Still can't get traffic shaping working correctly



  • Hi All,

    I have been a user of pfSense now for over 1 year and I have to admit I can't believe I ever ran my setup without it. It is excellent. I have a wonderful setup where by I have a 2 port unit (1 for WAN 1 for LAN) and I maintain a permanent OpenVPN connection to a provider. I route certain IP's through the VPN Gateway and certain IP's through the ISP. Utilising the power of pfSense, DNS Leak blocking was a breeze.

    Then comes my problem. Traffic Shaping. No matter how much I try to manually / automatically configure the rules I cannot get traffic shopping to work correctly.

    What I would like to achieve?

    I have 1 8/2 Mb connection. Internet connection and I want to maximise use of my bandwidth while also applying rules to services and IP's. Therefore the shaping only applies to my WAN bandwidth I believe. My LAN is gigabit and therefore can deal with any and all requirements locally.

    Explanation (by means of scenario):

    Client 1 is the only one using the network (utilising p2p and usenet, http protocols). Client 1 should be able to utilise ALL the lines bandwidth. However within that http should be prioritised 1st, usenet second and p2p 3rd. Client 1 utilises VPN gateway.

    Client 2 enters the network while the above scenario is in effect. Client 2 starts a remote video stream from a local Sports Service. Client 2 should be able to play the video stream and take all available bandwidth to do so OVER Client 1. Client 2 utilises Client 2 utilises ISP gateway.

    Client 3 enters the network while the above 2 scenarios are in effect. Client 3 starts an online game. Client 3 should be able to play the game and take all available bandwidth to do so OVER Client 1 but NOT Client 2. Client 3 utilises ISP gateway.

    Client 4 enters the network while the above 3 scenarios are in effect. Client 4 starts to play music. Client 4 should be able to listen to the music and take all available bandwidth to do so OVER Client 1 and 3 but NOT Client 2. Client 4 utilises VPN gateway.

    Client 5 enters the network while the above 4 scenarios are in effect. Client 5 starts web browsing, and the occasional low bandwidth video playing. Client 5 should prioritised above ALL clients. Client 5 utilises VPN gateway.

    The key point for me here is that at NO point is any of the bandwidth allocated somewhere and not be able to be used if it is being requested so permanently allocating a % of the line to a Client is not something I would like to do.

    I thought doing the above would best communicate what I am trying to achieve here. Sorry to those who find it confusing.

    Can anyone send me to a guide that I can follow that will help me achieve the above?

    Thanks!

    :)



  • HFSC supports sharing unused bandwidth. You could give each client their own queue, but that could get messy if you have a lot of clients. You could break up traffic into types and hope for the best. The simplest 80/20 solution is just to set CoDel and not think about anything else.



  • @Harvy66:

    HFSC supports sharing unused bandwidth. You could give each client their own queue, but that could get messy if you have a lot of clients. You could break up traffic into types and hope for the best. The simplest 80/20 solution is just to set CoDel and not think about anything else.

    Thanks for the advice. The majority of my efforts so far had been with HFSC so far.

    Thought the many many posts I have read I see that you seem to be an advocate of just enabling CoDel and letting it do its business.

    I have taken your advice and have done just that. I have enabled it on both the WAN and OpenVPN interfaces. I shall see how it plays out.

    For anyone else who is in the same boat as me and just wants to enable CoDel, this is how I did it:

    Firewall >Traffic Shaper >By Interface

    Select interface, I did this for WAN and OpenVPN.

    • Click so there is a 'Tick' in 'Enable/Disable'.
    • Select CoDelQ in 'Scheduler Type'.
    • Enter downstream Bandwidth (e.g. mine is an 8 Mb line so I entered '8').
    • Select the unit of measure for your downstream Bandwidth (e.g. Mbit/s was mine).
    • Queue Limit, left blank.
    • TBR size, left blank.

    Anyway, I am sure someone will tell me if I did this wrong!  8)



  • Question.

    Since the VPN traffic passes through the WAN to get to the VPN provider, would shapping on the WAN and the interface used for the VPN cause issue?

    Would shaping the traffic on the WAN be enough when using CoDel?



  • @mhertzfeld:

    Question.

    Since the VPN traffic passes through the WAN to get to the VPN provider, would shapping on the WAN and the interface used for the VPN cause issue?

    Would shaping the traffic on the WAN be enough when using CoDel?

    If you want to shape all aggregated VPN traffic, shape on the WAN.
    If you want to shape individual traffic types within the VPN, shape on the VPN interface, but any shaping done here will additionally be shaped by the WAN. (I'm unacquainted with VPNs, so be wary of my advice.)