Netgate SG-1000 microFirewall

Author Topic: Goals: Ensure enough room for ACKs, single destination IP has lowest priority.  (Read 283 times)

0 Members and 1 Guest are viewing this topic.

Offline gertty

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
I'm using pfSense 2.4.2. I'm completely new to traffic shaping but I understand the basic concepts. My current setup:

50Mbps down/5Mbps up WAN connection. I have a couple of VPN clients on the router, and I have rules to router local traffic out of WAN, VPN1, or VPN2 depending on which VLAN it came from. I There are a couple of exceptions to this, so I have an alias for "always route out WAN" listing particular statically assigned IPs.

I'm got several machines doing backups on various VLANs. If there happens to be a large differntial backup, it swamps the upload connection and lots of other things that normally only downloading start performing poorly. I suspect this is because the backups aren't leaving enough room for the ACKS on applications that are otherwise using very little upload.

So, what I would like to do is something like this:
- Across WAN, VPN1, and VPN2 always leave enough room for ACKs.
- Somehow classify the backup traffic exiting WAN, VPN1, VPN2, as the lowest priority.
- All other traffic can be "the rest".

I don't care enough to create more classes than "backups are lowest", "ACKs are highest", "everything else is the same". I only want this to apply to the WAN, VPN1, VPN2.

Is this easy to do? Any ideas on how to identify the backup traffic, it'll be https to a specific domain (I can get the current set of IPs but it can change over time), on my LAN, it could originate from different VLANs, but I could maybe limit this traffic to originate from fixed set of source IPs.

Thanks for any advice or help.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2360
  • Karma: +220/-12
    • View Profile
The simplest setup would be FairQ shaper with Codel as a child queue discipline. If you want something easy to manage but keeps latency down, look into fq_Codel (https://forum.pfsense.org/index.php?topic=126637.0).

Offline gertty

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
The simplest setup would be FairQ shaper with Codel as a child queue discipline. If you want something easy to manage but keeps latency down, look into fq_Codel (https://forum.pfsense.org/index.php?topic=126637.0).

Thanks for the reply. I like simple. Is there documentation on setting this up? Can I just worry about the WAN interface for now? Do I do this thru one of the wizards or some other way?

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2360
  • Karma: +220/-12
    • View Profile
No wizard. Just go to WAN, set the bandwidth at the interface to ~90% of your effective upload bandwidth with FairQ as the scheduler, and check the box in the Default Queue to enable Codel.... I think.

Offline gertty

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
Thanks for the reply, but I don't understand enough about setting up Traffic Shaping to make sense of your answer. Is there a step-by-step document somewhere? Or something with screenshots?

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2360
  • Karma: +220/-12
    • View Profile
Ignore all of my other queues. All you care about is "Default".

Offline gertty

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +1/-0
    • View Profile
Thanks! I'll try this tonight.
Ok, so from scratch I go to:
- Traffic Shaping by Interface -> WAN
- I select FAIRQ and put in my 90% upstream bandwidth number.
- qDefault then automatically shows up? How do I get to the per-queue settings?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5831
  • Karma: +710/-23
    • View Profile
Click on the queue.