Traffic shaping Puns

Boa tarde pessoal,

Alguém já teve algum incidente de traffic shaping com a Copel Telecom?

Tenho dois contratos com a Copel Telecom, ambos utilizam mais de 20 terabytes de internet por mês, o que na teoria não é para ter problema pois o contrato é ilimitado.

Contudo, semana passada começou vários bloqueios em alguns sites específicos inclusive sites de streaming como: HBO Max, Disney+, Twitch e inclusive o Reddit.

A primeira tentativa de bloqueio por parte deles foi via DNS, onde vários sites estavam inacessíveis, como solução simplesmente troquei o meu DNS para um DNS público (google).

Agora essa semana eles decidiram limitar a banda de forma específica para vários sites (traffic shaping) incluindo os 4 citados acima. Entrei em contato pelo 0800 e perguntei se eles mudaram alguma política em relação a traffic shaping depois que a empresa foi privatizada, de acordo com a atendente ela não tem nenhuma informação em relação a este tema. Detalhe, isso foi depois de 4 tentativas em entrar em contato com o suporte da Copel Telecom, no momento que comentava sobre traffic shaping eles pediam "um momento" e a ligação caía depois de 1-2 minutos.

Comentei com eles que caso eu conectasse com a minha VPN privada, onde o provedor de internet (Copel Telecom) não tem acesso ao endereço que estou acessando, todos os sites que foram bloqueados ou tiveram a banda limitada anteriormente, funcionaram normalmente.

Após muita insistência, pois quero entender o motivo, ela aceitou enviar uma solicitação para o time N2 da Copel Telecom.

Estou aguardando novidades por parte deles, mas já consigo imaginar o migué que vai vir.

Abraço :)

I'm a bit frustrated with OpenWRT. 12 hours of setup and troubleshooting and I feel like I'm still nowhere. Unexplained silent errors on my router where it seems to drop connections and lag VoIP calls on Zoom or Discord. As I was writing this, the wifi went out on my laptop but ONLY my laptop. It's had solid wifi for years, so I think it's the router and OpenWRT. Possibly guest network related.

It's not like the Tomato days where it was more set it and forget it.

Granted, my router is a 10 year old $20 crapbox. So I'm open to upgrading and doing OpenWRT again if that's what it takes. https://openwrt.org/toh/netgear/r6220

But I'm also open to saying goodbye to OpenWRT if there's something else that does traffic shaping.

Budget is $500, though $200 would be nice. I have a few dual core or better x64 PCs lying around if ABSOLUTELY needed, but that would be an eyesore.

Needs:

• Traffic shaping of 250/10 Mbps cable line (Zoom and T-mobile wifi calling should be prioritized)
• I hated QoS because of all the micromanaging. SQM and those like it are supposed to work pretty good out of the box.
• STABILITY
• Guest network with isolation from main network (guests can't see main network traffic)
• Wifi
• WPA2
• Likely to be supported for 3 years (no fly by night companies unless the firmware is community supported)

Bonus:

• Spouse-proof (unplugging and replugging a single device should be all the troubleshooting needed)
• Single device
• Can firewall my work laptop from the rest of network (can't see other devices), even on wired connection
• WPA3 allowed but WPA2 compatible
• Likely to be supported for 5 years (no fly by night companies unless the firmware is community supported)

Goes without saying:

• Port forwarding

Thinking of:

1. Eero (really don't like the idea of running an Amazon device in my house)
2. getting a high performance wired SBC + OpenWRT and using a wifi router in dumb AP mode on OpenWRT.

I had an AC3200 and in OpenWRT the Wifi died all the time. Semi known issue.

Hi everyone. I'm new to opnsense.

I was wondering if I would be able to shape the traffic coming and going through a multi WAN, to let every device in a LAN network share the bandwidth evenly.

I tried to set it up by following the docs.

What I did was to create two pipes for every WAN (one for upload and one for download) with the maximum bandwidth for that WAN network.

Then I created two queues for every WAN (one for download and one for upload) and then associated them to the corresponding pipes.

Lastly I created two rules per WAN (upload & download) and associated them with corresponding queues.

The results were massive latency and bandwidth loss to the entire LAN network.

Am I missing something?

