Help with Traffic Shaping
-
I need some help setting up traffic shaping.
A little background:
I have a client that has VoIP through RingCentral. They managed to DOS themselves by pegging out the upload side of their 50M/10M pipe. I'm still investigating how they did it, so I can properly (re)architect their network, and configure QoS though their switches and firewall.They only have about 10 phones.
I have been perusing the traffic shaping information on the forum and, frankly I am confused and not sure where to start. If someone knowledgeable would be willing to trade their time for my dollars then feel free to PM me.
My intent will be to set up a separate VLAN for their phones, right now they're just a flat network. They have Cisco SG300 layer 3 switches, but I have not had the funding made available to get them set up properly, yet.
I want to reserve 2 Mb/s of upload and download bandwidth for VoIP traffic. The other traffic can wait.
Thanks,
Anthony -
Since you are only talking about 10 users I'd follow the advice here https://forum.pfsense.org/index.php?topic=63531.0 on creating a limiter to split available bandwidth among users.
The next step I'd do is use the Traffic Shaping wizard and select PRIQ. Then create an alias for all the phones LAN IP's and assign it to the VOIP group.
This should allow your phones to have high priority and also keep any one user from harming the rest of your users bandwidth. If only one user was using bandwidth; say a server backing up after hours, it would get all the bandwidth. If it was one user running bittorrent during work hours they are going to get 1/10th the bandwidth assuming others are using it.
-
Thanks for pointing out the educational thread.
Just checking to see if this is sane…
I created the limiters and queues, per the thread, and limited them to 40M/8M.
I applied the queues to the default allow all rule on the LAN.
I created a rule, above the default rule, that allowed all TCP/UDP to a /24 network that ringcental uses for SIP. I did not apply the limiter to this rule.The idea is that traffic destined to their BYOB phone provider is unlimited. Effing off on netflix, etc IS.
-
Not quite sure how that rule will workout, let us know.
For the most part VOIP bandwidth is fairly trivial volume wise, but it is latency and packet loss sensitive and can easily get choked out. My goal with the limiter was to improve bandwidth availability for each user. The PRIQ bit was to ensure that VOIP always went to the front of the line.
-
Not quite sure how that rule will workout, let us know.
Me neither…
I've got the same 50/10 service at my house, so I might take a phone home with me, stress my internet connection and see what happens.For the most part VOIP bandwidth is fairly trivial volume wise, but it is latency and packet loss sensitive and can easily get choked out. My goal with the limiter was to improve bandwidth availability for each user. The PRIQ bit was to ensure that VOIP always went to the front of the line.
I most likely will still do the PRIQ, but I want to set their phones on their own VLAN first.
This config is just a hack to keep them from DOSsing themselves again, hopefully. -
fairq+codel may be good enough and much simpler and have fewer corner cases.
-
fairq+codel may be good enough and much simpler and have fewer corner cases.
How so? I need some education on how this all works. I am very green when it comes to traffic shaping. Unfortunately I can't go screwing with a production network and test out different configurations.
I do have an APU and some guinea pigs at home that like to stream videos I can screw with. I really want learn how it works from someone that has the experience, and don't mind contributing to their beer budget for their trouble.
-
On your WAN
Scheduler Type: fairq
Bandwidth: 95% of your maximum. If you have really stable bandwidth, then possibly 98%. If you have very unstable bandwidth, then closer to 80%.Create a default queue, set the length to 4096, check codel.
Results may vary. It should keep latency low.