Qos/gurantee BW for some ips for incomming "download" is that possible ?

  • Hi , im posting here to ask an important question about how to gurantee bw for some ips/service for the path "incomming" ((download))
    i have more than 500 Mbps for ISP and i cant do any type of gurantee of QOS for incomming (download)
    the answer i got so far is (we cant control the other side links of internet ) and i agree with that .
    and i agree with can do QOS for upload without any problem.

    but im here going to ask about the QOS for DOWNLOAD which is so important to me .

    i found many posts here in the fourm that explain how QOS form incommoding is done and its done out of the LAN interfaces (pfsense use the behavior to be in out direction of an interface)

    but im wondering and miss-understanding , who to belive ??

    it ddint work for me QOS for incoming ans seems like useless.

    the question is being asked , i need clear idea , am i right or wrong with what i mentioned above ???
    can pfsense do QOS for incoming  ?

    i have a good discussion about that subnject here i hope u have a look on posts and be active here


    thank you so much

  • There are three issues with traffic shaping your download

    1. You can't force the senders to slow down, but you can influence them
    2. The latency between the shaper and you is much lower than the shaper and them. It takes them longer to respond.
    3. You're going from a faster to slow link when you shape your upload. Shaping your download is going from a slow to fast link.

    Addressing #1. You can't stop bad actors. They can take several forms, the most common being a DOS attack. Nothing you can do with your firewall if they consume all of your bandwidth. There's another kind of bad actor. An example is many cable companies have horrible amounts of bufferbloat, which can cause the latency between you and someone else to be incredibly high. This can cause a sender to retransmit data that wasn't lost, but the latency was so high, it triggers a resend.

    #2 and #3 are your most common. You biggest enemy is TCP ramps up exponentially. This means you need enough breathing room to keep your link from getting flooded. If you have a good connection, you can probably set your upload to 98% and effectively traffic shape. With your download, you may need to set it to 95% or lower.

    Remember, PFSense shapes outgoing. You need to shape the outgoing of your LAN. Multi-LAN gets messy and has limitations.

Log in to reply