Additional info:

• The network contains 50+ devices
• The multi WAN has been set up in load balancing mode. The 3 gateways share the same tier in their group.

I’m a bit of a newbie with traffic shaping. I understand that the point of traffic shaping is to dedicate pipes to different devices/protocols/whatever but what about when that protocol isn’t being used?

So let’s say I want to make sure that I have bandwidth available for video calls, for the sake of argument, let’s say I reserve 5mbps upload for this but I only need it for like 1 hour every day at unknown times. If my total upload bandwidth is 20mbps. Does that mean I’m always limiting myself to 15 mbps for non-video call applications? Isn’t this wasteful?

A similar question in the other direction. If I reserve 5mbps for an application, does that mean that it will never be allowed to consume more than 5mbps?

Starting roughly around the time when I swapped my SIM card for a new 5G phone (went from an lg v30 to lg v60) , I've noticed that my ability to use the internet is weirdly spotty - some sites take forever to load (to the point where they will time out entirely). Things that time out aren't even questionable - stuff like Waze will just have a problem connecting if not on VPN while in the middle of the city.

The problem goes away entirely when I use something like VPN. Even stranger: using PIA VPN seems to have far fewer problems than VPN via Google One.

I'm not really sure where to go from here. I don't have a family content filtering plan enabled, so I'm unable to get into that control panel to see if stuff was ever set. This smells partially like a "working as expected" feature of a lack of network neutrality, but it seems like other people would be complaining about this if it were widespread.

Does anyone have suggestions on how to proceed here? If I need to engage Verizon Support, are there key phrases that I should be using to get to a vaguely clueful department?

We have gigabit internet at my place. When one of my friends try to download an update, the gigabit link gets saturated, causing major packet loss. I want to use the shaper in the fortigate to limit by IP down to 700 Mbps. However, when I use traffic shaping in my current 60D, I run into the CPU pinning at 100% and the firewall only allowing about 35Mbps through.

Will a bigger fortigate like the 100D or 200D solve this problem with the CPU not being able to handle it? If not, which model? I couldn’t find any docs relating to my question, and eBay sellers aren’t the users of the products they’re selling - go figure!

Thanks!

I have a pfsense 2.5.x machine (dell 1u r610, w/ xeons and installed on SSD) that I can't seem to get to work as intended with traffic shaping.

We are on a 40x40 copper connection (CoE) that realistically is only stable at around 32x32. I have a WAN, LAN, and OpenVPN setup.

I created my traffic shaper rules based on the typical lawrence systems video that a lot of people use, they are apparently correct though I'm still having issues with heavy packet loss.

Looking at my traffic graphs, the mail server is eating huge bits of traffic at intervals (to be expected as its a busy mail server)

I have the floating rule setup for overall traffic, but I need to further limit just the mail server to 5x5 so it doesn't eat traffic more than it needs to (I don't care if mail gets queued in and out for an extra few minutes)

what's the best way to accomplish this?

I've tried to set a LAN basic limiter rule and it just causes the internet to drop and "hiccup" across the lan devices.

My rules: floating:

Traceroute pass thru

ICMP pass thru

Limit Down -> Direction In, (DownQueue/Up Queue)

Limit Up -> Direction Out, (Up Queue/Down Queue)

I created 2 basic limiter rules with no configuration (AQM: tail drop, Scheduler: Worst Case Fair) and gave it a 5 mb limit. added a single rule on the lan interface only for the specific IP that the mail server is on at the top of the list (after anti-lockout and the rbl list we use) and it basically kills the lan interface.

can I use a global traffic shaper floating rule AND a lan interface rule, or should I make a separate queue only for the mail server IP

the mail server is killing my otherwise stable link. VPN users are also an issue since they never disconnect from the VPN even while in office, but I'm rolling out a separate solution to mitigate that (since vpn users bypass all the rules and operate as if they are on the LAN, thus saturating my poor link even further)

Edit: watching the graphs more closely, it looks as though its the burst traffic that is really causing the loss. the initial burst, like a large file attachment coming and going through the mailserver. it peaks to 30 mbit (or whatever the message size is) and then gets shaped down, but by the time the limiter hits, the loss for everyone else has occured, which makes them reload and they all get burst traffic.

