HFSC Shaping - Queue Lengths?



  • Morning all,

    I've read what seems like thousands of posts and topics on this and it should be straightforward but I'm just not getting it.

    I've used the multi-lan/wan wizard and set up shaping to the following. I have a 30/30 internet connection (soon to be upgraded to 100/100) and gigabit LAN into the box.

    I need to achieve the following:

    • Priority for browsing when downloading large files on specific ports.

    • I have a VOIP phone and need to guarantee it QoS.

    • I serve my blu-ray collection via Plex to my holiday home, this needs to be guaranteed as my kids are gamers and saturate the connection at home via either HTTP downloads or usenet generally. Obviously this means getting rid of bufferbloat so their experience isn't spoiled also.

    • Priority for RDP so I can administer remotely in both directions.

    I used the wizard to accomplish this and set HTTP and RDP to higher priority (the floating rule generated put the traffic in the qOthersHigh and qACK as they're TCP). The UDP VOIP traffic goes into a queue and I've reserved 64Kbits for it. I've also put usenet in the qACK/qOthersLow via floating rule for port 563.

    I can see on the queue status that all traffic configured is using the queues as expected but there are bits I don't understand and bits that just plain aren't working the way I want them to. Can anyone help?

    I don't get:

    • How the shaper actually kicks in. I understand that the upper limits on LAN/WAN trigger the shaper, but does that trigger every child queue also, or do they enable/disable just like the interface limits? For example, if I have a high priority queue set to give a bandwidth of 25 of my 30 Mbits to p2p, then a HTTP download in a lower priority queue triggers the shaper by hitting the max bandwidth, will the download then be throttled back to 5Mbits, even though there's no p2p wanting the 25Mbits? EDIT: I've sort of fathomed this one. It seems the queues and their criteria fire individually and dynamically. To test I set the real time minimum on the qOthersLow to 10Mbit and ran a HTTP download through qOthersHigh which still saturated the connection. I then ran a download through qOthersLow and sure enough it got 10Mbit even though its priority would have given it less. That's cool!

    • The scheduler options for each rule. I can't seem to find a decent explanation of what they do and don't understand how I can use more than one at a time on the same rule (I could tick them all if I wanted). At present I've got just 'Codel Active Queue' enabled for every rule.

    • What the priority percentages do. Why is the qOthersLow at 4.99%, qOthersHigh at 9.98% and qGames at 19.96%? Why not 5, 10 and 20? Or 30, 60 & 90 for that matter? EDIT: Worked this one out also. They're not percentages of bandwidth, they're weightings. qOthersHigh at 9.98% and qOthersLow and qOthersLow at 4.99% will result in roughly 2/3 bandwidth going to qOthersHigh and 1/3 going to qOthersLow, assuming no other traffic exists in other queues.

    • qACK should have the highest priority always, no? Why is it the same priority as qGames?

    • What's the difference between the 'Bandwidth' field and 'B/W share of a backlogged queue' fields? They're set the same, but on the qVOIP queue the latter is set to 64Kbits and the former 32Kbits. Why would the bandwidth be set at 32, when a single call needs 64 as I specified in the wizard?

    • What's the qLink queue for? I can see it's the default on the LAN interface, so I'm guessing downloads that don't fit a queue go here?

    Problems encountered so far:

    • The qLink queue automatically gave itself 20% and the qInternet queue had a max bandwidth of approximately 23Mbits, 20% less than the max I had set. Effectively this meant that I was only able to use 4/5ths of my connection and I lost 6Mbits of bandwidth. I lowered the qLink to 1% (strange things happened with 0% so couldn't set it) and calculated the bandwidth setting to be 1% less than the max I'd chosen and the bandwidth came back. Have I done this right?

    • Bufferbloat. Without any shaping enabled I got quality A+ and bufferbloat F on dslreports. With shaping enabled and the right upper limits set on LAN and WAN I got A+ for bufferbloat when the line was idle and if I saturated with a something in the qOthersLow queue, then ran again I got A or B, which I'm pretty happy with as gaming shouldn't be adversely affected. I do however now never get a quality score better than F in any circumstance but the shaper disabled, due to dropped packets. How do I improve this? I've played with scheduler options and the queue status with Codel shows no dropped packets but I still get F. To rule our the ISP I throttled back to 15/15 and got the same result. I played with queue lengths to no avail. Any ideas?

    • When in the holiday home the kids did some hefty HTTP downloading at home and saturated the connection (qOthersHigh). I was then totally unable to stream Plex to my TV in the holiday home. How can this be, when one is upload and the other is download? I thought it would be the download swamping the incoming ACK packets from the holiday home but the qACK is higher priority than qOthersHigh, isn't it? I tried to remedy by putting a floating rule in to add the Plex traffic (32400) to qACK/qOthersHigh, but it didn't work. I cleared the states also to be sure. When the downloads finished, Plex was fine again. EDIT: I've put the plex port on qGames, which is twice the priority of the HTTP traffic. I've also edited the qGames queue under the WAN interface to give it a minimum upstream of 25Mbits, now that I know how that works. Will that be enough, or should I also give the ACK packets a longer queue and perhaps a minimum of, say 1.5Mbits on the LAN interface?

    Curious about:

    • Is there a way of guaranteeing bandwidth only when it's needed? From what I gather the shaper kicks in when the upper limits are hit so essentially the qVOIP reserved bandwidth of 64Kbits is never available to anything but the Asterisk ports. The reason I'm asking this is because I'd like to make sure that when Plex wants to stream out, it guarantees, say 20Mbits for it to do so. It wouldn't be practical to allow it 20Mbits all the time like it would under the current setup, so if something else maxed the upload and the shaper kicked in I wouldn't want it to reserve the 20Mbits unless Plex requested data. In this case a bit of latency wouldn't hurt (whilst the shaper caught on), unlike with VOIP. EDIT: As above, think I've figured that out.

    • I have three machines at home and if a hefty HTTP download is started on one of them (Windows Update is often a culprit), browsing is crippled on the others as pfSense can't differentiate the data. I've seen some suggest using m1 d and m2 to throttle back downloads and leave some room for browsing but I'd rather allow full speed for downloads if the bandwidth is available. Before I got into the shaper I used limiters to dynamically and evenly share the bandwidth between IP addresses so that wouldn't happen. Is it possible to do this inside a queue, so that traffic hitting a certain queue is allocated bandwidth fairly and evenly across all IPs needing it? EDIT: This is more essential now. If one machine does updates it kills browsing and introduces bufferbloat on the others due to the traffic being in the same queue. Would love to pull this one off!

    Really sorry for the long post and thanks in advance!