How do I shape Skype & BitTorrent traffic???
-
Hello everybody
I am in charge of a network which has approx. 60-70 hosts, laptops and phones (50/50), lots of them are owned by the staff.
I want to shape the traffic, so the Skype calls have the highest priority, browsing have medium priority and BitTorrent the lowest priority and about 10% of available bandwidth. Connection is 100/100 Mbps, so I have plenty of bandwidth to work with.
I already tried shaping traffic using NgNtop, but some of the workers complained about poor internet access, while others had no problems, until I deactivated this package.
What else can I do? How to track Skype and BitTorrent traffic? -
I hope someone tells me I am wrong but AFAIK pfSense does not do any Layer7 filtering anymore. The code was buggy and has been removed. So shaping/blocking based purely on the content of the packets (e.g. BitTorrent) is probably not going to be possible without adding another product.
-
I hope someone tells me I am wrong but AFAIK pfSense does not do any Layer7 filtering anymore. The code was buggy and has been removed. So shaping/blocking based purely on the content of the packets (e.g. BitTorrent) is probably not going to be possible without adding another product.
True. If additional packages are an option, snort has powerful L7 capabilities like AppID. Also, encryption (which Skype and optionally BitTorrent use) severely limits L7 capabilities (but I think AppID has additional tricks that can help).
Skype could be matched by port, I assume, unless someone purposely is trying to hide the traffic.
It'd probably be easier to proportionally share throughput among each IP with limiters.
-
I take the whitelist approach instead of the blacklist. What I mean is I identify the traffic I want to by normal or high priority and all unknown traffic goes to low/idle priority. I use the term priority loosely because I use HFSC and all it really means is more or less bandwidth.
Don't forget to enable CoDel on your child disciplines. At some point in the far future, PFSense should get Cake, once it's done and ported. Then you will probably never need to configure priorities again.