Hej,

I am trying to setup Traffic shaping for my DSL+4G internet link and find the documentation on https://docs.opnsense.org/ quite confusing.

Goal is to use "Prioritize Applications (Weighted) using Queues" as described on https://docs.opnsense.org/manual/how-tos/shaper_prioritize_using_queues.html . I am struggeling on Step 3:

The ShapeSMTPDownload (1st rule in step 3) is using

• src-port: smtp
• dst-port: any

Now looking from the firewall to a remote SMTP server my src-port would by any and the dst-port smtp to connect to the mail-server.

Same with ShapeHTTPDownload (2nd rule in step 3) is using

• src-port: http
• dst-port: any

However the firewall or the client within LAN initiates from any to http-port on the remote server - why is this a src-port in the Shaper module?

Thanks, -MN

My brain is fried so I'm hoping someone here has any idea on what's going on.

I've got a 1000/1000 symmetrical connection at home which delivers that. When something's downloading, the ping increases a bit - not a HUGE dealbreaker but ping-sensitive applications I use for work do not like it. I've gone down the traffic shaping route using Lawrence Systems video on Codel setup to try sort it out.

Download config is perfect. The config is below but I can max the connection (915Mb if BW is set to 941Mb) and the ping remains 1.2-1.4ms range. However, upload is giving me a headache here. Whatever I do, the upload drops to circa 300Mb with the queue enabled after 2 or 3 seconds, much like a bucket is full and overflowing. I've confirmed this is a queue thing rather than ISP - as soon as I disable the floating rule, I get full speed. Testing is done via iperf (4 threads, 640k size and tested to multiple servers)

What am I missing? Config is below - I've tried changing quantum values to 300 as well as the Queue Management Algorithm to Tail Drop. Also tried adjusting queue lengths and recreating the entire config. No change.

Thanks all in advance! At least I somewhat enjoy spending my weekend troubleshooting!

Hardware is a Dell R230 bare metal, Xeon 1240 v5 4c/8t

-----

WAN_PRI_DOWN (works great):

Bandwidth: 941Mb

Queue Management Algorithm: CoDel, Scheduler: FQ_CODEL

Target 5, Interval 100, Quantum 1514, Limit 10240, Flows 1024

Queue Length 7500, ECN enabled.

---

WAN_PRI_DOWN_QUEUE

Queue Management Algorithm: CoDel.

Target 5, Interval 100

Queue length: blank. ECN enabled

(rest are default)

---

WAN_PRI_UP (not working great)

Bandwidth: 941Mb

Queue Management Algorithm: CoDel, Scheduler: FQ_CODEL

Target 5, Interval 100, Quantum 1514, Limit 10240, Flows 1024

Queue Length 7500, ECN enabled.

---

WAN_PRI_DOWN_QUEUE

Queue Management Algorithm: CoDel

Target 5, Interval 100

Queue length: blank. ECN enabled

(rest are default)

About a year ago I upgraded from Virgin's 350mbps to the 500mbps band. Prior to this upgrade, speed tests had nearly always shown I was getting the full 350mbps download speed. Following the switch to 500mbps I never actually attained that speed, rarely seeing much above around 410mbps, but I wasn't overly worried.

Around the start of October I received an email saying that Virgin Media may have an outage in my area as they were performing network upgrades. On the day of the work there were a few brief outages and from the following day, speed tests indicated I was getting around 600-620mbps.

My son mentioned that after the upgrade, download speeds on Steam appeared to be capped at 20MB/s (160mbps) where previously they had often been much higher, often getting close to the speed limit of our connection if nothing else was using the internet in our house. Even worse was the fact that if more than one device was downloading something at the same time, they appeared to share that bandwidth, so two simulataneous downloads, for example one from Steam and another on an Xbox would average around 10MB/s (80mbps) each.

Oddly enough, switching Steam to a different region for downloads appears to give better download speeds. Last night I set Steam to use an Australian server and the download speed was closer to 40MB/s (320mbps). Today I tested downloading the official Windows 11 iso at the same time as downloading a game from Steam and the download speed was hobbled, but as soon as I cancelled the Steam download, the Windows image sped up, reaching over 50MB/s and downloading in less than five minutes.

