QoS on pfSense 2.3.2 64 bit



  • Hi

    I have a computer running a pfSense 2.3.2 64 bit which acts as a hardware firewall to a LAN, and also manages the ADSL connection via a router in PPPoA mode.

    I'm looking for a guide to pfSense 2.3.2 64 bit about the QoS configuration.

    In particular, I should give my two Smart TV the occupation priorities of the LAN and ADSL bandwidth. So how am I supposed to do this?

    Thanks

    Bye



  • I've found the following quite useful:
    https://doc.pfsense.org/index.php/Traffic_Shaping_Guide
    https://forum.pfsense.org/index.php?topic=79589.30

    The first link is general stuff, but the second gets into more specifics.



  • @Antithesis:

    I've found the following quite useful:
    https://doc.pfsense.org/index.php/Traffic_Shaping_Guide
    https://forum.pfsense.org/index.php?topic=79589.30

    The first link is general stuff, but the second gets into more specifics.

    I read the guides but I can not understand how to give priority to packets and always dedicate a certain amount of LAN/WAN bandwidth only when these Smart TV (with fixed IP) go on the Internet.

    Someone might do some practical example?

    Thanks

    Bye



  • Simplest would be a PRIQ shaper that always gives priority to your SmartTV.  Very easy to set up, no worrying about HFSC.  You use floating rules to MATCH the traffic into a shaper queue.

    For an example, clear any previous shaper config you have and then run the shaper wizard.  Set it to PRIQ, pretend you have VoIP (give it a dummy IP for SIP server), and make web browsing high priority.  Once the wizard is done, look at your queues and how they[re configured, and look at the floating firewall rules to see how traffic is managed into the queues.



  • @KOM:

    Simplest would be a PRIQ shaper that always gives priority to your SmartTV.  Very easy to set up, no worrying about HFSC.  You use floating rules to MATCH the traffic into a shaper queue.

    For an example, clear any previous shaper config you have and then run the shaper wizard.  Set it to PRIQ, pretend you have VoIP (give it a dummy IP for SIP server), and make web browsing high priority.  Once the wizard is done, look at your queues and how they[re configured, and look at the floating firewall rules to see how traffic is managed into the queues.
    [/quote]

    In practice, to ensure 4Gb/s of bandwidth to the Smart TVs, should I click on Firewall –-> Traffic Shaper ---> By Interface ---> WAN and set the Scheduler Type field on PRIQ and the Bandwidth field on the theoretical maximum download speed. If this is right, what values should I put in the Queue Limit and TBR Size fields?

    Later, I would click on Firewall ---> NAT ---> Port Forward and create the Smart TVs rule.

    Now, how do I ensure 4Gb/s to the Smart TVs only when they use Internet?

    Thanks

    Bye



  • If this is right, what values should I put in the Queue Limit and TBR Size fields?

    Leave them at default (blank) unless you need to change them.

    Now, how do I ensure 4Gb/s to the Smart TVs only when they use Internet?

    PRIQ works on a simple priority queue (hence the name).  Packets at a higher priority will ALWAYS get preference over a lower priority.  If you set your TV's IP address to the highest priority then it will always get the bandwidth it needs, even to the point of potentially starving other queues.  If you must be able to guarantee some service minimums for the other queues then yo will need to look into HFSC which is much more complicated.

    Later, I would click on Firewall –-> NAT ---> Port Forward and create the Smart TVs rule.

    What?  No.  You would go to Firewall - Rules - Floating and create a floating rule that MATCHes your SmartTV's IP address into the queue you want it to be in.



  • @KOM:

    If this is right, what values should I put in the Queue Limit and TBR Size fields?

    Leave them at default (blank) unless you need to change them.

    Now, how do I ensure 4Gb/s to the Smart TVs only when they use Internet?

    PRIQ works on a simple priority queue (hence the name).  Packets at a higher priority will ALWAYS get preference over a lower priority.  If you set your TV's IP address to the highest priority then it will always get the bandwidth it needs, even to the point of potentially starving other queues.  If you must be able to guarantee some service minimums for the other queues then yo will need to look into HFSC which is much more complicated.

    Later, I would click on Firewall –-> NAT ---> Port Forward and create the Smart TVs rule.

    What?  No.  You would go to Firewall - Rules - Floating and create a floating rule that MATCHes your SmartTV's IP address into the queue you want it to be in.

    I made this rule:

    It is right?

    Thanks

    Bye



  • It is right?

    Not even close.  Protocol should be IP4*Source should be *.  For Queue, you have nothing.  Is this a MATCH rule or a PASS rule?  Basically, you want all traffic of any type from anywhere that's destined for your TV to go into the highest queue, with all other traffic below that.  Please do what I suggested and try the wizard with some test values, and then see how the floating rules are created and how they work.



