This begs the question of what, exactly do all those other firewalls DO when I set "priority". ...speaking of VoIP, does anyone know if the FreeSwitch packages are ever getting updated? Or if the -dev version really is following HEAD? -Adam
[email protected] wrote: >I've had great luck with VoIP and pfSense. >To be clear, there's no such thing as 'real' end-to-end guarantee of >quality of service unless you're talking about MPLS or similar >technologies. What you want is called 'traffic shaping' > >For ordinary people with ordinary connections, the idea is as follows: >PART 1 - >"Starve the pipe!" >You must utilize your internet connection below its maximum 'guaranteed' >throughput, otherwise you will have no control over the upstream buffers >(see buffer bloat), and your real-time application, VoIP or otherwise >will suffer. In VoIP, that means that packets will either not arrive, >or arrive so late as to exceed the VoIP UA's jitter buffer, and will >result in subjective quality factors, technically referred to as "Shitty >quality" (Drops, stutters, etc). >PART 2 - >Prioritize your real-time packets! >Now that your pipe is VERY SLIGHTLY underutilized, you have left >yourself the ability to instantly insert the VERY NEXT VoIP packet into >your data stream if one should happen to arrive (the very NEXT VoIP >packet is the one you have to be preemptively ready for). When that >packet arrives, the 'shaper' immediately adjusts TX/RX rates to CONTINUE >to keep the pipe slightly underutilized. This is why you need to know >your up/downstream speeds to configure your traffic shaper. All of the >NON real-time stuff can be put 'in line'. All of that lower-priority >stuff essentially must 'wait in line' to get IN or OUT, at that magic >rate JUST UNDER the maximum rate to keep the pipe CONSTANTLY SLIGHTLY >UNDERUTILIZED. Naturally VoIP packets gets to go to the front of the >line in inbound or outbound queue. > >That's pretty much it. The 'starve the pipe' business is why it's not as >simple as "Simply prioritizing Voip" > >PFSense makes it quite simple however. Just measure your link speed at >something like speedtest.speakeasy.net. Walk through the "traffic >shaper wizard" specifiying that VoIP gets top priority, whether that's >the internal IP address (or alias) of your VoIP ATA, Astrisk server or >VoIP telephone. > >Good luck >-Karl > > > > > > > >On 6/2/2011 4:03 PM, Adam Thompson wrote: >> I’m trying to make sure VoIP has the best possible quality for a small >> amount of effort. >> >> I still don’t understand QoS, even the wizard is baffling to me – for >> whatever reason QoS is a layer my brain just doesn’t want to accept. >> >> What I’ve done in the past on other firewalls is a trivial “priority” >> setting: without configuring any queues, buckets, shapers, etc., I would >> simply create a rule matching SIP traffic (either by port, by >> NBAR-ish/L7 application or by IP address) and set the “priority” to >> “high”. I really have no idea what that does under the hood, whether on >> FortiNet, Cisco, or PaloAlto. >> >> Is there anything that simple that I can do under pfSense? >> >> Thanks, >> >> -Adam Thompson >> >> [email protected] <mailto:[email protected]> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] > >Commercial support available - https://portal.pfsense.org >
