Traffic Shaping in pfSense: Part Four

Traffic shaping in pfSense

Configuring VoIP settings in pfSense 2.2.4. Note that you can guarantee upload and download bandwidth with the traffic shaper wizard.

Once you enter the queuing disciples and connection speeds in the traffic shaper wizard, there are a number of other options to configure. The next is Voice over IP, and there are several options available for handing VoIP traffic. The first choice, the Prioritize Voice over IP traffic check box, is self-explanatory. It will enable the prioritization of VoIP traffic, and this behavior can be fine-tuned by the other settings on the same page. First, you can chose your VoIP provider:

 

    • VoicePulse: A U.S.-based VoIP provider founded in 2003. VoicePulse provides not only home phone services, but also business PBX services and enterprise-level SIP trunking.

 

  • Vonage: Another U.S.-based VoIP provider founded in 2001. Their most popular plan, Vonage World, offers unlimited international calling to over 60 countries for a flat monthly rate. Vonage supplies an analog telephone adapter with which the customer can connect standard analog telephones to the Internet.

 

 

  • Panasonic TDA: Panasonic’s VoIP PBX solution, done via a T1 or E1, and which provides mobile phone integration and BRI or PRI ISDN capability.

 

 

  • Asterisk: Open-source VoIP software which includes many features available in proprietary PBX systems: voice mail, conference calling, interactive voice response, and automatic call distribution. Although initially developed in the United States, it has become popular worldwide because it is freely available under open-source licensing and has a modular, extensible design.

 

 

If you have a different provider, you can choose Generic, or override this setting with the Address field by entering the IP of your VoIP phone or an alias containing the IPs of all your phones.

There is also an edit box in which you can enter the IP address of the upstream SIP server. If you do, the information in the Provider field will be overridden. You can also use a firewall alias in this field.

You may also choose the amount of upload and download bandwidth to guarantee for your VoIP phones. This will vary based on how many phones you have, and how much bandwidth each session will utilize. When you have finished entering the provider information and upload/download bandwidth, you can press the Next button.

The next page allows you to configure settings for the penalty box. This is a place to which you can relegate misbehaving users or devices that would otherwise consume more bandwith than desired. These users are assigned a hard bandwidth cap which they cannot exceed. Check the check box at the top of the page to enable this feature, enter an IP or alias in the address box, and then enter upload and download limits in kilobits per second in the appropriate edit boxes. It does not appear that you can type multiple IP addresses in the Address edit box, so if you want to penalize multiple hosts, you will have to create an alias.

Once you are finished configuring penalty box settings, you can press the Next button and move on to configuring settings for peer-to-peer networking, which will be covered in the next article.

External Links:

Traffic Shaping at Wikipedia
Voice over IP at Wikipedia

pfSense Traffic Shaping: Part One

pfSense Traffic Shaping

The traffic shaping wizard page in the pfSense web GUI.

Traffic shaping (also known as “packet shaping”, or “Quality of Service” [QoS]) is a computer network traffic management technique which prioritizes some datagrams while delaying other datagrams to bring them into compliance with a desired traffic profile. It is a form of rate limiting (a method of controlling traffic by which traffic that exceeds a specified rate is dropped or delayed) and is used to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds. It is widely used for network traffic engineering, and often appears in ISPs’ networks as one of several Internet Traffic Management Practices (ITMPs).

pfSense Traffic Shaping: An Example

pfSense Traffic Shaping

Configuring VoIP settings in the pfSense traffic shaping wizard.

In the following example, we will use pfSense traffic shaping to limit VoIP throughput to 125 kbps. First, navigate to Firewall -> Traffic Shaper. Select the “Wizards” tab. From the Wizards table, click on “Single WAN multi LAN“. [Assume we have a LAN and a DMZ.] On the next page, at “Enter number of LAN type connections“, enter “2”. At “Link Upload“, type the upload bandwidth (remembering to select either Kbit/s, Mbit/s, or Gbit/s in the drop-down boxes), and at “Link Download“, type the download bandwidth. Leave the other settings unchanged and click the “Next” button.

The next page deals with VoIP settings. At “Enable“, click on the check box to prioritize VOIP traffic. Under “VOIP specific settings“, assume we’re using Asterisk for VoIP and at “Provider” select “Asterisk/Vonage“. Set “Upload Speed” to 125 Kilobit/s, and set “Download Speed” to 125 Kilobit/s. Leave the other settings unchanged and click the “Next” button.


The next page, “PenaltyBox“, allows us to reduce the priority of an IP address or alias. We will assume that we have no use for this feature right now and click on the “Next” button.

pfSense Traffic Shaping

The final page in the pfSense traffic shaping wizard

The next page is for peer-to-peer networking and allows you to lower the priority and/or disable about 20 different specific P2P protocols. There is also a “P2P Catch all” queue which allows us to place all uncategorized traffic into the P2P queue. Again, we will assume that we have no use for this feature now and click on the “Next” button.

The next page is for network games, and allows us to raise the priority of gaming traffic and/or enable/disable specific games (e.g. Call of Duty, Unreal Tournament, World of Warcraft, and several others). Again we will click the “Next” button.

The final page, “Other Applications“, allows us to shape other common types of traffic. These include remote access programs like PC Anywhere, messaging programs like IRC and Teamspeak, VPN traffic, and other programs. Click on the “Next” button. On the next page, click the “Finish” button to apply the new settings.

We now have used pfSense traffic shaping to prioritize VoIP traffic while also limiting the amount of VoIP throughput to 125 Kbit/s. In part two of this series on traffic shaping, I will cover the Hierarchical Fair Service Curve, one of several traffic shaping algorithms supported by pfSense. In part three, I will cover class based queuing and priority queuing.


External Links:

Traffic Shaping Guide at doc.pfsense.org (with links)

© 2013 David Zientara. All rights reserved. Privacy Policy