Shapping with VoIP (Asterisk) and Torrents: Newbie perspective
I'm new to all thing traffic shapping. I've read many good comments on PfSense, and decided to give it a shot.
We have a 12 user LAN, doing various office task (including downloading streaming music and torrents!).
All of our line are fed by VoIP trough Babytel.ca and an Asterisk box (all SIP/G.711, two conversation at the same time max.).
Problem was: With our old routers (we tried many), the VoIP started to sound choppy proportionnal to Internet usage. When a user sent an email with attachement, it made a "pop/glitch" in the conversation.
I currently havepfsense 1.2rc2 (full hard drive install) as our main router.
I have done the following:
0-Install (a breeze, develloppers have done a very good job. I love the NIC identification trough connection change scheme)
1-Configured my Wan-PPPoE conection (was easy. Nice Web Gui, by the way)
2-Configurer my LAN-Fixed IP no DHCP server (easy too)
From this point the old P3/500 256MB I salvaged from god-knows-where-dark-corner is a fully fonctionnal router, as functionnal as the cheapest DLink or Linksys
Then: The horror story: Traffic Shaping :) All the following is done trough the EZ Shapper.
-> Did many speedtest on speedtest.net: I have 3800dn and 490up at minimum (maybe someone else in the office was using the net…) So for all my later shapping configuration, I will use 3500dn and 400up as maximums.
-> I configured Traffic Shapping(abbreviated TS from now) with only "priorize VoIP - Generic" with no IP and reserve 256kb.
Result: My VoIPUp and VoIPDown queues were empty, and traffic flowed without particular priorization (this is weird, right?)
-> Reconfigured TS to set 192.168.1.101 (my asterisk box) in the VoIP IP field.
Result: VoIP Traffic flowed trough the VoIP Queues. Now, VoIP conversations are crystal clear under normal network loads.
So now, I TSed the p2p to lower it's priority for users to be able to navigate web pages even if two coworkers battle for the remaining bandwith downloading torrents.
-> Priorize VoIP with defined IP, lower P2P.
Result: Voice is Ok, but torrents do not go to their p2p queue (again, weird).
-> Thinking it was due to non-standart ports, I've changed my "random" port of utorrent to 6881, closed and restarted the torrents.
Result: Again, nothig going to the p2p queue. Looking at the trace, I see my personnal LAN_IP:6881 all over.
-> I activated the p2p "catch-all" with a limit at 200up/3000down.
Result: All the torrents now go to p2p. However, FTP transfer (I think it's on non-standart ports tho) go to p2p. That is a very small incovenient, as browsing the web AND having a conversation AND downloading like crazy is now possible!
The weird, innaceptable thing: Now, when I receive a call from the outside and the traffic is saturated, the call has a "starting lag" (must be something to do with m1 m2 and d...), and after 3 to 10 seconds, the call drop (literrally hang up, leaving a busy tone). I have Mediatrix 1102 APAs and Grandstream BT-100 and both have the same behaviour.
I now have two theories to check, and hence, here are the two questions:
1- Is it possible that when the call is received, traffic is saturated and pfsense takes a little time to reduce other queues to allow the reserved 256kb VoIP bandwith, making the ping round-time change drastically leaving no chance for codecs to adjust/bufferize (slow-slow-slow-veryFast-veryFast......).
2- Is it possible that some portion of the VoIP conversation/signaling be caught by CatchAll, and when packet drops, some of the critical ones are dropped too?
I'm also open to other alternative.
I would have liked to just plug the VoIP in OPT1, somehow setting two set of pipes (one for LAN and one for OPT1), assuring me both segments do not overuse the bandwith of another and not determing based on IPs or subnet. I would also need port 80 from Lan to OPT1 to web-manage my devices, and maybe active DHCP server but only in OPT1.... But I must read much more before I can pull this out.
Also, on the same topic: Is there =ANY= documentation on PfSense? I have found no tutorials covering options in basic configurations, only "how to install" wich is so easy it needs no tutorial, and "how to setup dual WAN redundancy with OpenVPN" and other obscure usage. I would gladly read anything describing the logic of firewall rules, NAT (what is 1:1??), and queues.
Any help would be very appreciated!
Thanks in advance :P
Dropping calls: http://doc.pfsense.org/index.php/Static_Port
I think you need to identify the SIP/IAX traffic specifically with a packet sniffer or the like an make an alias for it (as some SIP phones use nonstandard ports). Or, put all the VOIP traffic in its own subnet and shape from there.
This may not answer everything for you, but I have had similar problems in the past.
This works! Thanks Steep!
Now, I shape with CatchAll eanbled, limiting almost everything, but VoIP is perfect In and Out :)
As it is, PfSense now respond to all my needs, and will impress my colleagues at the Christmas party :D
I guess I should write a small tutorial on this.