Maximizing performance for network?



  • Hi,
    I was wondering if someone could help me understand few things about traffic Shaping.

    Well What im trying to accomplish is to prioritize https,http,imap,pop and block all p2p like torrents and such.

    I went thought the traffic Shaper wizard but im confused on percentages. On the photos lets say penalty box that 15 percent represents that if 192.168.3.2 passes the threshold it gets limited by 15 percent?

    And howcome it creates a shaper on WAN? if I only need LAN?

    My internet speed is 12 download and 2 upload

    After I finished the wizard not sure really what to do.

    Thank you









  • WAN shaping affects your upload and LAN shaping affects your download. I would also recommend checking CoDel along with ECN.



  • Hi Harvy66,
    Thank you for the reply. I was trying to understand https://forum.pfsense.org/index.php?topic=89367.0 and https://forum.pfsense.org/index.php?topic=11986.0

    I guess what im having trouble to comprehend is how the penalty box works?  :-[

    and how would I limit P2P for a 1kb/1kb or should I just Limit the bandwidth using limiter giving specific user 4down/1up?

    Thank you



  • Alright for now im going to focus on traffic shaping only http-https sites for now until i understand how HFSC works.

    After that i wanted to see the queue and been seeing alots of packet drops on my default and my qothersHigh which is HTTPS and on p2p no drops when i try to torrent.

    I wonder why on qdefault priority was given a 3?

    See pictures

    Thank you
















  • @killmasta93:

    Alright for now im going to focus on traffic shaping only http-https sites for now until i understand how HFSC works.

    After that i wanted to see the queue and been seeing alots of packet drops on my default and my qothersHigh which is HTTPS and on p2p no drops when i try to torrent.

    I wonder why on qdefault priority was given a 3?

    See pictures

    Thank you

    Drops are caused by too small of buffers, which default to 50 unless you specify otherwise. Make them larger. I recommend just using CoDel, but I am not sure if queue size applies to CoDel when used as a child discipline.

    P2P may not have drops because uTP, which is primarily used by Torrent, is much less aggressive than TCP.

    What you showed looks good. My only personal opinion would be to have qDefault on the LAN and explicitly place LAN traffic in qLink.



  • Hi,
    Thanks for the reply, So i was having trouble with HFSC and went to PRIQ for the LAN and for WAN went to CODELQ.

    Now i guess my question is lets say machine A is downloading an iso of 4gigs at a rate of 200kb and

    machine B is trying to navigate the web would Machine B have priority over machine A?

    And would machine A rate lower to around 100kb or less because Machine B have priority?

    Thank you, and sorry that im a bit confused.

    See pictures












  • http://www.linksysinfo.org/index.php?threads/qos-tutorial.68795/

    Read that link and research until you understand every part of it. That is a good place to start.

    Proper usage QoS needs a good understanding of internetworking fundamentals like TCP congestion control algorithms.



  • FairQ or CoDel may not need any priority because they are biased against bandwidth hogs. They provide no guarantees, but on average should be "good enough". If you can't understand HFSC, you probably don't understand enough theory to worry yourself with details and "good enough" is your best bet.



  • Thanks again I will check it out and post back once I get everything :)



  • Hey just curious questions, I have been reading alot on other forums about traffic shaping (Limiter) with transparent proxy and it seems that it is still broken.  Does that also include on the queues?

    Thank you



  • I do not think so, but I do not know. Traffic shaping queues function as expected for me.



  • allright so i think I got it, but have a few questions

    I made qVOIP as my highest then http,dns second then last everything else would be lowered to 5 percent.

    I ran some tests on torrents and it did work, max rate was 73kbit download speed and while  ping 8.8.8.8  around 60-80 see pictures

    But my questions is how come so little packet drops for qCatchall? And when I did a speed test it was less then 1mbit down/1mbit up but no packet loss thats where i get confused.

    Also not sure where to add the codel on which Queues?

    Thank you
































  • Just remember that realtime always takes from the root and ignores upperlimit and link share. Of course any bandwidth above realtime respects upperlimit and link share.

    And a 500 queue is very large for 13Mb of bandwidth. That's about 500ms of latency if the entire queue was full of 1500 byte packets. If in doubt, enable CoDel on all queues.

    I also noticed that you said your connection is 12mb, but you set your shaper to 13Mb. On your download you should set your bandwidth to about 90%-95% of your minimum bandwidth. This means if you average 12Mb, but it comes in as a fluctuating 11Mb-13Mb, you should target 95% of 11Mb.



  • Hi Harvy66 thank you again for the reply :)

    Just remember that realtime always takes from the root and ignores upperlimit and link share. Of course any bandwidth above realtime respects upperlimit and link share.

    does that explain the speedtest pictures, while enabling traffic shaping  would speedtest results be different? Not really sure if I understood the last part, any bandwidth do you imply the WAN queues o the LAN.

    And a 500 queue is very large for 13Mb of bandwidth. That's about 500ms of latency if the entire queue was full of 1500 byte packets. If in doubt, enable CoDel on all queues.

    I saw on a previous post that you showed your pics which had 1024 Queues should i follow somewhat your pics? When enabling CoDel on all queues should I remove all the queue limits?

