Can't get Traffic Shaper to identify HFSC of 6 or 7



  • Good evening all.  Now, I'm new to this, so be gentle. ;)

    I've been testing RC2 and now RC3 and have been very pleased with it so far.  We plan on using it for little VPN appliances to provide a tunnel back to our data center.  The local site will use the device for internet traffic and the VPN tunnel is used so their VoIP phones can contact the hardware at our data center.

    So, what I'm wanting to do is prioritize all VoIP traffic over all else (h323 and SIP) -  (remember, the VoIP will be going over the VPN, and internet will be going out locally).  So, I've set something up a Traffic Shaper on the LAN interface in this case.  The VoIP phones are currently set to provide a priority tag of 6.  I've got a VoIP queue in Traffic Shaper to look for a priority tag of 6 for its wizard-built "VoIP" queue, but the calls are still ending up in the default queue.

    The one thing that bothers me is that, from what I've been able to identify, this QOS mechanism requires a static speed of the WAN circuit to be programmed.  But, lets face it, with both DSL and CableModem, those speeds can fluctuate.  I wish the firewall had a way to monitor its up/down speed every minute and adjust QOS bandwidth accordingly.  :(

    Anyone got any thoughts?

    Thx.



  • It is not easy to measure a link bandwidth dynamically.
    Any thought?



  • Can I ask more about this priority tag from the voip phone?  I don't know what setting on the firewall rule would identify this priority tag and put that traffic in the proper queue.  Is it a Diffserv Code Point?

    You could make a rule on the LAN interface that catches traffic from the specific IP of the Voip phone and sends it to the Voip queue, something like:
    <rule><type>pass</type>
    <interface>lan</interface>
    <statetype>keep state</statetype>
    <protocol>udp</protocol>
    <source>

    <address>192.168.42.5</address>

    <destination><any></any></destination>
    <defaultqueue>qVoIP</defaultqueue></rule>
    Sorry I don't know anything about the VPN, just starting to understand the traffic shaper.

    As far as dynamically changing the programmed WAN speed… wow, that would be nice but I don't know if it is likely... You are right, to let the traffic shaper do it's job and prioritize traffic, requires that the programmed WAN speed is equal to or less than the actual throughput, otherwise the traffic will just end up waiting in a non-prioritized buffer in the modem, rather than waiting in the queues you have set up.  Would love to hear another solution better than setting the WAN speed to the lowest you expect to ever see.  I've been thinking of making sub queues and then schedules to use different speeds at different times of day... but of course the schedule is not consistent so not really useful.



  • pwipf the schedules work afaik!

    As far as bandwidth moving you can set priority queueing without any need on bandwidth specification.
    For the queues in the modem that can be detected by delays and there was a discipline for the shaper to detect that but never made it to final to be in pfSense.

    For now you can only tweak queue sizes or tbr to prevent the buffers ahead to get filled.



  • Sorry, didn't mean to say schedules don't work in  pfsense, only meant that the times that my WAN slows down isn't consistent.

    I don't know if it's related to this thread, but i have been doing a bit of testing with the priority setting on the HFSC queues and noticed that the priority setting doesn't seem to make any difference.  Two queues fighting for bandwidth both get 50% regardless of priority setting.  Only linkshare bw set and equal for both queues.  The only way i can give one queue a bigger share is giving one more linkshare bw, which works like a weight rather than a priority, or giving one realtime bw > 50%.

    What is the name of the qdisc that can detect modem buffer delay?  Would love to read about it or study, sounds interesting.



  • @pwipf:

    Can I ask more about this priority tag from the voip phone?  I don't know what setting on the firewall rule would identify this priority tag and put that traffic in the proper queue.  Is it a Diffserv Code Point?

    You could make a rule on the LAN interface that catches traffic from the specific IP of the Voip phone and sends it to the Voip queue, something like:
    <rule><type>pass</type>
    <interface>lan</interface>
    <statetype>keep state</statetype>
    <protocol>udp</protocol>
    <source>

    <address>192.168.42.5</address>

    <destination><any></any></destination>
    <defaultqueue>qVoIP</defaultqueue></rule>
    Sorry I don't know anything about the VPN, just starting to understand the traffic shaper.

    As far as dynamically changing the programmed WAN speed… wow, that would be nice but I don't know if it is likely... You are right, to let the traffic shaper do it's job and prioritize traffic, requires that the programmed WAN speed is equal to or less than the actual throughput, otherwise the traffic will just end up waiting in a non-prioritized buffer in the modem, rather than waiting in the queues you have set up.  Would love to hear another solution better than setting the WAN speed to the lowest you expect to ever see.  I've been thinking of making sub queues and then schedules to use different speeds at different times of day... but of course the schedule is not consistent so not really useful.

    Yes, its been assigned an 802.1q QOS priority of 7 (so both a DSCP and COS setting that represent high priority).  I've experimented with this a bit more.  The ONLY traffic shaper that kinda works, is PRIQ, but I like the possible intelligence of HFSC if I can get the damn thing to work.  When viewing the queue status they all end up in default.  :(

    Oh, and I can't put the IP phone's IP because we're talking more than one phone.



  • You have tried with the latest snapshot?



  • @ermal:

    You have tried with the latest snapshot?

    Updated last night.  :(



  • You need to set the dscp value 802.1q will not be considered by pfSense since its to low-level for now.

    The value of the DSCP should be in hex iirc.



  • @kristiandg:

    @pwipf:

    Oh, and I can't put the IP phone's IP because we're talking more than one phone.

    You can create an alias with your phone's IPs and then use the alias in the wizard.



  • @focalguy:

    @kristiandg:

    @pwipf:

    Oh, and I can't put the IP phone's IP because we're talking more than one phone.

    You can create an alias with your phone's IPs and then use the alias in the wizard.

    Yes, but the addresses would vary (DHCP).  No one statically assigns IPs to phones.  That really would only apply if you had an ATA or something (from vonage), I would think.  But thats OK, because I don't really want it to be done that way anyway - I really want it done based on traffic type.


Locked