QoS with Limiters, prioritizing DSCP-classes
I am experimenting with Pfsense at the moment and trying to prioritize certain traffic in all directions.
After reading the docs, I had the impression, that Limiters is the way to go, since ALTQ is not as efficient and relies on certain network cards.
I am not really interested in limiting bandwidth anywhere, just prioritizing traffic with certain DSCP values as we do on all our internal network equipment.
Here is my approach, but I'm not sure if this will have the desired effect:
I created one limiter, without mask and with a bandwidth-limit much higher then the physical network is capable of.
I created four queues inside this limiter with weights 100, 90, 80, 20.
Weight = 20 is the "default" queue.
I created four firewall floating rules on LAN and WAN interface with action=match, that filter by DSCP-value and assign incoming packets to the corresponding queue. Everything without a matching DSCP value is assigned to the "default" queue (weight=20).
Apart from the question, if this is a viable way to do this, there are still some questions I can't seem to find an answer to:
Is it a problem to exaggerate the available bandwidth in the Limiter?
Is the default queue actually necessary? I would assume since the limiter grabs all of the available bandwidth, no unclassified traffic could pass?
Is it a problem for the weight of the queues to add up to more then 100 or is this just relative weighing?
As of now you can see, I do not have any Limiter/queues for the "out"-direction. I understand that "in" and "out" is interpreted from the perspective of the pfsense. I assume, I would have to create a second limiter with identical queues and configure these as the "out"-pipe in the firewall rules?
Your input is greatly appreciated ;)
Here is the first finding:
When these rules active, pfsense can not make any connection to internal or external endpoints.