Trafic shaping, bandwith management and QoS



  • Hi guys,

    New to pfSense

    Just installed 2.1.5-RELEASE (amd64)

    The bandwidth is mainly used here by:
    FreePBX server
    SFTP transfers
    SSH sessions
    OpenVPN
    Web browsing

    So I would like :

    1. Give absolute priority to FreePBX, maybe even reserve some bandwidth for it

    2. Limit bandwidth used for SFTP transfers

    3. Give good priority to OpenVPN

    4. Give lowest priority to Web browsing

    Now I have no idea how to do this on pfSense and I can't seem to find any comprehensive documentation.

    Any help would be greatly appreciated!



  • Go to Firewall - Traffic Shaper.  Run the wizard.  Answer the questions.  Read this.  Ask lots of questions.  Experiment and test.  Read this thread.  Ask more questions.



  • When going into HFSC, here's my understanding in a nutshell

    RealTime - Lowest latency, prioritized before LinkShare. Will do a great attempt to make sure this is met. Realtime is taken from the root, not from the parent, and the total of all RealTime for all queues under an interface may not exceed 80% of the root's bandwidth.

    LinkShare - Semi-lazy ratio based. This bandwidth is all of left-over bandwidth that isn't being used by RealTime. LinkShare is always taken from the parent.

    Priority - Only affects packet ordering, but not the bandwidth. So still good for reducing latency by some slight degree.

    UpperLimit - Without a limit, any queue may use all remaining bandwidth, which is not an issue unless you're trying to reduce bandwidth usage.

    Burst - No clue now this fits into the picture other than a very basic concept that it will be faster for a short bit.

    I've had really good results with HFSC. I can run my connection at 95% and still maintain low pings and loss where it counts. Remember, HFSC is not about managing "priority" but enforcing bandwidth ratios, while allowing any "free" bandwidth to be made use of.



  • Have you thought about using PRIQ instead of HFSC?  I think it is a little easier to configure/understand and for most people should get the job done.



  • If you have a lot of bandwidth, I too would recommend PRIQ instead. Much easier to understand and work with.

    HFSC is really, IMHO, more well suited for low speed connections that require bandwidth and latency guarantees.



  • @koulee:

    If you have a lot of bandwidth, I too would recommend PRIQ instead. Much easier to understand and work with.

    HFSC is really, IMHO, more well suited for low speed connections that require bandwidth and latency guarantees.

    To expand on what you said

    A lot of free bandwidth or you have simple needs like games>bulk>P2P. But even some of these "simple" setups can have some ramification that create strange symptoms that are hard to undesrstand, when you reach link saturation.

    PRIQ has starvation issues for lower priority classes. PRIQ is primarily for handling very short bursts of traffic but is not good at playing well with traffic at high utilization, while HFSC allows you to control how your connection degrades under congestion.



  • @KOM:

    Go to Firewall - Traffic Shaper.  Run the wizard.  Answer the questions.  Read this.  Ask lots of questions.  Experiment and test.  Read this thread.  Ask more questions.

    So I didn't even notice there was a "Wizard"

    That thing is AWESOME.

    But i still don't see how I can do custom rules.

    For example :

    I want to manage SFTP trafic.

    How can I do that ?

    Also, I'm not so sure about PRIQ vs HFSC

    For info, my connection is quite limited.. it's a 20 Mb download / 12 Mb upload, and I need to make miracle with that.

    No games or P2P trafic.

    But several SIP trunks (VoIP traffic) that I need to put in top priority.

    I also have several SFTP transfers and I need to limit the % of the bandwidth it uses.

    Finally, I've got some VPN going on and the rest is Web browsing.



  • Traffic management via the shaper is done with the use of queues and Floating Rules.