Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with Traffic Shaping

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      almabes
      last edited by

      I need some help setting up traffic shaping.

      A little background:
      I have a client that has VoIP through RingCentral.  They managed to DOS themselves by pegging out the upload side of their 50M/10M pipe.  I'm still investigating how they did it, so I can properly (re)architect their network, and configure QoS though their switches and firewall.

      They only have about 10 phones.

      I have been perusing the traffic shaping information on the forum and, frankly I am confused and not sure where to start.  If someone knowledgeable would be willing to trade their time for my dollars then feel free to PM me.

      My intent will be to set up a separate VLAN for their phones, right now they're just a flat network.  They have Cisco SG300 layer 3 switches, but I have not had the funding made available to get them set up properly, yet.

      I want to reserve 2 Mb/s of upload and download bandwidth for VoIP traffic.  The other traffic can wait.

      Thanks,
      Anthony

      1 Reply Last reply Reply Quote 0
      • M
        mcwtim
        last edited by

        Since you are only talking about 10 users I'd follow the advice here https://forum.pfsense.org/index.php?topic=63531.0 on creating a limiter to split available bandwidth among users.

        The next step I'd do is use the Traffic Shaping wizard and select PRIQ. Then create an alias for all the phones LAN IP's and assign it to the VOIP group.

        This should allow your phones to have high priority and also keep any one user from harming the rest of your users bandwidth. If only one user was using bandwidth; say a server backing up after hours, it would get all the bandwidth. If it was one user running bittorrent during work hours they are going to get 1/10th the bandwidth assuming others are using it.

        1 Reply Last reply Reply Quote 0
        • A
          almabes
          last edited by

          Thanks for pointing out the educational thread.

          Just checking to see if this is sane…

          I created the limiters and queues, per the thread, and limited them to 40M/8M. 
          I applied the queues to the default allow all rule on the LAN.
          I created a rule, above the default rule, that allowed all TCP/UDP to a /24 network that ringcental uses for SIP.  I did not apply the limiter to this rule.

          The idea is that traffic destined to their BYOB phone provider is unlimited.  Effing off on netflix, etc IS.

          1 Reply Last reply Reply Quote 0
          • M
            mcwtim
            last edited by

            Not quite sure how that rule will workout, let us know.

            For the most part VOIP bandwidth is fairly trivial volume wise, but it is latency and packet loss sensitive and can easily get choked out. My goal with the limiter was to improve bandwidth availability for each user. The PRIQ bit was to ensure that VOIP always went to the front of the line.

            1 Reply Last reply Reply Quote 0
            • A
              almabes
              last edited by

              @mcwtim:

              Not quite sure how that rule will workout, let us know.

              Me neither…
              I've got the same 50/10 service at my house, so I might take a phone home with me, stress my internet connection and see what happens.

              For the most part VOIP bandwidth is fairly trivial volume wise, but it is latency and packet loss sensitive and can easily get choked out. My goal with the limiter was to improve bandwidth availability for each user. The PRIQ bit was to ensure that VOIP always went to the front of the line.

              I most likely will  still do the PRIQ, but I want to set their phones on their own VLAN first. 
              This config is just a hack to keep them from DOSsing themselves again, hopefully.

              1 Reply Last reply Reply Quote 0
              • H
                Harvy66
                last edited by

                fairq+codel may be good enough and much simpler and have fewer corner cases.

                1 Reply Last reply Reply Quote 0
                • A
                  almabes
                  last edited by

                  @Harvy66:

                  fairq+codel may be good enough and much simpler and have fewer corner cases.

                  How so?  I need some education on how this all works.  I am very green when it comes to traffic shaping.  Unfortunately I can't go screwing with a production network and test out different configurations.

                  I do have an APU and some guinea pigs at home that like to stream videos I can screw with.  I really want learn how it works from someone that has the experience, and don't mind contributing to their beer budget for their trouble.

                  1 Reply Last reply Reply Quote 0
                  • H
                    Harvy66
                    last edited by

                    On your WAN

                    Scheduler Type: fairq
                    Bandwidth: 95% of your maximum. If you have really stable bandwidth, then possibly 98%. If you have very unstable bandwidth, then closer to 80%.

                    Create a default queue, set the length to 4096, check codel.

                    Results may vary. It should keep latency low.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.