Pfsense 2.1 HFSC shaping - Advice AND are LAN interface settings necessary?
-
I've been effectively using HFSC traffic shaping on my home network (50 mbit down/5 mbit up) to prioritize voip, ack and DNS traffic over usenet, cloud backup, etc. I've started w/ the default rules created by the wizard and tweak from there. I was curious whether LAN settings are needed? Also, any suggestions for tweaks would be much appreciated.
My goal is to prioritize from top down:
Ack
DNS
Voip
Default
SSH (is an FTP over SSH)
Backup
NNTP
P2PFor example, I have my rules as:
WAN
Bandwidth, 5 Mbit/s
qAck
Priority 6, Bw: 20%- Real: 20%
qDefault
Priority 4, Bw: 25% - Real: 35%
qP2P
Priority 1, Bw: 1% - Upper limit: 95%
qBackup
Priority 1, Bw: 7% - Upper limit: 80%
qDNS
Priority 5, Bw: 10% - Real: 5%
- Link: 20%
qNNTP
Priority 2, Bw: 1%
qSSH
Priority 1, Bw: 5%
qVoip
Priority 7, Bw: 21%
Real: 20%
LAN
Bandwidth, 1 Gbits/s
qInternet
bandwidth 50 Mbit/s- Upper limit: 50 Mb
- Link share: 50 Mb
qAck
Priority 6, Bw: 5%
qP2P
Priority 1, Bw: 1% - Upper limit: 95%
qDefault
Priority 4, Bw: 70%
qBackup
Priority 1, Bw: 2%
qDNS
Priority 5, Bw: 5%
qNNTP
Priority 2, Bw: 2%
Upper limit: 95%
qSSH
Priority 1, Bw: 5%
qVoip
Priority 7, Bw: 5% - Link share: 5%
- Real: 20%
-
are LAN interface settings necessary?
Sure. Just make sure that you make the bandwidth of the LAN queue smaller than your actual downstream bandwidth, so that you are queueing the traffic and not your ISP. Now, when your downstream (=LAN out, =LAN queue) is saturated you can control which traffic gets priority/dropped. -
are LAN interface settings necessary?
Sure. Just make sure that you make the bandwidth of the LAN queue smaller than your actual downstream bandwidth, so that you are queueing the traffic and not your ISP. Now, when your downstream (=LAN out, =LAN queue) is saturated you can control which traffic gets priority/dropped.I followed the recommendation here to set qLink = 1 Gbps/s LAN speed - ISP downstream.
http://forum.pfsense.org/index.php?topic=67347.0My LAN-qInternet bandwidth is currently set to 50 Mbit/s which is the max download limit of my ISP.
My WAN is set to bandwidth of 5 Mbit/s which is the max upload limit of my ISP. -
Tip to check if you are queuing and not your ISP:
ssh into pfSense
Launch pftop and go to the "Queue tab" (press 8)
Set update interval to 1s (press s, 1, enter)
Go to http://www.speedtest.net/ and launch a test
Watch your downstream queues and make sure packets are being queued on your side (QLEN>0)If QLEN stays at zero the bandwidth of your downstream queue is too big and your ISP does the queuing, lower the bandwidth of your downstream queue.
-
Bear in mind that the "Priority" does not really play any role in HFSC. It is the defined service curves what will give you the shaping.
As you were told before, it is really important that you cap the bandwidth at around 95% of the real bandwidth. Otherwise, shaping is pointless
-
As you were told before, it is really important that you cap the bandwidth at around 95% of the real bandwidth. Otherwise, shaping is pointless
OK. In that case, should I set both my ISP up/down speeds to 95% of their limits (from 50/5 to 47.5/4.75 Mbit)? Or do I also need to do the same for my 1 Gbps LAN and qLink? Thanks for your help.
-
Just the ISP queues is fine. The qLink queue will catch traffic between your local interfaces (as configured by the wizard), so I wouldn't even bother to put a cap on them
-
Tip to check if you are queuing and not your ISP:
ssh into pfSense
Launch pftop and go to the "Queue tab" (press 8)
Set update interval to 1s (press s, 1, enter)
Go to http://www.speedtest.net/ and launch a test
Watch your downstream queues and make sure packets are being queued on your side (QLEN>0)If QLEN stays at zero the bandwidth of your downstream queue is too big and your ISP does the queuing, lower the bandwidth of your downstream queue.
Could I most politely ask if what you mean is actually the qACK below root_pppoe0 that needs to have a QLEN > 0? Because that is the only one that has a value higher than 0 (12, 14, 9, in that range); all the others (qDefault, qOthersHigh, qOthersLow) will stay at zero, even if I reduce the bandwitch of WAN to as little as 10Mb/sec.
Thank you ;D
-
Could I most politely ask if what you mean is actually the qACK below root_pppoe0 that needs to have a QLEN > 0?
Yes, I can hear you. The answer is no.