Traffic shaper changes [90% completed, please send money to complete bounty]

Rich

Is there a ballpark ETA for 1.2? I'm redesigning our entire network and want to use it with the new traffic shaping as our edge firewall.

quentusrex

Would this help with load balancing incoming connections? What about balancing outgoing connections to which ever connection has the least usage?

If it can help with my project I'll consider donating $100.

eri--

Would this help with load balancing incoming connections? What about balancing outgoing connections

You can shape such setups.

to which ever connection has the least usage?

This is not a shaper decision. This is the load balancer option.
But you might create another bounty for creating such a feature.

qluk

Hi,
Is ~50$ enough to get this custom version? It's important for me because i'm providing internet access for free (non-profit ISP). And i don't have much budget.

grolo

I don't know if this can be done with pfsense now or with the new custom patch you are developing.

The question is if it's possible to create different groups or classes in the local users and to assign them different bandwith. For example you have a wireless network and clients can access through de captive portal, with dhcp, and i would like to create a gold client class, silver and bronze, and assign 1MB, 512 KB and 256 KB to each download rate.

I think this is not possible now, but i don't know if that would suit in this bounty or for a new one.

Thanks for your time and work.

eri--

The question is if it's possible to create different groups or classes in the local users and to assign them different bandwith. For example you have a wireless network and clients can access through de captive portal, with dhcp, and i would like to create a gold client class, silver and bronze, and assign 1MB, 512 KB and 256 KB to each download rate.

I think this is not possible now, but i don't know if that would suit in this bounty or for a new one.

It can be accomplished sort of right now.

But to fullfill your exact requirements it would really be a new bounty to keep things clean.
It is on my schedule and a bounty would speed things up cause i have the ground work for this mostly done.

Although i would like to see this changes come with the propper captive portal changes and people gather up on a bounty for extending captive portal!(Again as a matter of pushing things).

colin7151

OK so if I can scrape together like $200:

• Will I get a package that I can install on 1.2 once it goes final ?

• Will anyone be able to provide basic support if I cant get it to work ?

• Will it get updated if updates of pfsense before 1.3 break it or will I be stuck on the same version of pfsense that it was originally written to work on ?

• Will it get updated with general bug fixes ?

• Can I send the patch to friends ? What about posting it on my blog ? What is the license of this package going to be ?

eri--

@eri--:

@eri--:

What it can do:
1- Supports CBQ, HFSC, PRIQ schedulers whith any combination of them on any number of interfaces. To suit any strange environment.
2- You can shape
        Bridge, PPTP, PPPoE, OpenVPN or tun devices, IPSec incoming, Overall IPSec tunnels, L2TP, or any other device/software that does IP traffic in a distinguishable way.
3- You can create policy filtering as there is a new tab which allows expressing a late match syntax with support for tagging and matching on tags(i call them marks in the GUI), directions. Simple allows one PF expert to do policy filtering.
4- The queues are specified in each rule you create, there is no more a rules tab on the shaper section. This makes things cleaner and easier to manage.
5- You can shape/override DHCP, DNS, or any default policy of pfSense by just creating rules from the GUI.
6- The easiest way to create a policy for multiple interface shaping and filtering, at least in contrast with what i have used.
7- [Is on its way] Multiple wizards to use on different environments.

Requirments:
1- Know how.
Meaning you should know what you want then i guarantee it can be done with this new module and the wizards should help on this,

Am i missing anything Scott?!

Adding another feature so it remains as a documentation too:

8- If you have 3 different networks separated from each other and you want to combine to a single centralized management with pfSense and the new shaper, they can be handled/shaped separated or even provide failover for them. Kinda, basic support for different domains.

9- Shaping inside IPSec tunnels works now.

sbyoon

I'm also interested in the traffic shapping in IPSec tunnel. So I sent $100 to Chris Buechlers paypal account today.

Thank you.

craigdrown

Hi,
we've spent a lot of time looking at traffic shaping, and really like the approach of bandwidthabitrator.net, which is to…
... do nothing until pipe is 85% full (user specifiable)
... if > 85% then clamp specific connections that have the highest bytes transferred and longest connection time. (Clamp as in introduce some latency to slow 'em down). This happens pretty quickly and then the process is repeated...
Advantages:
  * super easy to set up
  * gets the pesky p2p stuff even if on port 80
  * allows all users to get lots of bandwidth without the risk of them bogging down other users when it's busy.

pftop already does all the stats for finding the offending connections, it just needs a clever head to work out how to slow down those particular connections.

I realize this is significantly different to existing traffic shaper work, so please make a new thread if approp. We'll donate US$500 up front if someone takes this up.
Thanks,
Craig

sporkme

@sullrich:

@Rich:

Can I make a donation of a couple hundred bucks and be able to get this update?

First of all, absolutely.  We really want to get Ermal compensated for all of his hard work.

OK, I never promised anything, and I'm currently one broke bastard.  But if people that pledged money in this thread didn't follow through, shame on them!

I just sent $50, I wish it was more.  I don't even need this feature nor would I use it for work - I just want to tinker at home, but it irks me that people didn't pony up.  I hope everyone that stiffed the devs sleeps well.  :P

edit: you'll see my donation from an "@fasttrackmonkey.com" address.

eri--

@craigdrown:

Hi,
we've spent a lot of time looking at traffic shaping, and really like the approach of bandwidthabitrator.net, which is to…
... do nothing until pipe is 85% full (user specifiable)
... if > 85% then clamp specific connections that have the highest bytes transferred and longest connection time. (Clamp as in introduce some latency to slow 'em down). This happens pretty quickly and then the process is repeated...
Advantages:
  * super easy to set up
  * gets the pesky p2p stuff even if on port 80
  * allows all users to get lots of bandwidth without the risk of them bogging down other users when it's busy.

pftop already does all the stats for finding the offending connections, it just needs a clever head to work out how to slow down those particular connections.

I realize this is significantly different to existing traffic shaper work, so please make a new thread if approp. We'll donate US$500 up front if someone takes this up.
Thanks,
Craig

I think the new shaper is superior than this.
Not currently, but for 1.3 will be ready a discipline that does that but better in many ways.

You can do such configuration and people seem pretty happy with it(HFSC). Though you have to identify traffic properly.
If you want to still donate that money i will make sure that a feature to better identify traffic goes in for 1.3.
Which would allow finding P2P and other traffic on any port!

Jonb

Can you name and shame these ungratful people and also say how much you are short by of what the original plegdes are. thanks

heiko

Sorry,
for me!!! "name and shame" is also a bad style.

It is here a pillory? To educate people here is pointless, only the changes of the bounty-system is an option, but this is only my opinion!

Greetings
Heiko

heiko

Hello eri,

1600 $ done! to paypal@chrisbuechler.com

Greetings
Heiko

sullrich

@heiko:

Hello eri,

1600 $ done! to paypal@chrisbuechler.com

Greetings
Heiko

Thanks Heiko!!!  I agree, we need to make some changes to the bounty system to prevent this from ever happening again.

eri--

Thank You Heiko for your support.

bogus

Hi all,

I hope we get some compensation for Eri– for his work.

100$ on it's way to paypal@chrisbuechler.com

Carry on this great work.

I hope to see 1.2 and this package soon.

Detlef

ridnhard19

Hi, Eri– will the new shaper support the embedded version before major inclusion with 1.3? If so I'll defiantly throw-in for this.  I have a couple embedded pfSense box's including a firebox with 5 ethernet ports and this would be a excellent enhancement.

eri--

Yes.