Traffic shaping/prioritization in PfSense

[DrJohnZoidberg]

Been doing a lot of research in to traffic shaping policies for Pfsense as I wanted to get my network stable and be able to play games fine or maintain quality conference calls with Hangouts or Slack even if a Steam download kicks in or somebody starts streaming from my Plex server.

https://www.dslreports.com/speedtest is a good place to also check the quality of your connection and if you're prone to bufferbloat.

The ideal situation is getting as much of your rated speed while maintaining an A+ score, as there are no local servers on this test it does sometimes tend to give a slightly lower download score.

Still tweaking things as I go but if anyone wants to look at my PFsense rules here is an album: https://imgur.com/a/9eBmZ

I'd be open to suggestions too on how to improve things.

 

[DeathStrike]

thanks doc.

 

[adam_g]

Thanks. This will help alot

Been trying to get traffic shaping right for a while but its tricky. just settled with limiting

EDIT: ill post my rules for ports if you guys want.

 

[DrJohnZoidberg]

Thanks. This will help alot

Been trying to get traffic shaping right for a while but its tricky. just settled with limiting

It's pretty daunting but I think I'm starting to get it. Things can go south fast if you don't configure it correctly, especially when using HFSC.

Another very simple method if you just want to combat bufferbloat is to set your interface's shaper scheduler to FAIRQ, the bandwidth to around 95% of your actual bandwidth and save. Then add a single child queue under that interface set the "Default" flag and the "Codel Active Queue" flag and you're good to go.

Another even simpler method is to just set the interface shaper scheduler to CODELQ, this is super simple but found it isn't as effective as using the FAIRQ + Codel method above.

 

[DeathStrike]

I just used the wizard. lol. unfortunately it doesn't seem to help much for my needs as I still get buffering on YouTube when downloads are going.

 

[DrJohnZoidberg]

I just used the wizard. lol. unfortunately it doesn't seem to help much for my needs as I still get buffering on YouTube when downloads are going.

I start by checking playing with the bandwidth values and make sure they're at least 95% of your actual througput.

So bandwidth for LAN would be {your_download_speed} * 95% and WAN would be {your_upload_speed} * 95%. Play around with this value and maybe lower it to test and see if it makes a difference. If these values aren't set correctly then the entire shaper will be useless.

 

[Evo1ve]

P2P traffic is killing my ADSL line


I'm using PFsense and Mikrotik but can't seem to find something about "low latency queuing"
I would really like to prioritize certain protocols including icmp.

They only way that I know is to limit the amount of connections p2p connections.
I also wondered to create a few additional ADSL pppoe interfaces to route p2p traffic only

 

[DrJohnZoidberg]

P2P traffic is killing my ADSL line


I'm using PFsense and Mikrotik but can't seem to find something about "low latency queuing"
I would really like to prioritize certain protocols including icmp.

They only way that I know is to limit the amount of connections p2p connections.

You can do this with PfSense by setting up a shaper. If you want to successfully shape p2p traffic you'll have to ensure that the shaper queue with the least bandwidth/priority is the default one and that you priortise any other traffic (like web, voip, icmp, dns, etc) into a higher bandwidth queue. This does get a bit tricky as you need to ensure that things you don't want to go into the lowest queue get firewall rules so you don't end up throwing traffic like Skype or something into the low queue because it isn't classified.

I also wondered to create a few additional ADSL pppoe interfaces to route p2p traffic only

Creating new PPPoE connections, unless they're physically on a different line, will not help much from a traffic management perspective as your "download" traffic shaping happens on the LAN interface.

The shaper in PfSense really works well once you've set it up correctly.

 

[Evo1ve]

Hi DrJohnZoidberg

I also had a look at Marks PFsense video guide

https://www.youtube.com/watch?v=rF46PNid1Mo

Shaping in Pfsense seems to kinda work but I'm still experiencing high ping times to local servers while active p2p (tcp /udp 443) is running.

https://netduma.com/ guys that flash there own firmware on RB hardware. Got really nice QOS features at a price.

 

[DrJohnZoidberg]

Hi DrJohnZoidberg

I also had a look at Marks PFsense video guide

https://www.youtube.com/watch?v=rF46PNid1Mo

Shaping in Pfsense seems to kinda work but I'm still experiencing high ping times to local servers while active p2p (tcp /udp 443) is running.

https://netduma.com/ guys that flash there own firmware on RB hardware. Got really nice QOS features at a price.

Thanks for that video, was a very good watch.

Have you tried enabling Codel Active Queue on the queue for your p2p traffic?

 

[DeathStrike]

yeah. Marks video tutorials are great.

I need to find more time for them.

 

[Evo1ve]

I couldn't get QOS working 100% on Pfsense or OPNsense

I followed Syed Jahanzaib's guide that is working 100%

https://aacable.wordpress.com/2016/...fic-base-priority-via-queue-tree-in-mikrotik/

Only drawback is my Mtik is not going to be able to handle alot of Mangle rules.

 

[Tweebeenvis]

Hi guys,

Has anyone successfully got QOS working with Steam downloads? I've tried pretty much every internet guide and everytime Steam kicks in it just kills my line. I'm using a simple PRIQ in PFsense with the wizard. All Steam ports seem to be right according to the guides I've tried. Any feedback appreciated.