Shaping by traffic type/rate, Netflix



  • Prior to upgrading from an embedded Linux appliance to PfSense late this year I had a very effective shaping rule entered custom.  I'm hoping to determine if/how it could be added to PfSense preferrably via the GUI or if not by custom rule.

    Netflix has become very adept at over-utilizing port 80 and 443 impacting other services on the same ports. I created the rule some time ago that simply reprioritizes port 80 traffic, in this example, from medium priority to low priority based on more than 1000 packets arriving on a connection that contain packets larger than 1400 bytes, and that is present for longer than 12 seconds.  The purpose was to prevent large port 80 file uploads from impacting web browsing.

    I'm looking for a way to utilize this or similar rule to limit the outbound ACK's related to long duration port 80 and port 443 downloads so they have a lower priority than typical.  So in essense I want bursty traffic to have medium priority through and non-bursty traffic to have low priority on these two ports.  I'm using CBQ on outbound and PRIO on inbound providing outbound shaping only.

    #Continuous download prioritization medium to low
    iptables -t mangle -A TS -j TOS –set-tos 0x08
    iptables -t mangle -A TS -p tcp --dport 80 -j TOS --set-tos 0x04
    iptables -t mangle -A TS -p tcp -m length --length 0:1400 -j RETURN
    iptables -t mangle -A TS -p tcp -m limit --limit 12/s --limit-burst 1000 -j RETURN
    iptables -t mangle -A TS -p tcp --dport 80 -j TOS --set-tos 0x08
    iptables -t mangle -A TS -p tcp --dport 80 -j RETURN


Log in to reply