Sorry to ask, but I'm way behind the curve right now…Voip



  • Hello there!

    So I've been playing with pfsense for a few days now, the more I do the more I realize how little I know.

    Right now I have 3 intel nics installed.

    1 for WAN

    1 for LAN/VLANS

    1 for Voip

    I'm totally unsure of how to configure the 3rd nic for voip.

    We have a Vertical Xcelerator IP voip system that seems to send out IP in the .99.x range…how it can get that IP to the phones without smart switches and vlans setup I have no clue.

    I want to give it a dedicated hookup but I'm not sure how to route the traffic.

    I tried the traffic shaper which I thought was really cool but I'm missing quite a few things...even so simple as to understanding how the bandwidth percentages work.

    I found the voip document but it doesn't tell me much and the others seem to be for specific voip carriers (asterisk, etc.)

    Any help would be so appreciated!  :D

    Edit: After using the traffic shaper I shutdown the sense box and after rebooting it I lost all internet. I disabled the changes made in the traffic shaper and everything came back...shows how little I understand...HELP!



  • So, voip was up last night but this morning all outbound and inbound calls were down though internal comm was up.

    I unplugged the voip system and plugged it back in and it started working again.

    I'm afraid this is telling of the reliability of voip until I figure out how to do the traffic shaping…if that is in fact what I should be doing.

    Please, if someone could point me to a tutorial or anything I would be very grateful...or if even someone could discipline me as to where and what I should and should not be posting that would be helpful as well..

    Please help!



  • So, I had the pfsense box plugged into the wrong outlet on our UPS and the power went out this morning around 8am.
    Afterward we could make or receive any calls.

    I rebooted and it seems to be working now.

    I've been reading as much as I can on voip and sip and rtp but it's all over my head.

    Could anyone help me or point me toward help in how to  dedicate a NIC to the voip phone system and forward ports/setup QoS for voip?



  • You're not alone.  I'm in the same boat, doing the same Googling and reading and head-scratching.

    I have found that, when you are using open source with a commercial aspect, the juiciest tech is always poorly documented as a driver to purchase support.  Openfiler is like this with replication and failover.  pfSense appears to go out of its way to not document the HFSC implementation: it's two sentences and a tip.  The wizard itself is sorely lacking in explanations.

    Anyway, I've been reading a lot and am trying to wrap my head around different articles using different approaches and different variables (m1, d, m2 vs. sc, rt, umax…).

    In my case we have a 95 Mbps synchronous fibre link (downstream is always steady 95 Mbps whereas upstream can vary between 65-95 Mbps, but usually closer to 90).

    We have some VoiP phones that I want to reserve room for.  I would think that this is a common scenario that would have been asked and clearly answered a million times by now, but no.

    I run the HFSC wizard and it leaves me with some bizarre numbers with nothing to explain what they even mean, much more why they are what they are.

    I am in the middle of three articles that may help (or not, we'll see):

    HFSC Scheduling with Linux  http://linux-ip.net/articles/hfsc.en/
    MasterShaper on a Linux Router  http://www.mastershaper.org/howto_router.html
    Hierarchal Fair Service Curve (HFSC) - QUality of Service for FreeBSD and OpenBSD  https://calomel.org/pf_hfsc.html

    Maybe if we put our heads together, we can come up with 2/3 of a brain? ;)



  • Wow, thanks so much for the reply.

    This stuff is quite a ways above me…I've always relied pretty heavily on forums and was hoping for some simple pointers (though it may just simply not be simple) but I haven't had any luck here.

    Anyway, it's good to know that there's someone else out there working on the same thing.

    What does your router setup look like?



  • Right now I have 3 different instances of pfSense running in a VMware vSphere 5.5 environment: one for our new OpenVPN to replace a crappy Cisco SA540 VPN appliance, one for my boss's VoIP phone as a test relating to dropped calls with RingCentral, and a third where I'm playing around with traffic shaping.  Our main firewall is an instance of MS ISA Server 2006 (don't ask), and we are suspecting that it may be interfering with the latency of the VoIP phones.  I'm just doing som proof of concept learning to see if it's feasible for us to scrap our MS ISA servers and replace them wit pfSense.  MS ISA is EOL so we have to move to something a little newer.  That's where I am.

    I had a small PRIQ queue up & running without any problems, but that approach doesn't handle latency.  HFSC seems to be the only one that handles latency, so you are pretty much forced to use it when you'r wrangling VoIP phones.



  • Dang…you're like, a legit network administrator. I'm just a guy that's played with routers at his house.

    Nevertheless I will press on, but I don't think I'll be much help to you with my limited knowledge.

    I have a post over at smallnetbuilder and they've suggested the ubiquiti routers, which after looking at them seem like they would be a good fit...though I'm kinda afraid of having to use the cmi to configure it. However, I'm reading that their forums are super helpful and they even have employees on the forums regularly answering questions.

    If I don't get something figured out really soon with pfs I think I'm going to head that route.

    I'll post back here with whatever I come up with.

    Thanks for the help!



  • @conradcliff:

    Hello there!

    So I've been playing with pfsense for a few days now, the more I do the more I realize how little I know.

    Right now I have 3 intel nics installed.

    1 for WAN

    1 for LAN/VLANS

    1 for Voip

    I'm totally unsure of how to configure the 3rd nic for voip.