I assume that Steam and other providers use content delivery networks, and I'm not sure if the CDN is throttling the data stream or Virgin are doing it. It does seem odd that this coincided with Virgin's network upgrade.

One final point, all of these connections are on wired connections, not wireless.

I wondered if anyone else has seen similar results following a Virgin network upgrade?

https://preview.redd.it/z0hwcz5h6tv71.png?width=974&format=png&auto=webp&s=f79a7c4e9edefc9a8a617aa125abef27e6fff371

Trying to get traffic shaping working on 6.4.7 and running into issues ... no matter how/where I apply the policy it doesn't limited traffic. My goal is to limit specific LAN facing interfaces. Please see attachment. The referenced Shared and Reverse shaper are set to 5000Kbps maximum and 1000Kbps maximum. If I test from a machine within that interface I do not get limited at all. Thank you.

Hey there..

I have some questions around setting up traffic shaping. I have pfSense running on a Protectli FW4B (I believe all the NICs onboard are Intel) on my home network and I need to make sure that my wife's TV (Apple TV) doesn't get any bandwidth problems which will cause stuttering in the playback of video as well as throttling down offsite backups from my Synology.

I read about the different methods it has but I'm still lost on what the best choice would be for me.

Does anyone have any suggestions on which method or whatever would be the best for these kinds of scenarios?

Thanks for any suggestions anyone has for me.

Boa tarde galera.

Minha internet tava boa uns dias atrás e de repente passei a ter problemas com download. Tudo fica normal no speedtest, mas na prática, uma porcaria.

Meu plano é de 300mb de download e 150mb de upload. Mas adivinha como consigo chegar ao valores contratados? Usando vpn. Sem vpn, chega só 10mbps de download ou menos que isso. As vezes chega só 5mbps. Com vpn, chega certinho, consigo fazer download certinho dentro do valor contratado.

Poderiam estar fazendo traffic shaping ou pode ser outra coisa? Como faço pra resolver esse problema? Não quero ter que ficar ligando vpn em situações que eu não estaria realmente precisando de um.

Hi everyone,

I am a ubiquiti user up to now and want to replace that hardware with something proper and features a network needs nowadays. Ubiquiti is great and userfriendly within their own ecosystem, but even standard features are just missing (promised since years) . Great for homeusers and SOHOs but not for bigger/more sophisticated routing setups.

Anyway, the wifi stuff (which works absolutely flawless and great) and controller should stay, just replace their router as it basically just sucks feature wise...

Long story short and explaination of what I am looking for OPNsense should be doing (if possible)

I have multiple subnets which are seperated so the users can only access certain resources from other subnets. The split of the subnets/users also have the background that certain subnets should be limited in terms of WAN speed.

So the scenario should be (example):

Subnet1: unlimited wan speed, hosts some resources used by the other subnets. Subnet2:limit the total WAN speed to 20mbit up and down. No speed limitation internally and to the resources of subnet 1. Subnet3: limit total WAN speed also to 10mbit up and down. Also no speed limitation internally and to subnet1.

Also there should be a minimum WAN speed available for a fourth subnet and subnet1. These 2 subnets need a minimum of 10mbit up and down at all times.

And another requirement. I had users reporting they cannot connect to the vpn as the bandwith was fully used (IPsec/L2tp) . Ubiquiti ignores vpn requests from the outside when there is no bandwith left and users cannot connect, and even if they can and some bandwidth hog I using all bandwidth the cannot do anything... This is inacceptable.

So vpn users, in case they want to connect or are connected, should also have minimum bandwidth as well.

I know this are a lot of requests OPNsense should handle. I have to admit I've not worked with pfsense or OPNsense up to now, so please excuse the questions if they are absolutely bogus and easy to achieve in OPNsense.

EDIT: addition

Is it possible to do traffic shaping on Linux? Like on windows I used cfosspeed, is there any good alternative to cfosspeed on Linux?

Hi All,

I've got an 80/20 BT Internet line in the UK which is also IPV6 enabled. PFSENSE 2.5.2 is running on an Intel(R) Celeron(R) J4105 CPU @ 1.50GHz 4 CPU device I bought from Amazon (Odyssey Blue Mini PC). CPU rarely hits 5%, mostly 2% even with the whole family online and gaming.

