[Q] how do I QoS for a specific MAC?

Started by ricostuart, October 29, 2024, 11:28:54 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 29, 2024, 11:28:54 AM
I've got a 1gig fttp wan going to my opnsense fw. My wife works from home and has to have her work laptop connected via her work vpn. What I would like to know is, how do I ensure that her laptop has a good connection? Was thinking of a qos rule to give dedicated 25mbps using her mac address but I'm not sure how to do that. I looked at the documentation but I'm still not clear.

The setup is the modem is connected to my proxmox server which is hosting the opnsense fw. Opensense is running with kea ipv4, agh and unbounded. Eventually I want opnsense to also push data through a vpn.

Thanks for any helpful tips or guides!
October 29, 2024, 11:36:32 AM #1
You cant do QoS based on MAC classification in OPNsense. You could do COS based on CS classes or DSCP but for that you would need to mark the packets/frames on the device itself or some other device in the network. OPNsense cant do that.

You can do classification based on L3 and higher protocols in the FW > Shaper > Rules.

If you want to give a dedicated BW to a device do it based on one of those options, you can do it based on 5-Tuple.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 29, 2024, 12:03:13 PM #2
And also just test speeds from within the VPN. Chances are that with that much bandwith, nothing is needed.
I work mostly from home. I am required to use the company-provided laptop and VPN. I spend a lot of time on MS Teams calls and no problem ever. My FTTH line is 500/70 Mbps. There are two other people in the house using the connection too but lightly most of the time.
Even when someone is streaming video and me on video MS Teams calls, the only glitches I seem to have are to do with the VPN. Nothing to do with OPN.
Hope this helps.
October 29, 2024, 12:54:23 PM #3
Quote from: cookiemonster on October 29, 2024, 12:03:13 PM
And also just test speeds from within the VPN. Chances are that with that much bandwith, nothing is needed.
I work mostly from home. I am required to use the company-provided laptop and VPN. I spend a lot of time on MS Teams calls and no problem ever. My FTTH line is 500/70 Mbps. There are two other people in the house using the connection too but lightly most of the time.
Even when someone is streaming video and me on video MS Teams calls, the only glitches I seem to have are to do with the VPN. Nothing to do with OPN.
Hope this helps.

I work like 99% of the time from home. And similar setup as yours, but I blame the MS Teams glitches to MS itself.

I have on my OPNsense only Shaper using FQ_Codel and its enough to handle people in my home and all they do.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 29, 2024, 02:10:35 PM #4
You know you reminded me that I have shaper setup. I had completely forgotten and now I have somewhat misled the OP. It is not "just works". There is shaping involved.
Unfortunately I do not know the details or the shaper implementation in OPN but happy to share for the OP if they want; however is for a different bandwith.
October 29, 2024, 02:54:37 PM #5
Well or OP can just use >

https://docs.opnsense.org/manual/how-tos/shaper_bufferbloat.html

Simplest way to setup FQ_Codel which can take care of most of buffer bloat problems.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
October 30, 2024, 06:14:32 AM #6
With or without QoS you'd be hard presset to fill up the pipe, especially on the download side.

For uploads, depending how many MB you have there, it would be a good idea to keep an eye on if the value is low and you run scheduled remote backups or have services like Dropbox/OneDrive/etc that are overly busy synchronizing stuff all the time.

As far as major business messengers/conferencing tools like Webex or Teams are concerned, the enterprises already tend to their users needs while at the same time getting rid of unnecessary traffic traversing their VPN ASAs by doing split VPNs for Google video/Facebook/Webex/Teams traffic. Some VPN clients will dynamically show which routes are in scope for the split VPN when using the respective service(s).
October 30, 2024, 09:50:20 AM #7
Well you are true on all points new, but; Quality of experience is not only bound to capacity on the link you have for WAN. Thats the main reason I am advocating here for FQ_Codel, or basically any proper Scheduler + Queue configuration.

If for example for some reason a packet will not be sent on a timely matter, delayed or the buffers are saturated, or the upstream ISP has congestion or/and buffer bloat related issues. The later (anything away from your network) you can not control but you can ease with AQMs such as FQ_C. As it does one major thing

'Offers back pressure to flows that are sending "more than their share" of data'

So even if you are not in control of whats going up upstream away from your network, you can still ease it.


FIFO just does not cuts it in today's day in my opinion.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions