Traffic shaper changes [90% completed, please send money to complete bounty]
-
What kind of donation would be big enough to make this public and part of the RELEASE? Basically, very very very stable. I might be able find some contributors.
I would like to hear an answer to this question too.
-
Well I guess my paypal account (verified one) lost my credit card I had in there. So it's waiting until my eCheck clears on the 18th for the $100. Bottom line is that the $100 is on it's way. For now, I added my credit card back in (into paypal) and just donated another $25 via PayPal. It says it's been sent.
Thanks again for the fantastic work! I look forward to access to the updated image. I get a new PFSense ALIX box tomorrow and would love to be able to load it up with the new stuff.
Thank You
-
Hi Ermal.
Anychance I can get the new shaper tonight? That would be great!
Thank You
-
Ermal
can you post the current build date ..im running on build date Mar 18 21:13:51 UTC 2008
I know this is way behind but this is what i got from your old pm for the link
can you pm me the new link ..non of my shaping is working and I dont want to fudge it too much because its a production box ..i have a test box now that i can load any new builds ..thanks
-
I was on vacation and will update you all soon.
-
Contributed $50. I have no real need for it but would like to play with the functionality. Thanks for the effort. It looks like this feature has really helped many people here.
-
Thank you for the support it really helps go on :).
-
Hi Ermal.
Anychance I can get the link to the shaper? Thanks!
-
Hi Ermal,
I sent the money via Paypal to paypal@chrisbuechler.com. $50 for pfSense and $50 for you for the shaper. I got a receipt from Paypal but no acknoweldgement that funds were received by someone from pfSense. What is the next step to get the shaper?
Thanks,
Mark
-
Hi ermal,
Have not heard anything about getting the shaper…..Am I missing something?
-
Hello Ermal,
Good day, Just want to know when will be your traffic shaper be available in 1.2.1?
Regards,
Chris Ian
-
Well i have synched the code just need to make a build of it.
I still think that waiting after 1.2.1 is released would be better but i will see what i can do before that.i have sent you a pm not sure you ever got it?
-
@ermal
Never got the PM. :(
-
Ciao everybody,
i'm here just to say that finally i had a chance to play with Ermal's baby and after a lot of tuning it is working perfectly (as of now :) in my production network.
The wizard does a lot, but here are the encountered difficulties:
1. the queues created will have a corresponding floating rule to match them: problem is that if you have an already configured firewall with normal rules (per interface) that match the wizard created floating rules, the normal will win making the floating useless, thus the shaping. To make the shaping work, you'll have to modify each and every normal rule you have to follow the desired queue.
2. if you have a redundant configuration, pay a LOT of attention on your CARP and pfsync bandwidth shaping, or you'll end up with sync issues and routing troubles (=angry users)
3. the queues created by the wizard had to be tuned because they were creating a LOT of dropped packages. This is because i have a 250 PCs network and the default qlimit is too little for the amount of requests. Also the percentages (funny sometimes) of bandwidth allocated had to be tuned.I also had some woes with the queues management GUI, but in the end i'm very happy to see that the shaper is working fine.
So, here are a some hints for newcomers:
1. follow this forum thread and read carefully Ermal's instructions
2. RTF(unny)M on HSFC, ALTQ and pf if you want to have an idea on what's happening and fix it in case
3. a dump of the filter reloading is created everytime at /tmp/rules.debug: have a look at it in case
4. interface rules comes first, so don't feel lost if packets are not queued in your nice little floating rules
5. watch carefully the network traffic in the first days, and tune the filter with the help of pftop and tcpdump (both from ssh console)
6. stress test it or you'll end up with angry users and/or clients :-)Thanks to Ermal who made this possible.
Cheers,
Albe
-
Hello, I have gone over this thread quickly and would like to know more about the shaper itself.. I'll explain my needs first
I have been using pfsense for a while but the results are not what I expect .. yet
I manage two buildings, student housing, which means alot of p2p and well the service suffers alot from it, it's been very difficult to keep people happy for a few years now, either we restrict too much or we get bad performance.
Here's the setup:
building one, 250 users, 10mbit fiber over ethernet connection, pfsense gateway/server/router , no other shaping than pfsense
building two, 170 users, 10mbit fiber over ethernet connection, windows server gateway/router + linux server, quota per month/throttling down system (over 10gb users are put in a queue for the remainder of the month)building one has actually better performance (ironically) than building two, because building two has a bunch of computer tech students that do more damage than the fashion design majority in building one.