My kids are gamers, roblox and fortnite/fifa mostly, but also watch a lot of YouTube and are normally multitasking on video calls and youtube while gaming too. The only other traffic is my nest hello doorbell which is recording 24/7 and is probably the best bit of tech I've ever bought.

For the most part my internet connection whether wired or wireless (unifi kit) is pretty flawless.

I get A+ on the DSLReports Bufferbloat test see link below, this is all thanks to the FQ_CODEL config limiter setup which I'm assuming everyone has configured, and it's currently using the default settings.

http://www.dslreports.com/speedtest/69395564

Where my setup gets into trouble is when I game on Stadia on a hard wired nvidia shield device. When there is a fair bit of activity going on at home, although no where near saturating my line up or down, I start to get micro stuttering kicking in when playing and it feels a little laggy.

If I turn off the limiters the game actually plays smoother, it seems adding in the limiters is causing latency. I have tweaked fq_codel parameters to the cows come home, but I can't find something that works for stadia.

Recently I ran the pfsense traffic shapper wizard and added in stadia gaming priority. This created a WAN and LAN Shaper (the latter I disabled and it's children), a bunch of queues and a stadia floating rule which I moved to top of the firewall list.

This seems to have improved Stadia immensely although I might get the odd bump in the road especially when a download kicks in.

So to get to the nuts and bolts of this thread, is the way I have configured this the most efficient way to set this up. Should have I disabled the LAN shaper for example? The WAN Shaper I think only prioritizes outbound traffic, so it is interesting that by adding this in, has improved my stadia gaming experience so much. I thought the issue would be more on the download side which I'm assuming the LAN shaper handles is that correct and which I have disabled?

I also should mention I enabled "Codel Active Queue" in each of the Queues (qACK, qDefault, qGames) hanging off the WAN shaper.

I don't like the idea of two

Here is a history graph of my tests before, and after having TMHI.
I used a normal unlimited cell contract previously in a GL750x router; wrapped everything in a personal VPN.
Ever since I got my trashcan, all of my devices have been under the trashcan's 192.168.12.0 subnet; no VPN, no nothing.

That 94Mbps record was the day I got it plugged in on 4/11. That dip; was the first day the freeway had traffic backed up both direction and stopped for miles.
The major dip is the engagement of the traffic shaping and latency increase.

The last high speed result was on 5/5, and the first low speed result was on the 13th, probably because I had noticed the major impact to my internet's performance.

T-Mobile: Fix this.

https://preview.redd.it/a52we13f65f71.png?width=2483&format=png&auto=webp&s=7ef5e6442115888f00abb786fee8f85bf8c382b7

I am running a full Ubiquiti UniFi system at my campground including a USG, UniFi Controller, Switch and APs. I offer two Wi-Fi networks - one Free for basic stuff like email and browsing and a Premium for video streaming, conferencing etc. Each network has its own VLAN.

On a busy weekend, we will have over 300 devices on the network with about 200 of those on the Free Wi-Fi network. Even though I have throttled back the Free network to 1Mbps, collectively 200+ devices still eat up bandwidth. Is there any way in the settings to give priority to the devices that are on the Premium WiFi?

Thanks for any insight you can offer.

I'm currently downloading a torrent with 600 seeders. It's a large freeleech torrent on a private tracker so lots of people are trying to get it and have great incentive to seed heavily. Although i'm connected to about 170 seeders, the download isn't going very fast. In fact it's suspiciously slow, and pretty level/constant.

I've been through all my deluge settings and there's nothing limiting it there. I have my maximum connections set really high as well.

So then I ran a speed test to make sure it wasn't congestion. Nope. I've got TONES of over head left. Hundreds of megabits in fact. ( have fiber direct to my home)

Really feels like my ISP is controlling this. What tests can I run?

Hello,

Can we do traffic shaping using mac address? I find that I can do it only with an IP address and in my case, I want to applicate it for a specific mac-address.

Thank you for your help.

Mas porque carga de agua os ISPs fazem traffic shaping às tantas da noite? É para o Excel trabalhar melhor nos hospitais? Ou para o turno da noite ver netflix?

