Firewall Traffic Control



  • I am looking for some guidance on setting up some traffic control for my network.

    I have an ADSL connection with a line speed of between 3.86Mbps and 6.78Mbps depending on when I test. Download speed is between .48MB/s and .85MB/s.

    My wife and I both work from home and are heavy internet users. And I play way too much League of Legends.

    One of things we are encountering is that often one user sucks the entire bandwidth and the other cant do anything. For example if I am playing a LoL game and she opens YouTube my ping goes from 39ms to over 1000ms. The same goes for if I open YouTube and she is connected to her corporate network via VPN; it generally kicks her off. We also find that if one of our handheld devices connected to wifi does an app update or syncs email that the network becomes really sluggish. Its so obvious that if I see my ping climing whilst playing LoL that I turn off my phones wifi and it drops instantly. Whilst this is ok we have atleast 8 handheld devices on the net as well a variety of smart home devices.

    So I would like to limit the amount of bandwidth that YouTube takes, or set aside bandwidth for certain things such LoL.

    What should I be looking to do?



  • Firewall traffic shaping  use the wizard



  • @darrenyorston:

    I am looking for some guidance on setting up some traffic control for my network.

    I have an ADSL connection with a line speed of between 3.86Mbps and 6.78Mbps depending on when I test. Download speed is between .48MB/s and .85MB/s.

    My wife and I both work from home and are heavy internet users. And I play way too much League of Legends.

    One of things we are encountering is that often one user sucks the entire bandwidth and the other cant do anything. For example if I am playing a LoL game and she opens YouTube my ping goes from 39ms to over 1000ms. The same goes for if I open YouTube and she is connected to her corporate network via VPN; it generally kicks her off. We also find that if one of our handheld devices connected to wifi does an app update or syncs email that the network becomes really sluggish. Its so obvious that if I see my ping climing whilst playing LoL that I turn off my phones wifi and it drops instantly. Whilst this is ok we have atleast 8 handheld devices on the net as well a variety of smart home devices.

    So I would like to limit the amount of bandwidth that YouTube takes, or set aside bandwidth for certain things such LoL.

    What should I be looking to do?

    I'm also interested !
    Thanks



  • I hope my post is not invisible  ;)

    Go to firewall select traffic shaping and run the wizard



  • @Chrismallia:

    I hope my post is not invisible  ;)

    Go to firewall select traffic shaping and run the wizard

    Which one to run?

    Multiple Lan/Wan      traffic_shaper_wizard_multi_all.xml
    Dedicated Links        traffic_shaper_wizard_dedicated.xml



  • Multiple Lan/Wa



  • I suggest you NOT to run the wizard.
    Go to    Firewall>Traffic Shaper>By Interface
    Remove all previously created shapers by hitting red button on bottom.
    Select WAN, tick  Enable/disable discipline and its children, the select Scheduler Type CODELQ
    and put your download ISP bandwidth in Kbit/s
    do the same for LAN but put ISP upload.
    Then check if it helped. Play with bandwidth value lowering it a bit or increasing.
    Also you can follow this manual in addition to above https://forum.pfsense.org/index.php?topic=63531.0 to evenly share you bandwidth, but it was a little bit broken in 2.3 and works good for me in 2.4.
    If nothing helped you should read manuals and how-to and may be use FAIRQ.



  • @w0w:

    I suggest you NOT to run the wizard.
    Go to    Firewall>Traffic Shaper>By Interface
    Remove all previously created shapers by hitting red button on bottom.
    Select WAN, tick  Enable/disable discipline and its children, the select Scheduler Type CODELQ
    and put your download ISP bandwidth in Kbit/s
    do the same for LAN but put ISP upload.
    Then check if it helped. Play with bandwidth value lowering it a bit or increasing.
    Also you can follow this manual in addition to above https://forum.pfsense.org/index.php?topic=63531.0 to evenly share you bandwidth, but it was a little bit broken in 2.3 and works good for me in 2.4.
    If nothing helped you should read manuals and how-to and may be use FAIRQ.

    Kindly explain  why this method is better then the wizard



  • There is no CODELQ in the wizard.
    If you want more information about Codel just search in Traffic Shaper on this forum.



  • CODELQ does not prioritize types of traffic . If op wants to prioritize types of traffic he needs HFSC



  • You're right about CODELQ.
    As I understand the main OPs problem is buffer bloat + not equal bandwidth share and may be the best solution is to use CODELQ or use any other sheduler with enabled Codel queue. PRIQ/HFSC with enabled codel in queue would be very good solution + equalization/prioritization through Limiters as I mentioned before.
    Sometimes it just enough to use CODELQ and not prioritize types of traffic, sometimes not.
    Anyway the wizard does not solve OP's problem completely and can be useless if wrongly configured through. In this case if CODELQ not help, then OP should configure HFSC or anything else, enabling manually Codel in queues, creating desired rules. There are a lot of information on forum and overall Internet.



  • What I am trying to manage is the bandwidth allocation on my network.

    YouTube seems to suck all the bandwidth when it runs. As a result other programs suffer. So I am trying to work out a way to not have programs affected by others. Whether that be allocating a certain bandwidth to YouTube and such or assigning bandwidth to other programs. Either way, at the moment with just two people in the house if we open streaming services (YouTube, Spotify etc) other connections suffer.



  • Just try CODELQ. There is no simple, "one click" way to manage streaming services Youtube over programs and services, only manually or wizard + manually, Google continues to experiment with an own implementations and protocols, but most of the Youtube videos are not streaming but progressively download over HTTP.
    CODELQ will try to minimize the queue length by minimizing latency and equalizing all traffic, this should help in this case, making other services also available. 5 minutes to try.



  • I do not wish for this to sound the wrong way but  I feel Pfsense  is falling behind other firewalls, as firewalls today  can easily  identify streaming like YouTube,torrents,gaming  and so on thanks to layer 7, traffic shaping by ports is getting useless everyday



  • Layer 7 is removed from pfSense for known reasons https://doc.pfsense.org/index.php/Layer_7
    There is snort that can identify such traffic and doing it much better, but snort setup is also not so simple, thats why I suggested CODELQ to be in the first place, I have personally a lot of positive experience enabling CODEL in non pfSense based routers too. In future there will be FQ_CODEL avaible that do this job even better and you don't need any knobs and a lot of setup. Actually this topic should be moved to "Traffic Shaper".



  • @w0w

    Thank you for all your responses. If I am not mistaken snort only blocks traffic it does not help shape it right? and any Idea  when FQ_CODEL is pland  to be in pfsense?  I will try out codel as I never did.



  • @Chrismallia:

    @w0w

    Thank you for all your responses. If I am not mistaken snort only blocks traffic it does not help shape it right? and any Idea  when FQ_CODEL is pland  to be in pfsense?  I will try out codel as I never did.

    Yes looks like that, snort is not intended to use with shaper and other shaping possibilities like SQUID rules are not widely tested in pfSense. As for Layer7 patterns for youtube, this is also like moving target.
    https://forum.pfsense.org/index.php?topic=62863.0
    I am not sure that provided DD-WRT pattern is still working nowadays and not only for Layer7  missing in pfSense reason :)
    I am not so familiar with snort, squid and other packages but it looks like currently there is no simple solution to shape youtube videos, until you got all youtube available IPs but this is also moving target.


Log in to reply