Netgate SG-1000 microFirewall

Author Topic: Set queue on incoming rule?  (Read 202 times)

0 Members and 1 Guest are viewing this topic.

Offline wiz561

  • Full Member
  • ***
  • Posts: 141
  • Karma: +0/-0
    • View Profile
Set queue on incoming rule?
« on: January 30, 2018, 03:12:02 pm »
I have CBQ setup and working good to mitigate bufferbloat.  I have mulitple internal vlan's and one WAN (150/20).  For my configuration, I have the interface setup for CBQ and 1Gbit/s bandwidth.  I then have a WAN queue that's set to priority 6, codel active, and a bandwidth of 150Mbit/s.  I then have another LAN queue that's priority 7, default queue, and 850 Mbit/s.  Finally, on the "WAN" interface, I have CodelQ selected with 20Mbit/s.

In the firewall rule for the interface, under queue, I have "WAN". 

Now I'm adding VoIP to my system and currently setting this up.  I'm wondering, do I have to choose a queue on the incoming firewall rule on the WAN side?  Anything special I have to do to prioritize the VoIP traffic?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5609
  • Karma: +688/-23
    • View Profile
Re: Set queue on incoming rule?
« Reply #1 on: January 30, 2018, 03:23:16 pm »
Quote
and a bandwidth of 150Mbit/s

Shouldn't your specified bandwidth be less than your maximum?  I've read guidance that said to take several speed tests at various points in the week, pick the lowest and then go 5% less than that to ensure that your bottleneck isn't farther up the line and beyond your control?

Quote
I'm wondering, do I have to choose a queue on the incoming firewall rule on the WAN side?

Yes.  You add a floating rule on WAN that puts any traffic to or from your SIP server into the queue you want it to go into, typically the highest priority.  The approach may dbe different depending on how your voip is configured.

Quote
Anything special I have to do to prioritize the VoIP traffic?

Nothing more than what you do for any other traffic type.  Isolate it by port or by source/destination and then sort into the desired queue.

Offline wiz561

  • Full Member
  • ***
  • Posts: 141
  • Karma: +0/-0
    • View Profile
Re: Set queue on incoming rule?
« Reply #2 on: January 30, 2018, 04:35:06 pm »
Quote
and a bandwidth of 150Mbit/s

Shouldn't your specified bandwidth be less than your maximum?  I've read guidance that said to take several speed tests at various points in the week, pick the lowest and then go 5% less than that to ensure that your bottleneck isn't farther up the line and beyond your control?

Yes, you're right.  While I pay for 150/20, I want to say it's something like 180/25.  Comcast usually bumps it up a bit for reasons unknown...maybe so people don't complain when there's an overloaded node.

Quote
Quote
I'm wondering, do I have to choose a queue on the incoming firewall rule on the WAN side?

Yes.  You add a floating rule on WAN that puts any traffic to or from your SIP server into the queue you want it to go into, typically the highest priority.  The approach may dbe different depending on how your voip is configured.

OK, I think I might understand this, but not sure.  So for my queues, I'm going to want to add a VoIP queue, then assign a '5' to the WAN, a '6' to the LAN, and a '7' to the VoIP queue?  Was that it for the traffic shaping area?

Quote
Quote
Anything special I have to do to prioritize the VoIP traffic?

Nothing more than what you do for any other traffic type.  Isolate it by port or by source/destination and then sort into the desired queue.

So for this, I just choose the VoIP queue in the firewall rule? 

Offline KOM

  • Hero Member
  • *****
  • Posts: 5609
  • Karma: +688/-23
    • View Profile
Re: Set queue on incoming rule?
« Reply #3 on: January 31, 2018, 08:24:38 am »
Quote
So for my queues, I'm going to want to add a VoIP queue, then assign a '5' to the WAN, a '6' to the LAN, and a '7' to the VoIP queue?  Was that it for the traffic shaping area?

I'm not a shaping expert and haven't seen your config.  That said, the general idea is to create a voip queue on WAN with the highest priority, then use a floating rule to redirect all voip traffic into that queue.  For example, I use the PRIQ shaper and my voip queue has a priority of 15 which is the highest.  I don't do any shaping between LANs.

Quote
So for this, I just choose the VoIP queue in the firewall rule?

Pretty much.

Offline SammyWoo

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: Set queue on incoming rule?
« Reply #4 on: February 10, 2018, 01:59:48 pm »
My understanding is, priorities queues are activated on the egress side of interfaces.

Offline wiz561

  • Full Member
  • ***
  • Posts: 141
  • Karma: +0/-0
    • View Profile
Re: Set queue on incoming rule?
« Reply #5 on: February 15, 2018, 08:27:13 am »
My understanding is, priorities queues are activated on the egress side of interfaces.

Thank You!  I'm still messing around with traffic shaping and trying to figure this whole thing out.  So far, I haven't wrecked anything yet.  :)