PQP tou mesmo a ver que ainda vão cortar o acesso aos jogos online com a desculpa de salvaguardar banda larga enquanto os jogos mal gastam dados. AH E MELHOR vao dar a desculpa da banda larga enquanto de certezinha absoluta é derivado aos putos irem jogar no tempo das aulas online.

Agora aqui para o Zé que trabalha na função publica com 0 de condiçoes de trabalho, carrinhas velhas sem sofagem e que mal travam, ferramentas todas fodidas e ainda por cima na RUA FAÇA CHUVA OU FAÇA SOL bem como aturar velhos malucos, homofobicos, xenofobos e racistas para depois um gajo ir receber o ordenado minimo para o resto da vida sem qualquer hipotese de melhoria de seja lá o que for, para estes Zés como eu e muitos outros no setor privado o que o governo dá é este grande caralho das caldas que um gajo já nem pode descontrair em casa a ver um filme ou uma série ou até mesmo "matar uns patos" no cs go.

Em vez de obrigarem os ISP a melhorarem o serviços deles e do governo melhor as suas infraestruturas preferem foder o Zé Povinho.

Desde que entrei na função publica que dou 100% durante o meu horário de trabalho, agora que tou com horário reduzido e em turnos dou ainda mais para o tempo render, mas com estas merdinhas assim + os problemas crónicos da funçao publica cheguei ao meu limite, a partir de amanhã serei o tipico funcionário publica a coçar os tomates.

Bem como a partir de amanhã começo a procurar outro emprego, sa foda Funçao Publica e a sua gestão incompetente, falta de organização tremenda e ainda querem eles contratar malta jovem!

FUJAM DA FUNÇÃO PUBLICA SE FÔR PARA ASSISTENTE OPERACIONAL OU ASSISTENTE TÉCNICO! NÃO COMPENSA NEM POR NADA!

E: ser dificil o português é.

Hi all,

I recently signed up for Google Cloud to store my backups. Its been chugging along but after doing the math it looks like this will take a total of 25 days for the initial upload assuming it can run uninterrupted. Every time I need to upload something outside of my network it takes forever and I need to cancel the uploads to Google Cloud to free up bandwidth then restart the upload job.

This seems like a perfect use case of traffic shaping. In my mind I would be able to create a rule that pushes my Google Cloud traffic to the lowest priority as my other uploads are usually urgent and need less than 10 minutes with a my full upload bandwidth.

I got a bit confused as to how to set this up when I looked at the Insight page. It looks like the upload traffic's source is a remote server and its destination is my WAN IP. Shouldn't it be the other way around? Not only that, but the source of the traffic is coming from 16 different IPs. How can I setup traffic shaping rules with so many different IPs? Do I need to use a domain?

I'm working with a Fortigate 40f on 6.4.6 trying to set some Traffic Shaping up to see if we can resolve VOIP issues going on, but for some reason I am unable to edit anything to do with the Traffic Shaping options (Traffic Shapers, Traffic Shaping Policy, or Traffic Shaping Profile)? If I go to Policy & Objects > Traffic Shapers, then click Create New, I can get the screen to show a loading circle for about a half second then it just goes back to the Traffic Shapers page. This happens no matter if it is trying to Create New, with the Edit button next to create new, or even if I select one and click Edit while hover my mouse over the name. It is also the same with the Policy and Profile options.

I did try to make a new Traffic Shaper via CLI as well and cannot get those to reflect the changes to the GUI. So I feel like maybe something is just configured incorrectly or that maybe there is an issue with the firmware, but wanted to know if y'all have seen something similar or have any advice?

Edit: I was able to get a ticket in with a TAC Engineer, who basically worked with me to find a way to create the rules through CLI.

Wall of Text incoming, daher Tl;dr : Vodafone tunnelt anscheinend meine Verbindung wodurch Netflix annimmt, dass ich hinter ein VPN bin und das Angebot einschränkt.

EDIT 3 : tja... Der techniker kam, sah und schuettelte den Kopf darüber, dass er zu mir geschickt wurde. Nachdem er geprüft hatte, dass ich kein Blödsinn erzähle indem sein Kollege am Telefon, und ich auf mein Mobiltelefon und dem Smart TV nach Kick-Ass gesucht haben, war das Fazit, dass Vodafone, zumindest zum Teil, das problem ist, und dass er nichts machen kann (er hat sich aber echt bemüht und hat mir irgendwie leid getan). Die Angelegenheit wurde der Abteilung IP-Core oder so weitergeleitet, und die sollen sich mal mit den Netflix Leuten in Verbindung setzen.

