Convince me what would work best for my situation. Pfsense, openbsd, QOS



  • So I am going to be building myself a new router setup, and I am really looking for the best QoS that I can get (home use).  So I want some honest opinions ( i realize this is a pfsense forum, but I am hoping for some honest opinions here.  I dare not ask on openbsd forums because I hear they rip off your neck and do you duke nukem style.) I have not tried pfsense 2.0 as of yet as I am getting a new box with supported NIC cards.  I am runnign and have been running pfsense 1.2.3, and have been pretty happy. Anyway, here is my current thought process…

    I have read good things about OpenBSD, and since Pfsense 2.0 wasn't out of beta I thought I would give it a shot.  The problem I see with it, is that it don't see what amounts to a very good layer 7 support.  Which may or may not be killer, but here is what I am trying to accomplish.

    I spent today looking over pf.conf for openbsd.  Id like to filter out the good layer 7 traffic, and put that into the higher priority queues.  Everything else would be put into a bulk queue.  From there I would limit maximum connection states so if one person is chewing things up he doesn't ruin it for everyone else.

    Now with openbsd I could do everything except the l7 layer filtering portion.  I think I had my pf.conf nailed down pretty well.  It appears that pfsense does all of this as of 2.0.  Can someone verify this for me?  Can I set maximum connection states based on ports?  From what I see in 1.2.3 you can only set the maximum for the entire firewall.

    Anyway, any advice that can be given I would appreciate.  In no way am I trying to bolster OpenBSD over pfsense.  In terms of ease of use, performance, and support you guys are terrific.  I just have never had a QoS solution from a software solution that could keep pings at a level for a FPS while using even 50% of the bandwidth.  And I'd really like to see something that could do that.



  • I've had no problem keeping latency in check with 100% uplink usage using QoS in 1.2.3, Debian, Ubuntu, or Tomato, when configured properly. I'm a voip user and heavy torrenter, so believe me when I say my wife would let me know if it weren't working as expected. I've never bothered with l7, so I can't comment on that specifically.

    2.0, on the other hand, has been a bit of a bear from my perspective. The documentation is sparse, the wizard is broken, and the information on the forum doesn't fill in the blanks.

    I don't mean to rant, and I'm not saying QoS itself is broken, and somebody with a good grasp on the mechanisms behind it might get all the functionality he wants out of it, but such as person has yet to step out and be heard on the forums and mailing list, not for a lack of asking. From what's there it looks to be quite tweakable.

    I suspect QoS in 2.0 is a something of a Stradivarius, but from what I can tell so far we're all trombonists at this party ;)



  • pfsense worked quite well for QOS for maintaining a low ping until someone on the lan needs to play a first person shooter.  It is the true test for me. Though at the time I didn't specify a maximum concurrent connections per ip, and I have a feeling that may be the final piece to the puzzle.  It really only takes one person torrenting heavily for the ping to go up drastically.  This is on a P3 700.

    I have also tried dd-wrt, tomato, openwrt and their versions of qos.  Pfsense was the only one that was close to working the way it should, but heavy torrenting by one user made pings spike from 40-350ms+.  While this works for everything else, it doesnt work for that.  Pings of 150ms would be fine, if it was constant.

    I have ADSL with steady bandwidth throughout the day.  I have tried very conservative settings for bandwidth allocation.  p2p was put in the right queue.  Didn't matter.  Maybe it was my hardware though, but it definitely had room to improve.

    I guess before I bounce up, ill give 1.2.3 a shot on this new hardware and hope for the best.  I read that max concurrent connections is an option in 1.2.3, just have to find out how to do it.



  • found the concurrent options under firewall…lan.  Awesome.



  • @lash444:

    It really only takes one person torrenting heavily for the ping to go up drastically.

    Then the QoS settings need adjusting. If you are able to get it working your way then that's great, but if not I would recommend reading the link below where I offer a brief howto on getting what you're looking for.

    With no traffic on my link I can ping my gateway with rtt of 45ms consistent. When saturating my uplink with unlimited torrents I get 55ms rtt consistent. That's a 10ms penalty on a 10/1.5 link, which is really about what it should be when QoS is working properly (or at least I could before switching to 2.0)!

    http://www.dslreports.com/forum/r24028032-


Locked