traffic shaping per port or bridge?
-
while im bridging all 5 ports
-
anyone got 2cents on this???
-
C clutchmaster referenced this topic on
-
It depends where you are filtering as to where you can apply the shaping. You can move the filtering between the bridge itself or the members:
https://docs.netgate.com/pfsense/en/latest/bridges/firewall.htmlIt also depends what type of shaping you're using. AltQ shapers rely on the interface type supporting them. Both bridge and igb do though. But also also shape traffic leaving the interface.
What are you actually trying to achieve?
Steve
-
@stephenw10
the main goal is to solve webpage and video loading issues while downloading anything above roughly 3Mbyte/s / 24Mbits/s half the time i was sitting there for a minute waiting for a page to load seem to get worse with the vpn on but at a higher download rate... this seems to only affect the port this type of traffic is occurring onbut this question came up in my mind because when i first installed pfsense and i got to the point of choosing which wizard to use for traffic shaper "LAN" wasnt selectable and after fussing around and decided to dual boot and after going back to this step i discovered that "LAN" became an option and and also forgot to mention that LAN was selectable in the independent wizard but wasnt in the other
-
Well that depends what 'LAN' is assigned to. If it's bridge0 you should be able to use it if you set the sysctls to move filtering onto the bridge.
-
@stephenw10
so it would be better to shape bridge0 over per port with the bridge still in place? -
It might be better to place limiters on the bridge members to prevent one device saturating the link.
That's not going to help if the download is happening on the same end client you are trying to open webpages on though. You can only shape traffic you can filter for which is difficult if it is all https from the same client IP.
Steve
-
@stephenw10
thanks for the tips after the last 4 hours trying to understand what it takes to achieve an A+ in buffer bloat. ive come to a conclusion that either my modems junk or my local area is junk need to visit my friends house and i dont think any algorithm can solve this at my line speed i bet it will work perfect for the speeds at A+ rating though
would never have been able to figure this out without a pfsense limiters may copper lines never return if are lines ever get upgraded
though pretty sure making a traffic shaper for my setup will be trouble some since i use split tunneling on my vpn browsers on vpn and such but game launchers and games bypasses it, though after i try running straight intel for WAN and LAN ill be fairly certain its just dirty service above 40% capacityA+ bufferbloat = (166mb/s down +3ms) (9mb/s up +0ms) from 24ms 2.5ms jitter
my isp(spectrum) from speedtest = (375mb/s down +80ms) (12mb/s up +2ms) from 27ms (spikes 500-1100ms buffer bloat tests) -
If it's just a buffer bloat issue then don't shape on the LAN side at all. Just put a limiter on the WAN as shown here:
https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html -
@stephenw10
thanks for all the help and i have already put in place a limiter on the WAN thats how i was able to figure out what was happening with my network ive been dealing with this for atleast 10 years and all my research points to the dreaded intel PUMA 6/7 chipset i get an A+ for bufferbloat if i cap the network at 40% capacity -
@clutchmaster said in traffic shaping per port or bridge?:
if i cap the network at 40% capacity
Urgh. Yeah new modem time!