EDIT 2 (ja... ich bin Rebell und schreib die Edits oben:P : "Traffic Shaping" ist wahrscheinlich der falche Begriff, mir fällt dazu kein besserer ein.

EDIT: bin in BW, und "ehemaliger" UnityMedia Kunde.

--- Ursprünglicher Post

Hintergrund : Mittwoch vor einer Woche sind bei mir in Netflix plötzlich lauter Serien und Filme verschwunden ( z.B. "Kickass", "A Korean Odyssey", "Extraordinary You").

Da wir uns gerade das Finale von a.K.O. anschauen wollten haben wir natürlich panisch den Netflix Support kontaktiert, und nach einer halben Stunde suchen und probieren meinte die nette Dame auf der anderen Seite "haben sie es mal über einen anderen ISP probiert?". Glücklicherweise ist mein mobiltelefon Anbieter nicht Vodafone und siehe da : ploetzlich erschienen in der Netflix App wieder alle Filme und Serien.

Anscheinend tunnelt Vodafone jetzt meine Verbindung und es sieht für Netflix aus, als ob ich hinter ein VPN wäre. NF hat auch schon eine standard Mail in der erklärt wie man mit sein ISP vorgehen muss, also ist es wohl nicht das erste Mal, dass sowas passiert.

Am nächsten Tag Vodafone angerufen, aber da weiss keiner was von, und hat anscheinend auch keine Lust drauf einzugehen, ausser um mir zu raten 1) zum Vodafone Mobilnetz zu wechseln (bei dem ich dann wahrscheinlich auch nur den eingeschränkten NF Katalog gesehen hätte) und 2) doch das GigaTV/Netflix Packet von Vodafone zu nehmen anstatt direkt bei Netflix einzukaufen.

Heute kommt wohl noch ein Techniker vorbei. Was DER in dem Fall machen soll ist mir auch nicht klar.

Hat jemand schon solche Erfahrungen gemacht? Traffic Shaping ist laut EuGh illegal ( https://www.tagesschau.de/ausland/eu-netzneutralitaet-faq-101.html ) und gerade sieht es für mich stark danach aus, a

Reding this article this morning:

https://www.lightreading.com/cable-tech/docsis/commscope-says-its-low-latency-docsis-platform-is-tech-ready-/d/d-id/771009

Commscope (who purchased Arris) will have LLD (Low Latency DOCSIS) firmware out to all DOCSIS 3.1 modems by next year. This is great since I have the Arris SB8200 modem. Although it's up to the cable operator to provide it, something about how it works struck a chord. In the article this paragraph for instance:

> From a high-level, LLD works by separating small, delay-sensitive, non-queue-building traffic (such as key clicks for an online game) from the primary and much heavier queue-building traffic that, for example, might handle a video stream or a large file upload or download. LLD effectively makes a dynamic bandwidth split between the low-latency "express" lane and the primary "classic" lane that, together, still equal the total subscriber bandwidth.

Isn't that exactly what some of the queuing methods do in PfSense? I'm using CoDeL traffic shaping and although there's a slight tradeoff in a percentage of bandwidth when properly set one computer can be going "full steam ahead" and another on the network can still see good latency and reasonable ping times. I'm sure an ISP could accomplish the same thing, minus the bandwidth tradeoff by simply overprovisioning modems by 10%, but then put the queue management in the modem so by the time that's all done you're getting the advertised speed AND the benefit of latency management.

Just curious until LLD becomes standard - or if it becomes a "paid" service, how do the various queue management techniques in pfSense (and others) compare to combating latency?

I have a hosted VoIP system in a datacenter and have SIP phones in multiple offices connecting to it. Recently, I starting using CoDel as a traffic shaping technique to help with jitter when an office's WAN is under load (bufferbloat likely) but around the same time, I started getting complaints of worse VoIP audio quality and failing faxes that would quit either immediately or before the second page.

Is it possible that CoDel is breaking SIP, NAT, or RTP audio streams in an unexpected way? Am I doing something wrong in my implementation?

