Traffic Shaping in pfSense: Part Seven

Editing traffic shaping settings in pfSense.

Editing traffic shaping settings in pfSense.

After using the shaper wizard, you might find that the rules it generates do not fit your requirements. Fortunately, once the basic rules have been created by the wizard, it should be relatively easy to edit or copy those rules and create custom ones of your own.
The queues are where bandwidth and priorities are actually allocated. Each queue is assigned a priority from 0 to 7. When there is an overload of traffic, the higher-numbered queues are preferred over the lower-numbered queues. Each queue is assigned either a hard bandwidth limit, or a percantage of the total link speed. The queues can also be assigned other attributes that control how they behave. For example, they can be set up so they have low latency or they might have certain congestion avoidance algorithms applied. Queues may be changed by navigating to Firewall -> Traffic Shaper and clicking on the By Queues tab. A list of rules will apeear.

Editing queues can be a complex tast with powerful results. Still, without a thorough understanding of the settings involved, it is probably best to stick with the queues generated by the wizard and alter their settings.

The queue listings have changed somewhat in pfSense 2.2. Each queue is listed on the left side of the tab. Clicking on one of the queues will bring up a listing for each of that queues subordinate queues (one for each interface). Clicking on any of these subordinate queues will allow you to edit the settings for it. The screen capture at the top of this article shows the settings for one such queue. At the top of the page, there’s a check box which allows you to enable/disable the queue and its children. There are settings for the queue name, the queue priority (0-7), the queue limit in packets, and various scheduler options. There is also a field in which you can enter an optional description. At the bottom of the page, there are two buttons: a “Save“ button to save the queue and a “Delete this queue“ button to delete it. You should not attempt to delete a queue if it is being referenced by a rule.

External Links:

PF: Packet Queueing and Prioritization at openbsd.org

Traffic Shaping in pfSense: Part Three

Traffic shaping in pfSense

Entering information in the pfSense traffic shaper wizard.

If you want to invoke traffic shaping in pfSense, you can write your own rule set in PF, but in most cases, it’s easier to use the traffic shaper wizard. To get started with the traffic shaper wizard, navigate to Firewall -> Traffic Shaper in the pfSense web GUI and click on the Wizards tab. There are two options on the Wizards page: Mutliple LAN/WAN and Dedicated Links. Even if you only have a single LAN-type interface, you should select Multiple LAN/WAN in most cases.

On the first page of the traffic shaper wizard, you will be prompted to enter the number of WAN and LAN-type connections. LAN-type connections are generally any non-WAN connections. For example, if we have a WAN, LAN and DMZ interface, then we have 1 WAN connection and 2 LAN connections. Once you have entered these, press the Next button.

Traffic Shaping in pfSense: Queueing Disciplines

The next page is where we set up the queueing disciplines for each local interface, as well as the upload and download bandwidths for each WAN connection. There are three options for queueing disciplines:

 

  • Priority Queueing (PRIQ): With priority queueing, your bandwidth is divided into separate queues. Each queue is assigned a priority level. A packet that has a higher priority level is always processed before a packet with a lower priority level. This makes priority queueing easy to understand, but it also means that lower priority traffic can be starved for bandwidth.
  • Class Based Queueing (CBQ): Class Based Queueing introduces the concept of a hierarchy of queues. As with PRIQ, your bandwidth is divided into separate queues, and each queue can be assigned a priority level. CBQ, however, differs from PRIQ in several significant ways. First, each top-level (parent) queue can be subdivided into child queues. These child queues can also be assigned priority levels. Second, each parent queue is assigned a bandwidth limit which it cannot exceed. Third, although child queues are also assigned bandwidth limits, they can borrow bandwidth from the parent queue if the bandwidth limit for the parent has not been reached. As a result, CBQ is a good option in cases where we want to ensure that lower priority traffic gets some bandwidth.
  • Hierarchical Fair Service Curve (HFSC): HFSC is the most sophisticated of the three queueing disciplines used by the pfSense traffic shaper. It provides a more granular means of bandwidth management than either PRIQ or CBQ on several counts. First, it can be set up so certain queues get a specified minimum slice of bandwidth. Second, priority levels can be set for handling excess bandwidth. For example, if we have queues 1 and 2 and queue 1 is divided into queues 1A and 1B, with 1A guaranteed 25 Mbps of bandwidth, we can set it up so the excess bandwidth from 1A goes first to 1B, and if 1B does not require the bandwidth, to 2. Third, HFSC uses a two-piece linear curve to reduce latency without over-reserving bandwidth, which makes HFSC a good option for applications that are both require generous amounts of bandwitth and low latency, like VoIP and video conferencing.

 

Once we have set the queueing disciplines, we need to enter the upload and download bandwidth for each WAN interface and press the Next button.

We will continue our look at the pfSense traffic shaper wizard in the next article.

External Links:

PF: Packet Queueing and Prioritization at openbsd.org

© 2013 David Zientara. All rights reserved. Privacy Policy