QoS/PRIQ - as of v2.3, what works what does not?



  • Hello.

    I've not messed with shaping much, but the kids are getting older and there are lots of devices that use the network, so I've got to do something lol.

    In researching how I can use some traffic shaping, I've seen a LOT of mention of certain types of shaping (ie. priq,cqb,hfsc) not working correctly on this or that version, or whether limiters work, or whether a given implementation will cause issues of some kinds.

    So, question number one is, what is the deal with traffic shaping? Is it broken, or does it just depend, or is it all user config errors? Too many opinions running around that oppose each other it seems.

    Now, I have the limiter working although the rates used in the gui don't seem to match. If I use 5Mbit as a download limiter, it allows almost 10Mbit. Don't know why, tried using Kb as well, but it just does not seem to match. Thats not as important as whether or not it is stable.

    My big question is, as I am learning, how to actually apply a very simplistic shaper. I've looked at so many threads and tutorials its really sad. I'm fairly well versed in computing in general, and networking too. But this is one ambiguous topic.

    So, if my goal is to make one computer get all bandwidth when it wants it, and all others to "give it up", it should only require a LAN shaper with 3 ques, one high level 7, one default level 5 and one low level 3. I've read that in reality I only need a high and low, and that when creating a LAN fw rule, the "master computer" just uses que "high" and the other computers just use que "low". That pretty much ignores acks, which would go to the medium or default que?

    I've done this pretty much already. Wan/Lan shapers are created, 3 rules each (high/med/low) at levels 7/5/3 and medium as default. I create the Lan fw rule to use high on the master pc and low on the others. I can see it working in the status tools. Its interesting that outbound ques (wan interface) have activity even though I applied no rule (neither floating nor wan). So either the que is always there or the default is used automatically and if there are no fw rules its just a que and does nothing.

    Now, have I done this correctly? Does the ack que need to be present, in order for the rules and ques to "see" that there is some adjusting to do? I don't see the ques adjusting. Or, is the adjusting (throttling) done on new states? I've been testing by starting a download (steam game update) on a couple computers and then doing the same on the master or maybe just doing a bandwidth test of speedtest site. The ques are being used, but not adjusting. This could be that on a large continuous download the state never changes, thus the ques don't process any changes either?

    Most questions seem to be about how to ensure all clients get same bandwidth or how to limit a given ip/subnet to only X bps. I just want to start with a QoS really, so higher ques are not starved and lower ques can be starved if higher ques demand it.

    Any thoughts from anyone?



  • It just seems a bit strange to have a "master computer" that can randomly kick other devices off the network if it decides to use all of the bandwidth.



  • I suppose it does. But think about it like you are the one working every day to pay the bills (and the internet connection) and when you want to do something online, you expect it to work. Instead, you are relegated to the back burner because everyone else is busy on thier devices using the bandwidth. Steam is the worst culprit haha, but the streaming stuff is almost as bad.

    Thus the need to find some limitations and prioritizations ;)



  • There is a difference between reserving bandwidth for yourself and making the Internet unusable for others. You can give yourself 80% of the bandwidth and still leave something for others. But you can do whatever you want. Just giving my 2 cents for "Any thoughts from anyone?"



  • Indeed that is true. However, thats putting the car before the horse. I've looked at HFSC. Its not exactly something you just fill in values for and go. Limiters work thus far, and I have employed them, and plan on using them perhaps as a supplement. But really the first issue is to fully understand how the packet shaping is working in pfSense. Its like NAT, in that it is not completely foreign, but different from the typical consumer router, so it takes some studying to really grasp.

    So, step one in my book of how to learn, is to start with PRIQ and a goal, which is to give my computer the full monty, at highest priority, and my kid the dredges, at lowest priority. The wife and other devices go inbetween. The ACK que is important, so that needs playing with. All in all, PRIQ and what I plan to do seems like a superb way to get introduced to pfSense terminology on traffic shaping.

    I can figure it out myself eventually, just like I did with squid and squidguard to do a bunch of strange custom stuff. But I hope I can find a tutor to help me understand. I am not satisfied with it "just working" in things of this nature, I want to understand how to get it working.

    And as to whether anyone needs 80% or 100%, thats really not important. What is important is that it does indeed happen, because that will show me how the ques work when different computers are all hitting the connection at the same time. To me, I have to have 6 machines all trying to saturate the connection in order to really see how the prioritizations are going to affect traffic. So I do hope my machine gets all of it. It likely won't , but to test PRIQ I've just got to see for myself how different things happen.



  • HFSC really is something you can just fill in values and go, for the most part. At least one gotcha is that it doesn't like shaping more than two hierarchies deep or it didn't some time ago in 2.1.x.

    Instead of filling in priorities, you fill in bandwidth, don't even concern yourself with anything in the "Service Curve" area below. Just place yourself in the hypothetical situation where your connection is maxed out and all of your queues are trying to go full speed. How do you want your bandwidth distributed? That easy. Don't forget to enable CoDel.



  • I was under the assumption that many now state to just use PRIQ. As the original question of this thread, there are many threads with information saying one thing or another is messed up. Many of them seem to state that early version 2 releases worked but more recent ones have broken something.

    I've many questions after playing with it some more, but I think I need to stop looking at pfSense gui and look deeper at alt-q and bsd and come to terms with some more basic data, such as if each shaper (wan and lan) has the same que name (ie. qACK) are they in fact the same que, and when do you use one or the other. In pfSense case I have been trying to understand which one to pick because I named them like qLack and qWack so that I could better understand, but thats not working at all. I really think I need to know more. Thats not unusual for me really.

    Thanks for taking the time to reply. I was originally thinking that CBQ would be ideal, but read a lot about not using that too. A couple days reading should help to better understand it and be able to figure out the noob stuff myself so I can ask better questions, cause right now I feel like I am only asking questions that have been asked time and time again (other than if there are any issues that are not rumors) :)



  • This is how I understand queue assignment and PFSense. When a new connection is trying to be created, it must pass the firewall rules. There will be 2 states created and attached to the appropriate interfaces. At the time the states are created, they get assigned to their queues based on the rules, but only one rule gets to apply.

    Example, if I'm trying to connect out to Netflix and the new connection is initialized on my LAN interface, the rule on my LAN interface that passes the connection gets to assign the queue. If the queue is qNetflix, then the state-pair will both attempt to be assigned to qNetflix, but only if qNetflix exists on both interfaces. If my WAN interface does not have qNetflix defined, then it will get dropped in the default queue of the WAN interface, but state on the LAN interface will be placed in qNetflix.

    It's generally a good idea to declare the same named queues on all of your interested interfaces, otherwise one or both states may be placed in the default queue if the name does not exist.

    CBQ is roughly the same as HFSC at the abstract level, but HFSC decouples bandwidth and delay in more than one way from the old round-robin ways of CBQ. HFSC does not need to create an artificial backlog of packets nor does it add additional latency to packets in order to maintain proper bandwidth. On top of that, if you know what you're doing, you can decouple bandwidth and latency even further by using service curves. I will not be pretend to know exactly what is going on, but the gist seems to be you can make low bandwidth queue have the delay of a high bandwidth queue without giving it more bandwidth.