Context:

Datacenter is gigabit symmetrical.

Offices are a mix of cable, DSL and fiber at minimum 50/10 with 5-20 users.

Latencies are 20-80ms depending on location and ISP but relatively stable.

Every location (including datacenter) uses pfSense firewalls, fully updated.

Speed tests on dslreports go from grades "A"-"D" before to "A/A+" for bufferbloat after implementing limiters.

Limiters are set up how Netgate recommends here: https://youtu.be/o8nL81DzTlU?t=378

Is it possible with UDMP to create traffic shaping so my son can play Valorant and have priority on upload traffic? How can this be done?

Is there somewhere we can see the specifics on Merakis Traffic Shaping definitions?

I.e. I see Microsoft Teams , MS Teams Audio, MS Teams Video, MS Teams App Sharing, and MS Teams Media

Audio, video, and app sharing seem to be the specific ones I want to use to set this up according to MS' Teams QoS doc but I would love to confirm.

I guess I can also just do it by port number as well which is what I did on the switch settings.

If I have a client with an IP address of 10.0.10.5 and it has a "normal" policy that gives it a certain bandwidth limit, AND i have a traffic shaping rule for all localnet 10.0.10.0/24 devices that gives it a different bandwidth limit, which will the Meraki use ?

Running a gl.inet mv1000 for about a year. Configured Cake SQM on both download and upload of my Wan connection. Since about a week ago upload traffic does not seem to be limited at all by SQM. I have a 100/100 connection and even if I set egress to 10,000 kbits/s I'm still getting about 95mbit upload on speedtests. I don't recall changing any settings recently other than that.

Download speed correlates directly with whatever I set as download speed in sqm settings. Upload speed doesn't change at all.

Any specific settings I should be checking?

Hi,

I am currently setting up pfSense to replace my FreshTomato router.

I am right now in the middle of mimicking my Tomato QoS rules over to pfSense Floating Rules.

There are a couple of rules I use(ed) in Tomato that I am unsure if I can mimic in pfSense, and if I can, I am not sure how.

So first one is limiting the data transferred that sets the rule. Eg. I have a DNS Port setup, but only if it transfers less than 50kb. If it goes over that, it moves on from that rule to the next match.

The second rule is similar; I have a rule for HTTP and HTTPS, but only up to 5Mb. After 5Mb, it is then classed as a DOwnload and follows another set of rules. This allows me to have most websites load fast and small downloads, but over 5Mb, it throttles back to the Downloads class set bandwidth.

I already have my queue setup in pfSense. I am running HFSC and mostly use the Shared Bandwidth and the Max Peak Bandwidths. From my understanding, I could set an m1 value and d value to give a short peak speed for a set period. But not quite sure how this works with the rules as well.

Any ideas on how to get something similar or near to what I am already doing?

Hi,

I mostly use UniFi, and if you you do too, you may know that the heap of garbage called DPI restriction and Traffic Stats don't actually work very well.

What is recommended for something that can identify and block traffic well, things like social media and streaming sites? I wouldn't go as far as HTTPS monitoring, we manually could block the offending user if they push too much traffic.

Central management would be nice, it's only going to be used for 2 months until fiber arrives, and there's a 50mbps pipe. $500 or so budget.

Basically there's like 100 tenants sharing this Verizon LTE connection and although they know not to stream, guess what? UniFi is not good at all in this situation, it doesn't accurately count traffic (12gb since reset at start of billing cycle but Verizon says 90GB) nor does it fully identify everything that needs to be blocked.

Thanks!

Hi everyone. I'm new to opnsense.

I was wondering if I would be able to shape the traffic coming and going through a multi WAN, to let every device in a LAN network share the bandwidth evenly.

I tried to set it up by following the docs.

What I did was to create two pipes for every WAN (one for upload and one for download) with the maximum bandwidth for that WAN network.

Then I created two queues for every WAN (one for download and one for upload) and then associated them to the corresponding pipes.

Lastly I created two rules per WAN (upload & download) and associated them with corresponding queues.

The results were massive latency and bandwidth loss to the entire LAN network.

Am I missing something?

Additional info:

• The network contains 50+ devices
• The multi WAN has been set up in load balancing mode. The 3 gateways share the same tier in their group.