I need something to manage bandwidth, in both buildings, we can't upgrade to better service it's expensive enough already. I have tried to make something myself under freebsd with dummynet last year but I lack the experience and mostly the time, network and computer stuff is like 5% of my job.
If this project (and please be honest about it) can really help my situation I would be willing to contribute 500$ per building ( I would introduce the system in building one first)
I am looking at traffic of roughly 1TB/week from these 10mbit links
There is no voip, no captive portal, no domain accounts, just plug and play free internet sharing from the wall in each room. Each time we restrict ports etc it complains, and let's face it p2p apps use ANY port. Sometimes when there is too much traffic some users can't even have internet at all and complain. If I can't find a solution with software like this I'm going to have to buy hardware for it, which means even more money with unknown results.We want to allow fast reliable access to Web, email, IM and that's about it. The rest they can have, but I wish it would be so slow they would not care using it
So let me know if you think it would work
Thanks in advance
-
Can you try a snapshot of 2.0 and use the limiter?
Actually it is dummynet just used with pf.
You might want just a simple layer of dummynet, 2 limiters(pipe) or queues(childs) in dummynet with appropriate src/dst mask which will share the bandiwdth according to online users and you can use ALTQ to prioritize types of traffic like HTTP ACKs better than normal HTTP traffic etc….We are getting there on protocols shaping(l7 detection) but not finished.
If it is satisfies you in 2.0 i can merge it back on the 1.2.1 build, based on your contribution, i will make available after the 1.2.1 release of pfSense.
-
I did not notice it was possible to download a 2.0. I will try to install it, since its not a full release I must first check to see if the network is functional with it for a little while, I really can't afford alot of downtime. I will take a look at it and if it seems to help then I can contribute to get help configuring it properly since I'm not that much of an expert
But just to be sure, you are confident the type of network I have can be handled by this? If so this piece of software is worth alot of money to us and will be rewarded accordingly.. I mean they sell machines that do this for like 3k. This is sort of ip-based traffic shaping right?
I'll post back after I upgrade to 2.0 snapshot
thank you for your reply so quickly
Marc
-
Sorry, my first post might have seemed out of context, I now read the entire thread, realized it spanned over a year and understood that you are pretty much done with this and it's included in pfsense2. however, pfsense2 is described as not recommended, I really REALLY want to try it but my 250 users might not like it if it fails, is it stable enough? or am i gonna have to go over there at 2 am next sunday because it crashes?
-
If you want to use it just for shaping and basic firewalling it should be safe to try.
Can you post your requirments so i can give you a suggestion on how-to?
-
Like I said in my first post, it is a very simple network. I am not good with diagrams but I will try my best
Internet –-> Fiber-to-Ethernet Box ----> pfsense server --------> multiple unmanaged 10/100 switches -----> 250 end users
Point-to-point 10mbit/10mbit P4 computer some with gigabit uplinks wireless APs will most
Fixed Ip eth0 wan most of the network is wired likely be added next
to Telco eth1 lan (80%) for 10mbit, rest is 5e summerAbout the server:
Right now it is doing everything
DHCP, DNS, NAT, Firewall, Traffic Shaper
Should these functions be divided in two computers to have the stable release sharing the internet, and another one shaping the traffic so that there is added redundancy or it is sufficient?Server is 10.0.10.1 subnet is 10.0.10.xxx to 10.0.11.254
Objective is to offer fast reliable service for basic internet features for students : web, mail, IM, games, web phones/cams. and restrict p2p and other traffic that is clogging the network to a crawl
Recently the wiring was redone, so each floor (1 to 5) has a feeder coming from the first switch to its switch room, then two additionnal switches are connected to each other per floor.
I'm trying to include as much information but I think thats pretty much it
On a side note, the last pfsense I installed was from the "live cd" release. I noticed the 2.0 snapshots only say "alpha alpha". Is the install procedure still similar? Just to know what to expect.
Thank you in advance. Again if this is successful I'd be more than willing to pay you for your trouble and research if you supply me with a "custom" build and some support for setting it up (which is pretty much what you are doing now)
Thank you so much for everything so far!! I feel, and hope this might be the solution of many of my troubles of the past few months
Marc