Traffic shapping effect on lan smb traffic
-
after applying the default traffic shaping wizard, the throughput between lan segments for SMB traffic is extremely low (~350KB/s) on GB lan links.
pfsense is setup with a single WAN adapter (192.168.0.1) and has 4 other adapters configured (192.168.1.1, 192.168.2.1, 192.168.3.1, 192.168.4.1). Tranfer speeds within segements are fine (full throughput), just traffic passing between segments (and the pfsense device) is sluggish. traffic from each segment out the wan is also pretty good (up to 60Mb/s).
so, just looking at the floating rules, there is one for SMB 445 and by default gets assigned the qACK/qOtherDefault (unless I change during wizard setup), but seems to have zero effect between lan segments.
I've tried disabling the floating rule, which seemed to have no impact. I had setup a default allow rule for each segment similar as follows:
protocol: IPv4*
source: LAN net
port: *
destination: *
port: *
gateway: *
queue: nonewhich I thought would simply put zero queue/restrictions on the segment. However, do I need to create a specific rule for this protocol in each segment? and is the floating rule overriding the other rules in this case?
[edit]
note, the WAN DL/UL is 60Mb/4Mb, so the 355KB/s seems to align with the 9.5% qOtherDefault bandwidth limit. How do I work around this for LAN segments to provide a much higher Bandwidth limit between each other?
-
Do you use HFSC?
-
sorry for the delay, but yes HFSC is in use.
-
I'm beginning to think that the only way around this is by modifying the bandwidth settings by interface within the queue definitions.. something similar to (* is default queue for scheduler options):
- LAN1
- qInternet
- qACK
- qOthers *
- qIntranet
- qDefault * - LAN2
- qInternet
- qACK
- qOthers *
- qIntranet
- qDefault * - WAN
- qInternet
- qACK
- qOthersDefault *
…
Where LAN1 and LAN2 bandwidths are bumped to 2Gb and the queues qInternet and qIntranet are set for actual bandwidths (60Mb for qInternet and 1Gb for qIntranet)... eventhough they're only 1Gb NICs. I could keep the bandwidth limit for WAN set to 60Mb (actual link speed), and setup firewall rules that use the qDefault queue on qIntranet for sources and destinations between LAN segments 1 and 2 ?
would this work or would I have some potential problems when traffic began exceeding a segments real capability of 1Gb?
- LAN1
-
well.. that was a terrible idea and didn't really work. after setting up firewall rules to place source and destination traffic into the qIntranet/qDefault.. everything ended up in it, completely ignoring the floating rules.
The traffic that did go to the internet was handled though with WAN floating rules… I suppose I could remove the queues for LAN1 and LAN2 qInternet entirely, relying only on WAN floating rules for internet traffic and setup just a single qIntranet/qDefault assigned as described above (just dropping the qInternet stuff for those interfaces)?
not really to sure.