Traffic shaping on three VLANs with HFSC
-
Hi everyone
I want to apply traffic shaping for three different VLANs. Here is my situation.- WAN is a symmetrical 100Mbit fiber connection
- LAN (igb0) is not configured as interface. The VLANs based on igb0 are configured as interfaces.
- VLAN VOIP is for two VOIP phones. This should have the highest priority and 1mbit guaranteed speed.
- VLAN guest is for guests. It should be as fast as possible but only if internal is unused.
- VLAN internal is for internal. It should link share traffic to guest if not in use.
I use the multi all wizard. I enter 1 WAN and 3 LAN. Next page i set everything to HFSC and put in 99mbit as WAN speed. On the next page I enable Prioritize Voice over IP traffic and put in my remote PBX alias.
Here comes my first problem. When I click next I get this error: Upload bandwidth of connection 0 is not valid.
So I put in 99Mbits for WAN and 1Gbit for every VLAN. I get this error: The VoIP upload bandwidth on connection 0 cannot be set higher than 80% of the connection. I can also put in 1Kbit for every VLAN and still get the same error.I run the wizard without the VOIP part to create queues later on manually. Here comes my next problem. Every interface has qHigh qLow qVOIP and so on as its child. But I think i need it one level above. At the moment, the queues inside the interfaces are unaware of the other interfaces, right?! Do I need to create igb0 interface or a bridge to solve this problem? Or is there any other solution?
Another thing I found suspicious is qLink. It creates qLink for two VLANs but not for guest. I used the wizard multiple times and deleted traffic shaper. Unsure if I deleted qLink from guest before and the wizard strangely saved that. In the evening I will delete my browser history and reboot pfSense to check that.
Next thing that confuses me is bandwidth. In some post you can find that link share will override bandwidth. Ok, that is fine by me. Let's assume I have 4 queues all with 25% link share. Every queues will have 25% of the total bandwidth and if Q1-Q3 are empty Q4 will get 100% bandwidth? If that is correct why do I need real time traffic? If Q1-Q4 are getting at least 25% anyway? Or is this algorithm to slow to react so it makes sense to give VOIP a 1Mbit guaranteed bandwidth?
I know these are a lot of questions. Any help would be highly appreciated. I am trying figuring it out for over one day now but I am completely stuck.
-
Rebooted pfSense and cleared cache. Still get errors using the wizard.
For some strange reason the wizard has saved my settings! Higher Priority for FaceTime was checked. -
No ideas? Anyone?
Besides the errors I found kind of a solution for me. I use limiters an let everything from internal and guest run into the limiter.
I found a great tutorial here: https://forum.pfsense.org/index.php?topic=63531.45 Reply #58I think the wizard definitely needs some work ;)
Maybe a milestone for 2.5? -
Personally, I never had any luck with the wizard and just manually setup shaping. It took me less time to figure it out on my own than reading how to use the wizard.
-
Yeah, but even if I try it manually. I still have not figured out how to use it with three different VLANS….
-
You must have come across the fact that pfSense currently cannot enforce priorities / curves across networks. If you have 3 networks, they will all fight for bandwidth as defined per interface.
For your scenario, I would recommend allocating 1mbps to your voip network, then splitting 80% of the remainder of your upload between your other two networks. From there, you can enforce priorities within each network.
-
You must have come across the fact that pfSense currently cannot enforce priorities / curves across networks. If you have 3 networks, they will all fight for bandwidth as defined per interface.
For your scenario, I would recommend allocating 1mbps to your voip network, then splitting 80% of the remainder of your upload between your other two networks. From there, you can enforce priorities within each network.
Thank you for your Input. I went with this solution: 1mbit for network and the two other networks run both in the limiter with fair sharing between each device.
Advantage: Networks can be fully utilized, reason why I did not use your solution.
Disadvantage: Networks have same priority, your solution would kinda cover that.Some important applications don't go through the limiter. I am pretty happy with the solution now.
Is there a technical reason why pfSense cannot enforce priorities across networks? Or will that maybe be added in the future?
-
Shaping is per interface and ALTQ only shapes egress. Sharing state across interfaces would be a nightmare from a performance and implementation complexity standpoint.
That being said, you have use limiters to shape ingress on the WAN and "share" bandwidth that way.
-
Using VLANs you can indeed share bandwidth across interfaces due to "bug / feature" in the implementation.
It's best to use two physical interfaces at least, one for your LANs and another for your WANs. To share bandwidth among your LANs, set up your main LAN as untagged on the port, and the others as tagged on the same port (sorry trunking purists).
The shaper will now see all LAN traffic on the physical interface and is able to shape properly all your download traffic
-
That is a scary setup, but I guess if it "works".