Quality of Service architecture

PeterDedecker · December 4, 2025, 1:15pm

Hi all,

I’m setting up a Quality-of-Service architecture and would like to hear your feedback on the Peplink implementation.

I mainly have three different kinds of traffic:

Mission Critical traffic: defined by LAN IP, and/or remote IP, and/or TCP/UDP ports
Business Critical traffic: same
Best-effort traffic: same

It might be clear that Mission Critical traffic has the highest priority anytime anywhere, even starving out the Business Critical traffic when necessary. Business Critical traffic is of higher importance than Best Effort. A maximum allowed bandwidth can be defined for it. Best Effort is lowest priority, but can’t be neglected: we really need this traffic to be treated the best possible way in its priority class. These can be large file transfers (data sync) that may take longer, but that must be allowed to consume all available bandwidth except the reserved bandwidth for MC/BC.

Mission/Business critical traffic is sent in Speedfusion tunnels with FEC/WS settings. Best-effort traffic can be both: internet traffic that can be sent through the tunnel or local break-out.

WAN connections are Cellular, Starlink and WiFi WAN on offshore and inland vessels, so somewhat various depending on the location and availability. As setting the WAN connection bandwidth is important in order to make QoS priorities kick in, this can be quite complicated: when these at the normal inland expected bandwidths, QoS doesn’t kick in when the connection degrades due to increased distance right where QoS is most needed. When setting this lower, you don’t exploit the available bandwidth and restrict yourself too much. (I’ve noticed and tested that when setting a WAN interface to e.g. 2 Mbps you effectively can’t send more than 2 Mbps over that interface, it’s a hard limit and not an expected bandwidth)

If I’m correct, the Peplink scheduler on the WAN interfaces first takes the Speedfusion packets. (Yes, I have SpeedFusion VPN Traffic Optimization enabled) When there are no Speedfusion packets in the sent buffer, the other packets are taken and treated according to their QoS priority only if the bitrate of incoming packets in the sent buffer is bigger than the available upload bandwidth of the specified interface. Please correct me if I’m wrong.

Next, within a Speedfusion tunnel, the same happens.

But how is traffic in two different Speedfusion subtunnels treated?

In my setup, I have a separate Speedfusion subtunnel for these three traffic classes, where MC traffic has WAN Smoothing enabled, BC and BE traffic have adaptive FEC enabled. Next to that, there is also BE local internet break-out traffic which has, according to the scheduler implementation, lowest priority.

How do I make the distinction between MC and BC traffic and make sure MC always has highest priority and even starves out all the rest when necessary? Especially when only one healthy or saturated WAN remains, I don’t see how I can give priority to MC traffic.

Am I correct in my reasoning about the Peplink implementation? What could be your recommendations? Thanks!

PeterDedecker · December 9, 2025, 3:34pm

User Groups seem to be a complicated/non-default solution, as one server might both be sending mission cirital data as well as best-effort data on different ports/endpoints…

Tobias_Lingel · December 12, 2025, 11:33am

Good morning everyone,

We have a similar challenge.
Let me try to explain:
We have various types of managed traffic, most of which is unfortunately HTTPS, but there is also other traffic.
We can route the traffic to the desired destination using the outbound rules.
Now we have decided (due to a lack of destination prioritization in the tunnel itself) to create three sub-tunnels for our managed traffic and prioritize them as high, normal, and low via “all traffic.”
But now we are faced with the question of how we can prioritize the tunnels themselves.
To explain
Subtunnel 1 - Important
Subtunnel 2 - Normal
Subtunnel 3 - Low

I can’t find a way to prioritize the tunnels among themselves. Is it even possible to give the subtunnels different priorities among themselves?
Of course, it would be better if we had similar filter options in the tunnel itself as we have in the outbound rules, then the problem would be easier to deal with.

What are your experiences here?
I welcome ANY input.

Best regards,

Tobias_Lingel · January 7, 2026, 9:34am

Hello everyone,

Are there no experience reports in the community?

Best regards

MarceloBarros · January 7, 2026, 12:56pm

Hello, @Tobias_Lingel

Please… take a look at QoS for SpeedFusion traffic … maybe help you…

Tobias_Lingel · January 9, 2026, 7:42am

Hello @MarceloBarros
Thank you very much for your feedback.
Unfortunately, I don’t think the linked forum post will help me achieve my goal.

Why?
Due to different HTTPS traffic, we plan to route this traffic via outbound policies into different Speedfusion sub-tunnels.
In these tunnels, “all traffic” will then be prioritized with the values “high, medium, and low.”
However, I need to ensure that the various sub-tunnels are not treated “equally,” but can also be prioritized with “high, medium, and low.”

Of course, it would be even better if we could differentiate the traffic in a similar way to the outbound policies, but unfortunately this is not possible.

Is such a use case known and has a solution already been found here?

Best regards,
Tobias Lingel

j16 · January 13, 2026, 6:55am

thanks for this info!