16.14. QoS

You can find the QoS Settings at Services → QoS.

QoS

QoS can be configured and enabled on a per base interface basis. This means VLANs must be shaped on the underlying base interface, otherwise bandwidth can be used twice, for each VLAN in top of the base interface. Therefore please create different classes on the base interface to manage VLANs. It can be enabled also for Input and Output seperately.

QoS usually can only be achieved on traffic leaving the interface. In Order for us to shape traffic that enters the interface, a dumy interface with the name INTNAME-ifb is created. ALL traffic that goes into the interface will go through this DUMMY interface and therefore can also be shaped.

For Bridge members you can only configure the Output Speed.

Note

Output and Input meaning depend on the interface. On WAN Output is traffic leaving the interface to the ISP and therefore upload. Input is download because it is incoming traffic from the ISP. For LAN Input is traffic originating with clients and therefore upload. Output is traffic leaving to the clients and download.

Since traffic is shapped as it either arrives on an interface (INPUT) or leaces an interface (OUTPUT), different setups can be formed. To shape WAN traffic it is enough to enable QoS on WAN only with INPUT (download) and output (upload).

16.14.1. QoS Classes

QoS Classes

QoS is organized in classes. Each class can have a name and can be enabled individually. All Interfaces have the same classes, if you create a class in one interface it will also be present on all other interfaces. Classes are limited to 30. Each class can be configured individually on each interface though regarding to priority and speed.

Classes all have a priority. Classes with a higher prioirty are preferred when there is available bandwidth. The priority is very aggressive though and it is usually advisable to use the same priority for all classes and work with the minimum and maximum values so classes with a high priority are not starved of bandwith.

Spare/shared Bandwidth is bandwidth that is currently not used. Each class can have a minimum (guarenteed) bandwidth. If it does not use it, it will be shared with other classes as spare bandwidth. Also bandwidth not assigned to any class is spare bandwidth. It will be used by all classes that need them in order by their priority. The minimum bandwidth will be assigned to any class that needs it instantly though and will be removed from shared bandwidth when needed.

Higher priorities are preferred over lower priorites.

Input Min. sets the guarenteed minimum bandwidth for the input. Spare bandwidth is shared with the other classes though.

Input Max. sets the maximum bandwidth for the input. Even when more spare bandwidth is available it will not be used.

Output Min. sets the guarenteed minimum bandwidth for the output. Spare bandwidth is shared with the other classes though.

Output Max. sets the maximum bandwidth for the output. Even when more spare bandwidth is available it will not be used.

16.14.2. QoS Assignment

QoS is assigned in Firewall Rules either global or local Firewall Rules (Forward and Input) under the advanced settings. You can choose a class for input and output. Those will be used on any enabled QoS interface. Make sure the according interfaces have QoS enabled.

16.14.3. Limiter

If you need to only set Limiters, they are tied to the firewall rules and can be found at Firewall Rules (Forward and Input) under the advanced setting of each firewall rule. All matching traffic is bound to the limiter setting.

Be aware that firewall rules limiters are only “one way”. If you want to limit upload and download, you need to have two firewall rules. The Download must always be shaped on WAN and Upload on LAN, where the traffic enters the firewall first. Global Firewall Rules (Forward and Input) with the parameter matching might be better suited for a flexible limiter setup. With match, the rule will only do the shaping. A seperate allow rule is still required.