SIP Traffic Shaping question



  • Can anybody please help with this? We have a pfSense 1.2 installation with 8 network interfaces. So far we use the following interface denominations "WAN1", "WAN2", "DMZ", "LAN". The WAN1 interface is connected to a 2Mbit SDSL (all VoIP traffic goes through here) line, the WAN2 interface to a cable service with 15Mbit/1.5Mbit for bulk downloads and backup. Traffic from LAN through WAN1/WAN2 is NATed. The plan was to introduce traffic shaping to ensure good voice quality for the Snom phones connected to the LAN interface. So I used the wizard with the following settings:

    Inside: LAN
    Download: 2000
    Outside: WAN1
    Upload: 2000
    Enable: Prioritize Voice over IP traffic
    Provider: Generic
    Address: VoIP_Client_Alias
    Bandwidth: 768Kbits/sec

    What now happens is that all non-VoIP traffic passing the LAN interface (no matter where it goes) is throttled to around 2Mbit. This effect obviously is not desired. We expected that the wizard settings would only regulate the traffic between LAN and WAN1 and not for example traffic between LAN and DMZ or LAN and WAN2.

    I am afraid I haven't fully understood the traffic shaping settings of pfSense. So if someone could give me some advice on getting the traffic shaping for our VoIP phones right, I would highly appreciate!



  • Multiinterface shaing is not really working in 1.2 (search the forum) but it will be much much better in 1.3 (see the trafficshpaer thread in the bounty section).

    For now you could do something like this:

    • wan upstream is upstream on wan interface
    • lan downstream is downstream of ALL your wans

    This won't work perfect of course but it's the best that you can do in 1.2 currently, at least when working with only one pfSense. Other option would be to have an additional system inline on wan only doing shaping from wan to lan as workaround until 1.3 is available.

    
    ISP1-------wan/pfsense/lan-------wan          lan-----
    ISP2-----------------------------wan2 pfSense optx-----
    ISP2-----------------------------wan3         opty---
                                     ...          ...
    
    

Locked