    We have a Vertical Xcelerator IP voip system that seems to send out IP in the .99.x range…how it can get that IP to the phones without smart switches and vlans setup I have no clue.

    I want to give it a dedicated hookup but I'm not sure how to route the traffic.

    I tried the traffic shaper which I thought was really cool but I'm missing quite a few things...even so simple as to understanding how the bandwidth percentages work.

    I found the voip document but it doesn't tell me much and the others seem to be for specific voip carriers (asterisk, etc.)

    Any help would be so appreciated!  :D

    Edit: After using the traffic shaper I shutdown the sense box and after rebooting it I lost all internet. I disabled the changes made in the traffic shaper and everything came back...shows how little I understand...HELP!

    Not exactly sure what you are trying to do here but I think you have a network with a VoIP system and you want to know how to make everything work together.

    First if you are going to be using VLANs you are going to need a smart switch or managed switches so I would first need to know what kind of equipment you are working with. I will just give you a very general idea of how to make everything work.

    First you don't need to use that third NIC for VoIP.

    Here is the short answer:

    1. Make a separate VLANs for your LAN and VoIP or your LAN interface.
    2. Make the VLANs your switch
    3. Create a tagged port with both VLANs and connect it to your PfSense LAN interface
    4. Configure your switch to that all the ports where the phones are going to be be on have the tagged voice VLAN
    5. If you want to connect your computers to your phones then add your LAN VLAN untagged to the same ports as above
    6. Tell your switch what its voice VLAN is.
    7. Configure COS (Class of Service) for your voice VLAN on your switch

    You should be good to go. Not sure if you need traffic shaping if you are doing COS at the switch layer which would definitely mean you need a managed switch. I don't have much experience with traffic shaping but I guess it could help with your VoIP traffic returning. But as far a VoIP on your LAN you want to do COS.



  • @conradcliff:

    Dang…you're like, a legit network administrator. I'm just a guy that's played with routers at his house.

    Nevertheless I will press on, but I don't think I'll be much help to you with my limited knowledge.

    Network admin, tech support mgr, hardware tech, virtualization expert… I wear many hats.

    So after going through many docs, I have a better understanding of HFSC, but still there are gaps.  Here is what I think I've figured out:

    Each queue needs a service curve, be it Upperlimit, Realtime or Netlink.
    Upperlimit just indicated the maximum bandwidth to allocate to that queue, and you only need to specify the actual hard limit under Bandwidth and the m2 variable.
    Link share is the amount of bandwidth to share equally amongst all queues.
    Realtime is for latency-dependent traffic.  You must specify the bandwidth as well as variables m1, d and m2.  m1 is the amount of burst bandwidth to initially provide.  d is the latency desired.  m2 is the amount of bandwidth to provide after the burst period has expired.  If your ISP doesn't have a burst scheme, then m1 and m2 should be the same.

    During my experiments, I ended up with 2 root queues, WAN and LAN.  We have a symmetric 95Mbps link so I had WAN set to 90MBps with a queue limit of 3000 as per the Calculating ACK queue sticky.  I wasn't sure what to put for my LAN bandwidth, seeing as how our outbound link ranges between 65-95Mbps.  I know you should use less than max so that the ISP isn't doing the queueing, but I don't know if I should set it based on optimal 95Mbps or the sometimes much lower 65Mbps... I don't want to throw away 30Mbps for nothing.

    Under my WAN queue, I have 3 child queues, qACK, qDefault and qVoIP.  qACK has bandwidth 10%, and a Realtime of 10%, 50ms, 10%.  I set m1 and m2 the same as there is no bursting going on, so I want the initial bandwidth to be what I require for 12 phones with a max latency of 30ms.  qDefault has bandwidth set to 89% and an Upperlimit m2 of 89%.  qVoIP has bandwidth of 1Mbps and a Realtime of 1Mb, 30ms, 1Mb.

    Under my LAN queue, I have qLink and qInternet, and qACK and qVoIP under qInternet.  Here is where I start to get confused.  My qLink was set by the wizard to bandwidth 20% and no service curves.  That doesn't look right to me, but I fully admit I don't really know what I'm doing.  qInternet has wizard-set bandwidth of 73400.32Mbps (???) with Upperlimit m2 and Link share m2 set to same (???).  qACK and qVoIP are set the same as they were under the WAN queue.  At the moment I can't even really test this effectively without routing everyone through it, and I can't be doing that in a production environment.

    I would vey rmuch appreciate it if a bigger brain than mine could look at this and point out any glaring flaws, or fill in the blanks in my understanding.



  • 4 days later and nobody is willing to help…

    Oh well, I thought I would get smart and picked up a copy of the pfsense 2 Cookbook.  A word to the wise: this book is a waste of time and money.  All it basically does is walk you through wizards without any added explanation or anything.  Their section on traffic shaping basically walked you through the QoS wizard, with all default values.  By the end of it, you don't know any more than if you just launched the wizard yourself and clicked Next 5-6 times.  The cover text says "A practical, example-driven guide to configure even the most advanced features of pfSense 2".  Hardly.

    At any rate, I'm giving up on traffic shaping.  OpenVPN is working and our VoIP phones seem to be doing better going through pfsense than our old MS ISA Server, so good enough for me to stop banging my head against this wall.

    Good luck to anyone else trying to figure this out.  You're going to need it.


Log in to reply