Idiot's guide to traffic shaping pfsense 2.0

  • Hi! I am a new pfsense user and I am having a hard time understanding the traffic shaper.
    I have a (very) slow ADSL connection (1500/300 kbit) and therefore bandwidth is sacred.
    My setup is similar to this: ADSL modem (bridge) -> pfsense -> switch -> lan
    some of machines download over http and others upload and download from p2p networks.
    the problem I am having is that when I want to use my primary computer to just play around e.g. watch movies on youpor.. ahem tube, check mail, and generally just waste my time on the internet everything is dead slow.

    So my question is: Is there some way I can prioritize bandwidth on IP level regardless of the protocol used?
    e.g. can I do the following:
    machine1: Get's up to 90% of the available bandwidth (leaving always at least 10% to the other machine(s)).
    machine2: Get's up to 100% of the available bandwidth if machine1,3 or 4 does not need anything
    machine3: Get's up to 100% of the available bandwidth if machine1,2 or 4 does not need anything
    machine4: Get's up to 100% of the available bandwidth if machine1,2 or 3 does not need anything

    Thanks for any bashing, flaming or even help in advance! ;)

  • @jlepthien:


    check this out:,26782.0.html

    Thanks but honestly it does not help me much.
    What I get out from that post is basically that the traffic shaper is "impossible" to configure and set up for people who does not know the inner details of a network package.

    I asked my question on IRC as well and someone there told me to just use the wizard to set up the traffic shaping.
    I used the single lan multi wan wizard and entered 1 wan interface (it should really be called single lan multi OR single wan)
    It gave me the following setup:


    What i find superconfusing is that after using the wizard and entering the correct values of up/down speed I see that the WAN's bandwidth is 300 while my LAN is set up to 1500. I assume that WAN is not really WAN but UPLOAD and that LAN is not really LAN but download.
    Also what confuses me is that the queues (for example the LAN->qDefault) is set to 10% bandwidth. Is this the guaranteed minimum or is the maximum designated to that queue? Can it get more? Can it get less? - Not much detail there IMHO but again I must admit that I am not understanding this at all.
    I find the queues again under firewall->rules->floating and I am not sure what to do with them there.

    I'll try and play around with other schedulers and try the PRIQ scheduler as well to see if this improves stuff (as mentioned in the post you refer to) but I still think I need help here because the traffic shaper is not very easy to understand.

    I might shoot in that I was actually expecting the wizard to offer me to give priority to an IP address as well when you set up what protocols you want higher / lower priority for. For example that web stuff get's higher priority but ONLY for a certain IP (or IP's).

    So even after reading the post you refer to i still need an answer to my question on how to give a certain IP high priority of ALL (mostly web) traffic while other IP's get the "leftovers". ;)

  • Which is precisely the point of that other thread - while pfSense has a stupidly powerful traffic shaper, it's also impossible to configure to a specific network, and that thread is a whinge to the devs to rethink the UI properly while pfSense is in beta.

    There's a saying in development: If you can't use the damn thing, it's useless.

    FWIW, I am trying to write a howto but I've only got so far because:

    a) I have had to learn the intricacies of how it all works, as you need to configure the scheduler (HSFC, PRIQ, CBQ and FAIRQ), the queues themselves the limiter (dummynet) and then the rules (that assign the traffic to the queues). Then L7 is something I've yet to investigate.

    c) after implementing what is my 'ideal' setup without using the wizard (whose parameters worked perfectly under pfSense 1.2.3, 2.0 begins to have an insane number of queuedrops and doesn't actually do what I intended it to do, which is make normal network activity responsive even when the WAN is saturated, so there are niggles I need to figure out and iron out so I can point out the caveats in the howto - for example if you name a queue differently to the wizard, you don't get a nice RRD graph!

    Don't get me wrong when you've configured it well it works like a dream, but it's a freakin pain to coerce it into working for you, which for traffic shaping is critical, since it's a largely subjective enhancement specific to only your network.

    So that's a roundabout way of saying there's no such thing as an Idiot's guide to traffic shaping in pfSense 2.0 because I'm attempting to write it but quite frankly find it totally unintuitive myself.

  • @MrHorizontal:

    There's a saying in development: If you can't use the damn thing, it's useless.

    Well that's true, at least for me. Let's hope someone can redesign the GUI to something a but more "idiot" friendly before they release pfsense 2.0 final.

    As for me since I know nothing about traffic shaping or the anatomy of a network packet I can just imagine that most people would like to set a maximum and minimum bandwidth + priority between their computers and later they would like fine grained control over what protocols that should be prioritized.
    So in my fantasy world the easiest way to config for me (and probably most people) would be something like this:

    IP/ALIAS : Self explanatory
    DIRECTION: Self explanatory
    MIN      : Minimum% of remaining available bandwidth
    ABS      : If set to yes - MIN is 20% of available WAN bandwidth down no matter what!
    MAX      : Maximum% of remaining available bandwidth
    GROW     : If set - can grow to 100% if required and more bandwidth is available
    PRI      : High = 1, low = 255 or something like that
    |(workstation) |    DOWN   | 20% | yes | 80% | no   |  1  |
    |(workstation) |     UP    | 10% | no  | 10% | yes  |  1  |
    |(webserver)   |    DOWN   | 50% | no  | 50% | yes  |  2  |
    |(webserver)   |     UP    | 60% | no  | 80% | yes  |  2  |
    |(mirror)      |    DOWN   | 80% | no  | 80% | no   |  3  |
    |(mirror)      |     UP    | 60% | no  | 60% | yes  |  3  |

    This is the way I would like to configure my bandwidth shaping. Of course this is quite simple, but for many I think it would be more than enough. You would of course need to be able to prioritize certain protocols as well e.g. p2p could for example be given a priority and still be feed to the workstation or it could not be given a pri and have the same limits as the workstation.

    Again this is my fantasy world example so don't take it to seriously. However consider that this is probably the way people that are not really into the details of networking think ;)

  • While assigning traffic like that to specific machines is possible, it's better you segment your LAN into different subnets so you can use CBQ (class based queue) so when you add a third workstation it's captured in that bucket as it were. However, you're explicitly limiting bandwidth and the potential to use the entire line for any given machine much more in that scenario.

    More ideally, traffic shaping is about inspecting your traffic and looking at packets that need to be prioritized over others to make the scarce resource (bandwidth) work better - so really it's about telling it that metaphorical 'sportscar' packets like DNS, ACK, NTP which benefit a lot from lower latencies overtake 'van' packets such as Youtube video, HTTP and FTP and then 'juggernaut' packets like P2P, Mail and such like that couldn't give a rats arse about latency are put in the parking lot. It's a bit like planning a city's traffic light system - while there are still traffic jams in Paris, generally traffic flows in Paris a bit better than in Delhi, and really that's what shaping is about.

  • Ok - Now I have been playing around with the traffic shaper for a while but I am still having a hard time understanding it.

    Let's say for simplicity sake that I have to machines A and B

    wan(adslmodem)->pfsense->lan(switch)->A & B

    B: is downloading a huge ISO file over http
    A: is also downloading a few small files over http now and then.

    If I want A to be 'responsive' I would need to be limiting B to for example 20% bandwidth when A is active.

    as far as I understand I would need to make one queue "lopri" and another queue "hipri"
    then I need to assign a set of ip's (alias) to the lopri queue and another set of ip's to the hipri queue.

    Now I am probably asking for too much but please bare with me , what would a step by step guide look like to achieve this?

Log in to reply