QoS Management Using the Traffic Shaper Wizard

In this article, we will go through the pfSense traffic shaper wizard to achieve quality of service (QoS) goals and cover some of the options which are configurable through the wizard.

QoS Management: Queueing Disciplines and Bandwidth


Specifying the number of WAN connections in the wizard.

In the wizard, you first have to specify the number of WAN connections, and if you selected multi LAN, the number of LAN connections. On the next screen, there are several more options. At “Download Scheduler“, there are three options for queueing discipline: HFSC (Hierarchical Fair Sharing Curve), which is designed to ensure that link delay is low while bandwidth is not over-reserved. CBQ (Class-Based Queueing) allows for bandwidth to be shared equally among different classes, while PRIQ (Priority Queueing) allows for different priority levels to be assigned to classes. Under “Setup connection speed and scheduler information for WAN #n“, at “Interface” you select a valid interface. At “Upload Scheduler“, you chose a queueing discipline (again, the options are HFSC, CBQ and PRIQ). Finally, the “Connection Upload” and “Connection Download” speed must be entered.

QoS Management: VoIP, P2P, and Network Games


Configuring VoIP traffic with the wizard in pfSense 2.1.

On the next screen, there are various QoS options for VoIP traffic. The first checkbox, “Prioritize Voice over IP traffic“, is self-explanatory. The “Provider” drop-down box allows you to specify your VoIP provider. There are a few well-known providers, including Vonage, Voicepulse, and PanasonicTDA, and there’s Asterisk as well, in case you connect to an Asterisk server. If you have a different provider, you can choose “Generic“, or override this setting with the “Upstream SIP Server” field by entering the IP of your VoIP phone or an Alias containing the IPs of all your phones. With the next two fields, “Upload bandwidth for each WAN” and “Download bandwidth (speed) for Voice over IP phones“, you can choose the amount of bandwidth to guarantee to your VoIP phones. The amount of bandwidth you actually use will vary based on how many phones you have and how much each session will use.

The next screen contains options for the “Penalty Box“. The penalty box is a place where you can relegate misbehaving users or devices that would otherwise consume more bandwidth than desired. Click on the “Enable” checkbox to enable this feature, and enter the IP address of the computer to penalize at “Address“. At the “Bandwidth” field, enter the limit you wish to apply.


Configuring P2P options in the wizard.

The next screen covers “Peer to Peer networking“. Click on the “Enable” checkbox to lower the priority of P2P traffic below all other traffic. By design, P2P protocols and software will utilize all available bandwidth unless limits are put in place. If you expect P2P traffic on your network, it is a good idea to ensure that other traffic will not suffer degradation of QoS due to its use.

Many P2P technologies will deliberately try to avoid detection; Bittorrent is a good example of this. It often utilizes non-standard or random ports, or ports associated with other protocols. You can check the “p2pCatchAll” checkbox which will cause any unrecognized traffic to be assumed as P2P traffic and its priority lowered accordingly. You can also set hard bandwidth limits for this traffic in the “Bandwidth” field underneath the “p2pCatchAll” checkbox. Below this is the “Enable/Disable specific P2P protocols” section. Here you can enable or disable specific services; there are about 20 listed, including BitTorrect, DCC, Gnutella, and others.

The next page covers network games. Many games require on low latency to deliver a good online gaming experience and good QoS. Other traffic, such as downloading large files, can easily swallow up the packets associated with the game itself and cause lag or disconnections. By checking the “Enable” checkbox at the top of the page, you can raise the priority of game traffic so that it will be transferred first and given a guaranteed chunk of bandwidth. Beneath that is a section called “Enable/Disable specific games“. There are many games listed here, including Call of Duty, Doom 3, Halo 2, Quake 3 and 4, and World of Warcraft. Even if your game is not listed, you may want to check a similar game so that you have a reference rule you can modify later.

QoS Management: Everything Else

Next is the “Raise or lower other Applications” page, which lists many other commonly available applications and protocols. How these protocols should be handled will depend on the environment that your pfSense box will be protecting. Applications such as VNC, PCAnywhere (both popular remote access programs), IRC, Teamspeak (popular messenger programs) are can be raised or lowered in priority (or kept at the default level), as well as protocols such as PPTP, IPsec, HTTP, SMTP, POP3 and IMAP. If you enabled p2pCatchAll, you will want to use these options to ensure that these other protocols are recognized and treated normally, rather than being penalized by the default p2pCatchAll rule.

Once you finish configuration on the “Raise of lower other Applications” screen and press the “Next” button, all the rules and queues will now be created, but not yet in use. By pressing the “Finish” button on the final screen, the rules will be loaded and active. Shaping will now be activated for all new connections. Due to the stateful nature of the shaper, however, only new connections will have the new rules applied. In order for the new configuration to be fully active on all connections, you must clear the states. To do this, navigate to Diagnostics -> States, click the “Reset States” tab, check, Firewall state table, then press the “Reset” button.

Now that you have enabled the traffic shaper, you can view the rules and queues defined when you invoked the wizard by navigating to Firewall -> Traffic Shaper and clicking on the different tabs. There should be a tree on the left side of the page; clicking on different parts of the tree should show different relevant QoS settings. For example, clicking on “qVoIP” will show the settings for the VoIP queue. But there will be more about this in a future blog posting.

