VoIP Shaping

  • All,

    I have been trying for months to get my VoIP traffic to shape correctly. I have tried numerous versions, snapshots, etc., all with the same results.

    I have two WANs, one for VoIP traffic, and one for everything else. Using firewall and outgoing NAT rules, I am positive that the correct traffic is going through the correct pipe.

    The problem is that packets are being dropped when I am lightly accesssing the webConfigurator or some other web server listening on the VoIP pipe. I can hear the conversation cutting in and out as I am clicking on the links and the pages are loaded. The same amount of packet loss occurs with a constant download from this pipe simultaneously (i.e. it does not get worse but is still there).

    The VoIP traffic IS being assigned to the correct queue. There are NEVER any drops on this queue, so I know that it's semi-configured correctly.

    I have tried everything I know. Can someone either provide a config that is working for you or offer me some tips?

    Any other ideas?

  • You should visit this thread and try the steps outlined to minimize drops:


  • Thank you so much for your reply.

    I just tried these steps, reset the states, and gave it another shot…unfortunately no improvement.

    I do want to clarify some of my language that may have been misleading.

    The VoIP queues NEVER show drops, which I understand to be good. As a matter of fact, I don't know how else to better tweak the system if there are no drops in these queue. I don't typically see drops in the ACK queues either, and if I do, its very rare and random, certainly not aligned with the instance of broken audio when on a phone call.

    When I am on the phone, the person I called (the upstream data) gets broken audio as a website that's on the same WAN interface is being accessed, which I interpret to be packet "drops" (maybe a bad word choice) or loss attributed to the bursts of data that is traversing between the web server and the client.

    FWIW, I have confirmed that the path is clean between me and the VoIP provider, and we have an SLA that dictates the maximum amount of latency and packet loss that is considered acceptable.

    Just wanted to make sure that was clear.

    Do you have any other suggestions?

  • You are using a recent snapshot, right?

    If not, upgrade and then re-run the traffic shaping wizard.


  • I was running the 4-21 snapshot, but I'm upgrading now to the 4-23 and will re-run the wizard and see what happens.

  • That would be recent enough.  Only thing that I can think of at this point is to truely make sure all traffic are in the correct queues.  I know that you said that they where, but maybe double check.

  • Question…I'm running Asterisk, and it's sits at I have Cisco phones all over the office connected to Asterisk.

    Do I need to place all of those phones in the provider field along with or not since Asterisk is on the edge and is what connects to the VoIP providers?

    All phone conversations go through Asterisk, i.e. there's no re-inviting going on that would establish a direct outside connection between one of my phones and the VoIP provider itself.

  • Make sure you tell * to turn off the low-delay bit.  This has been discussed previously here.

    You might also visit some of the other articles in the Traffic Shaper section where folks create aliases for all of their voip devices + server blocks and then plugin this value to the red box during the voip configuration screen.  This makes sure only the voip devices + servers go in the VoIP queue.

  • Interesting about the lowdelay bit. I have disabled that and we'll see what happens.

    Also, thanks for your suggestion about the VoIP devices. I will check into that. Theoretically speaking, however, I shouldn't need to include all of the phones IP addresses in the alias because the connection that passes through the firewall is between Asterisk and the VoIP servers, correct?

  • I would be curious to know what kind of hardware the the pf box is on as well.  I would check out top and see what your cpu and memory usage is looking like when you are working with the web interface.

  • @sullrich:

    Make sure you tell * to turn off the low-delay bit.  This has been discussed previously here.

    I have done a search for asterisk and low-dealy bit can't see any relevant topics. Can you point me in the direction of where it was discussed, or just give me a quick summary of the why it needs turning off, and what the best setting is.

    In asterisk it seems I can set tos to any combination of lowdelay, throughput, reliability, mincost or none. On my phone I can set tos to be any one of IP_ROUTINE,  IP_PRIORITY, IP_IMMEDIATE, IP_FLASH, IP_OVERIDE, IP_CRITIC (it defaults to IP_CRITIC), presumably its important for me to make sure they both tie up, any idea on the correlation between them?



  • I checked the lowdelay bit within the shaper config in pfSense and my VoIP calls went to hell. Luckily I tested the phones right after this and realized it otherwise I don't know if I would have ever figured it out.

  • Keep in mind you should reboot your phone or reset the states after making traffic shaper changes since it is stateful.

  • Holding line quality, internet congestion, and ITSP provider issues as non-existant and constant, if there are no drops in my VoIP queues, should I be experiencing choppy phone calls?

  • You could if there are drops in the ACK queues.

  • Providing that there are no drops there either?

Log in to reply