    I also noticed that you said your connection is 12mb, but you set your shaper to 13Mb. On your download you should set your bandwidth to about 90%-95% of your minimum bandwidth. This means if you average 12Mb, but it comes in as a fluctuating 11Mb-13Mb, you should target 95% of 11Mb.

    Thank you that was a very good point you made I wasn't really sure,  I would have days that its 11 others 12.9

    And my last questions how were my firewall rules? where they correct? or is there any recommendation you could tip me  :)?

    Thank you again



  • If you enable CoDel, the queue limit is unused.

    With CoDel enabled my queue is 2-4 packets even though it is defaulted at 50.



  • Your speedtest is going into the catchall, which has an upperlimit of 10%. Probably because many speedtests use port 8080 for some reason.



  • Thank you for the replies

    @Nullity

    If you enable CoDel, the queue limit is unused.

    With CoDel enabled my queue is 2-4 packets even though it is defaulted at 50.

    Would it be recommended enabling it on the Default queue both LAN and WAN?

    @Harvy66

    Your speedtest is going into the catchall, which has an upper limit of 10%. Probably because many speedtests use port 8080 for some reason.

    but isnt my upper limit on catchall 5%? But whats funny My navigation speed on websites are great or should i be worried about the speedtest result?, But lets say I would need to download a heavy file and I would need to bypass the queue would that be possible or I would need to turn it off?

    Thank you



  • @killmasta93:

    Thank you for the replies

    @Nullity

    If you enable CoDel, the queue limit is unused.

    With CoDel enabled my queue is 2-4 packets even though it is defaulted at 50.

    Would it be recommended enabling it on the Default queue both LAN and WAN?

    The answer is complicated.

    Though, thankfully, you can simply use trial & error to determine whether you prefer CoDel or not.

    tldr; enable



  • Thanks Nullity for the reply I think I am getting the hang of it doing lots trail and error.

    So i think on the LAN part (download) I have been able to tweak it with the catchall to a decent amount without hurting download streams, but the WAN(upload) do we have any control of it?

    Lets say someone is uploading 1gig of information to dropbox with a 2mb upload speed it kills the internet I have seen my WAN RTT to around 300ms when originally its around 1.3ms, is there a possible way to put that catchall on the WAN for only protocols of dropbox,mega,wetransfer?

    Also streaming netflix,youtube, going to webpages that uses the LAN queues right?

    Thank you



  • Before using pfSense, I was proud of my networking knowledge because I knew the diff between a switch and a hub.  ???

    Then I became interested in traffic-shaping and realized I knew nothing about computer networking. After reading a few networking books and many dozens of (incomprehensible, lol) white-papers centered around HFSC, I finally feel comfortable configuring a simple traffic-shaping setup.

    I say this because all your questions are already answered in books, the pfSense wiki, and Google. Go read. :)

    We ain't your lackeys. :)



  • hahah all righty  :) ill post back up when I have been fully educated  ;)



  • @killmasta93:

    hahah all righty  :) ill post back up when I have been fully educated  ;)

    Well, we just need to know you have felt the same pain we have, lol.

    I look forward to seeing you become a jaded forumite. :)



  • @killmasta93:

    @Harvy66

    Your speedtest is going into the catchall, which has an upper limit of 10%. Probably because many speedtests use port 8080 for some reason.

    but isnt my upper limit on catchall 5%? But whats funny My navigation speed on websites are great or should i be worried about the speedtest result?, But lets say I would need to download a heavy file and I would need to bypass the queue would that be possible or I would need to turn it off?

    Thank you

    Yes, your catchall upperlimit is 5%, which is why your speedtest is so slow. Your websites work fine because they properly go into your web queues. You need to fix your matching rules to include port 8080 for the destination.



  • Hi Harvy66,
    Thanks for the reply I got the speed test working with the firewall rules see picture I got the hang of downloads(LAN) i even been able to create alias to give certain groups to follow the queues and others to ignore it for testing purposes.  I was able to limit the download speeds to download an iso (1.2gigs) at a rate of 300kb/sec while another computer would ignore that and download the same iso at 1.2mb/sec  ;D

    What I can not get is the uploads (WAN).

    I have been trying to limit upload speeds to 120kb/sec with mega but immediately  it uses the queues of the qhttp which uploads at 740kb/sec

    I then created another rule to use the qdefault/qcatchall with all the Ips of mega and nothing :(

    Not sure what i might be doing wrong?

    Thank you








  • With floating rules, last rule wins. Mega is at the top, so it'll get changed by qHTTP at the bottom. You also have to remember that IPs can change at any time. The firewall would be expecting a different list than what the client attempts to connect to.



  • Thank you for the reply, So I did what you advised and moved around other rules and nothing :( what I also realized that when disabling the rule of the http it then queues the qdefault but enabling the qhttp it goes back to the qhttp when uploading though mega see pictures.

    I also tried giving the qhttp less percentage but kinda defeats the purpose. lol..

    I guess what my main goal is for people uploading though dropbox,mega,google drive,etc give them around a 200k upload limit which I am able to do it on the download part but not on the upload part.

    Thank you






  • Those services use the HTTP protocol, but are you sure they use the HTTP/HTTPS ports?



  • Hi Harvy66 thanks for the reply, yep they do unfortunately.  I think uploading is worst then torrenting lolz… especially when having 2mb upload and now these days there's so many sites to upload..like google drive,dropbox, mega, filepup ,etc

    :(


Log in to reply