  • @KOM:

    It is right?

    Not even close.  Protocol should be IP4*Source should be *.  For Queue, you have nothing.  Is this a MATCH rule or a PASS rule?  Basically, you want all traffic of any type from anywhere that's destined for your TV to go into the highest queue, with all other traffic below that.  Please do what I suggested and try the wizard with some test values, and then see how the floating rules are created and how they work.

    Now, is correct this MATCH rule?

    How should I do to test it?

    Thanks

    Bye



  • No its not correct.  You have to have a value under Queue.    You need to create Queues then you match traffic to the queue by the floating rules.

    For UDP traffic you do not assign the ACK queue .  For TCP and TCP/UDP traffic you will assign an ACK queue.

    PASS rule do not need a queue and do not allow you shape unless you are using a limiter.

    KOM clearly gave you instructions on how to do this in previous posts.  if you run the Traffic Shaper wizard and answer the questions ,fill in values , it will create queues for you.



  • @sideout:

    No its not correct.  You have to have a value under Queue.    You need to create Queues then you match traffic to the queue by the floating rules.

    For UDP traffic you do not assign the ACK queue .  For TCP and TCP/UDP traffic you will assign an ACK queue.

    PASS rule do not need a queue and do not allow you shape unless you are using a limiter.

    KOM clearly gave you instructions on how to do this in previous posts.  if you run the Traffic Shaper wizard and answer the questions ,fill in values , it will create queues for you.

    I run the Dedicated Links wizard to configure the Traffic Shaper and I left all options with the default values. This wizard has created these rules:

    Now, what should I do?

    Thanks

    Bye



  • Now, what should I do?

    Delete it all and run the correct wizard, the Multiple LAN/WAN wizard.



  • @KOM:

    Now, what should I do?

    Delete it all and run the correct wizard, the Multiple LAN/WAN wizard.

    I run the Multiple Lan/Wan wizard to configure the Traffic Shaper and I left all options with the default values. This wizard has created these rules:

    Now, what should I do?

    Thanks

    Bye



  • Now, what should I do?

    What you should do now is examine the rules and the queues to wrap your brain around how it all works.  Then you can create your own rules that do what you want.



  • @KOM:

    Now, what should I do?

    What you should do now is examine the rules and the queues to wrap your brain around how it all works.  Then you can create your own rules that do what you want.

    So, what did I do wrong?

    Thanks

    Bye



  • So, what did I do wrong?

    Everything.  You just don't seem to understand.  The wizard has already defined your queues.  Now you just need floating rules to manage your traffic.  Anything going to the TV gets top priority.  Anything coming from the TV gets top priority.  Here is what you want:

    Protocol Source Port Destination Port Gateway Queue
    IPv4 *    *   *      SmartTVs *      *   qACK/qOthersHigh
    IPv4 *    SmartTVs    *      *     *   *   qACK/qOthersHigh



  • @KOM:

    So, what did I do wrong?

    Everything.  You just don't seem to understand.  The wizard has already defined your queues.  Now you just need floating rules to manage your traffic.  Anything going to the TV gets top priority.  Anything coming from the TV gets top priority.  Here is what you want:

    Protocol Source Port Destination Port Gateway Queue
    IPv4 *    *   *      SmartTVs *      *   qACK/qOthersHigh
    IPv4 *    SmartTVs    *      *     *   *   qACK/qOthersHigh

    Now, these rules are right?

    The first rule is to give priority to all packets that from the WAN go to Smart TVs.

    While, the second rule is to give priority to all packets on the LAN that from the Smart TVs go to the WAN.

    Correct?

    Thanks

    Bye



  • Close.  Do your shaping on WAN.  The rate that data leaves the WAN is directly linked to the data that comes back in, so the key to shaping is to control what goes out so that you can deal with the return traffic.  Traffic already at your WAN can't be shaped as it is too late by that point.  Once you have changed your rule to use the WAN interface both ways, then you can try it out.  Go to Status - Queues and watch your queues in realtime.  Turn your TV on and watch to see if qOthersHigh starts getting packets.  Make sure that queue has no drops.



  • @KOM:

    Close.  Do your shaping on WAN.  The rate that data leaves the WAN is directly linked to the data that comes back in, so the key to shaping is to control what goes out so that you can deal with the return traffic.  Traffic already at your WAN can't be shaped as it is too late by that point.  Once you have changed your rule to use the WAN interface both ways, then you can try it out.  Go to Status - Queues and watch your queues in realtime.  Turn your TV on and watch to see if qOthersHigh starts getting packets.  Make sure that queue has no drops.

    Sorry again but I can not understand what I should change.

    So what's this small change?

    Thanks

    Bye



  • Change your second rule so that the Interface is WAN, not LAN.


Log in to reply