Limiter Cueues and Pipes
-
I have a quick question on the way pipes and Queues share bandwidth between masked clients.
In the past, I could sware a configuration like this worked:
Where the 5mbps sets the bandwidth of the pipe and the children mask to the source and destination respectively. (/32)
I had thought, perhaps mistakenly, that this would allow multiple masked clients to have separate buckets so for example I could have two clients downloading at 5mbps, but instead, this seems to give all clients in this pipe the same bucket; if two clients are downloading they share the same bandwidth effectively getting 1/2 of the configured speed.
After a little testing today it seems what I should have done was create different pipes and that seems to work:
Both clients downloading at the same time get the full 5mbps.
So my question is; Are the multiple pipes the correct way to configure per IP limits, or am I doing something wrong with the single pipe and multiple child Queues?
Thanks.
-
@Hossimo If you are using a limiter, on the limiter, you can set a mask of /32 to have it apply to each IP individually.
https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html#creating-limiters
"When a limiter is set for Source Address or Destination Address, the pipe bandwidth limit will be applied on a per-IP address basis or a subnet basis, depending on the masking bits, using the direction chosen in the masking."like so:
-
@SteveITS Thanks, sorry I probably did not make it clear enough that in the second case of using two pipes, I did make them /32's and that did work.
My question was with the single pipe and two child queues, does doing it this way always cause the source/destination clients to use the same bandwidth bucket?
Essentially when I'm wondering:
Do I need to make pipes that define the bandwidth and queues that define the mask
-or-
Should I make cues that define both the bandwidth and masks?
The documentation is not clear on this, or more likely I'm not understanding some part of it.
in the Docs it clearly says to make a new Limiter (Pipe) and then create a child limiter (queue) within the pipe. However, doing this seems to only share the configured bandwidth with all masked clients.
-
@Hossimo What the firewall rule page refers to as pipe is the limiter in the traffic shaping page. (just noting because it's not consistent)
My understanding was everything in the pipe is limited by the pipe. The mask is on the pipe/limiter. I don't think one can put a mask on a queue?
What we did for our case was create limiters for the speeds, and a /32 mask on the limiter. This splits the traffic by the source IP.
Queues are used more for prioritization since limiters don't need a queue. One can however direct limited traffic into a queue for prioritization, which we do via floating rules.
-
Thanks so much for the explanation.
the UI lets you put a mask direction and bits on the queue, but this makes sense to me now.