upload / 6144 Kbit/s download
PRIQ as scheduler
Firewall rules
Everything seems fine.
Results
I start a ping and everything is fine. 45ms is the result in this case. I start a http download with 300 KB/s and the icmp response raises up to 800ms. So I think there is something wrong with my setup because the rules are not helping at all.
I've watched multiple youtube videos and read multiple blog posts/tutorials about traffic shaping with pfsense but it's just not working (here). What can I do/check/change? I would appreciate any help or hint.
You likely need to lower your configured traffic-shaping download bitrate by ~5%.
For a better understanding of the differences between download & upload QoS, read: http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/
One hint is that you cannot prioritize download traffic. The traffic has already arrived.
-
-
@KOM:
With your floating rules, which interface is selected? WAN? All?
The interface for all rules is WAN. I havn't changed them after the wizard was done.
@KOM:
Btw you can directly embed images in your posts here without having to link to Imgur. Expand Attachments and other options to see more.
I was not sure what should be the name of the image between the tags. But thanks for the tip.
-
I was not sure what should be the name of the image between the tags.
Don't use the Insert Image button. That allows you to supply an URL that will link to an image file. Instead, click +Attachments and other options, then click Choose File and select your image. Add as many as you want. The advantage is that embedded images will have a thumbnail whereas linked images will not.
-
You likely need to lower your configured traffic-shaping download bitrate by ~5%.
Thanks for the tip. I've missed and fixed that.
You likely need to lower your configured traffic-shaping download bitrate by ~5%.For a better understanding of the differences between download & upload QoS, read: http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/
One hint is that you cannot prioritize download traffic. The traffic has already arrived.
Thanks for the tutorial / manual. The tutorial itself but keeps talking about limiting the download speed. I quote:
And the QOS system attempts to influence your incoming data stream indirectly by changing the data that you SEND in much the same way that you can control incoming mail simply by reducing your demand for it.
So I think pfsense can limit the download speed. So my original questions remains. What I'm doing wrong?
-
300KiB/s is only 1/2 of your 6144Kb/s. You shouldn't be seeing high pings at all since you're connection is not near saturation, unless the packets are coming is massive bursts. Are you sure you actually have that much bandwidth?
-
The tutorial itself but keeps talking about limiting the download speed.
You limit the download speed by carefully controlling the sending of packets out of your WAN. Considering that a packet sent to you is in response to a request from your end, you essentially shape downloads by managing which packets are sent out and when.
-
300KiB/s is only 1/2 of your 6144Kb/s. You
shouldshouldn't be seeing high pings at all since you're connection is not near saturation, unless the packets are coming is massive bursts. Are you sure you actually have that much bandwidth?Yeah, that's definitely a concern.
-
You likely need to lower your configured traffic-shaping download bitrate by ~5%.
Thanks for the tip. I've missed and fixed that.
You likely need to lower your configured traffic-shaping download bitrate by ~5%.For a better understanding of the differences between download & upload QoS, read: http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/
One hint is that you cannot prioritize download traffic. The traffic has already arrived.
Thanks for the tutorial / manual. The tutorial itself but keeps talking about limiting the download speed. I quote:
And the QOS system attempts to influence your incoming data stream indirectly by changing the data that you SEND in much the same way that you can control incoming mail simply by reducing your demand for it.
So I think pfsense can limit the download speed. So my original questions remains. What I'm doing wrong?
Part of the probem with using PRIQ on download is that you can only rate-limit all aggregated bandwidth, not individual traffic types.
With something like CBQ, HFSC, or (maybe) FAIRQ is that you could rate-limit a certain traffic type like P2P, FTP, or email to ~80% which will leave the rest of the link open to other traffic.
You need to rate-limit downloads to 99% to 50% of your lowest maximum download speed. That tutorial I posted explains it in much greater detail. pfSense MUST be the bandwidth bottleneck for functional QoS. This is a fundamental requirement of traffic-shaping.
-
Thanks for everybody. Don't be mad at me, but I just have to restart my router and everything was fine.
Thanks for pushing me in the right direction that my download speed was bad. I've tested around a little bit and after the restart everything was fine. And the tutorial was a great read.
-
Thanks for everybody. Don't be mad at me, but I just have to restart my router and everything was fine.
Thanks for pushing me in the right direction that my download speed was bad. I've tested around a little bit and after the restart everything was fine. And the tutorial was a great read.
lol… only a little mad. ;)
The restart likely worked because it reset the states, which you can do without restarting by going to Diagnostics -> States in the pfSense GUI.
-
The restart likely worked because it reset the states, which you can do without restarting by going to Diagnostics -> States in the pfSense GUI.
That was incorrect of me. I've just restarted the modem and everything was fine. During the configuration I've resetted the states several times on the pfsense machine.
