Per IP traffic shaping–share bandwith evenly between IP addresses??
-
HFSC - But that's not the subject of this thread.
Sorry for my ignorance. ::)
Can you at least guide me to configure HFSC to solve my problem. ;D
-
There are countless threads about it.
-
my first post on the forum :)
i wanted to say that the guide offered by foxale08 back in 2013 works great on version:
2.2.6-RELEASE (amd64)
built on Mon Dec 21 14:50:08 CST 2015
FreeBSD 10.1-RELEASE-p25https://forum.pfsense.org/index.php?topic=63531.msg364520#msg364520
i run a 1 wan 1 lan port setup. all traffic over the lan port is forced over a vpn connection.
as a practical test i maxed out my 25/5 Mb/s bandwidth with a long download. i tried a long hd youtube video and it stuttered and wouldn't play. as expected.
i then applied the guide as instructed (deviating only when i had to put in my upload and download speeds which i chose to put in Mb/s and no Kb/s).
i re-started the long download to max the bandwidth. i tried the long hd youtube video and low and behold the speed reduced on the download and the youtube video worked perfectly. to stress test it i started a similar video on 4 more clients and it had the same great effect. pushed it further and started another high speed download and it seemed to keep working. neither hd video stopped buffering and each download ran with roughly even download speed.
excellent solution. thank you.
-
Thank you everyone for this!
Just curious what would happen/is there a benefit to apply the in/out pipe that you specify for the lan firewall rule on your VPN? If yes then is it the same orientation for OpenVPN/Ipsec? (incoming pipe is going out and out pipe is incoming). -
@crisdavid:
Thank you everyone for this!
Just curious what would happen/is there a benefit to apply the in/out pipe that you specify for the lan firewall rule on your VPN? If yes then is it the same orientation for OpenVPN/Ipsec? (incoming pipe is going out and out pipe is incoming).I am wondering about this myself. My situation is that I have my pfsense box using one of the initial suggestions here on two different interfaces and they seem to work well. I would love to dedicate a set amount to any IPsec traffic because I have noticed it slowing down a lot since I put these limiters in place. I will do some testing today and get back to you.
Edit: So, I don't know why I thought it was like this, but the IPsec tunnel is not in the interfaces section so I can't assign a limiter to it. Does anyone know a way to do this?
-
Now I am wondering if I messed up somewhere along the line. As you can see, I have the HFSC traffic shaper set up and I also have limiters. From what I am reading now, you should only have one or the other.
On one hand, I like the limiter because it lets me limit a specific interface very easily. My OPT2 interface has guest devices which are greatly reduced on the usage they are allowed. My LAN interface also has a limited on it so that the combined speeds don't exceed my WAN connection. The LAN interface has a lot of bandwidth hogs as well as VOIP traffic, so I am trying to be very careful on how I manage the shaping here.
If anyone has any suggestions or can explain why they would go with HFSC vs a limiter, I would greatly appreciate it. Or if I should create a whole new thread, feel free to slap me around!
 -
@crisdavid:
Thank you everyone for this!
Just curious what would happen/is there a benefit to apply the in/out pipe that you specify for the lan firewall rule on your VPN? If yes then is it the same orientation for OpenVPN/Ipsec? (incoming pipe is going out and out pipe is incoming).I am wondering about this myself. My situation is that I have my pfsense box using one of the initial suggestions here on two different interfaces and they seem to work well. I would love to dedicate a set amount to any IPsec traffic because I have noticed it slowing down a lot since I put these limiters in place. I will do some testing today and get back to you.
Edit: So, I don't know why I thought it was like this, but the IPsec tunnel is not in the interfaces section so I can't assign a limiter to it. Does anyone know a way to do this?
In my case I followed this thread and I'm using CODELQ on my pfSense Box that I use for my home personal network. Just got my Ipsec up and been having OpenVPN for awhile but realised that in the firewall rules you can specify the in/out pipe for the VPNs. I tried specifying the in/out just as I did following this thread but to my OpenVPN. I don't get a lot of traffic all the time so I can't see how it performs :/ with this setup.
-
Hi
I tried to input these settings in 2.3.2-RELEASE (amd64) and it worked for a while, but all of a sudden some webpages could no be accessed…..
I rebooted the router but i did not help, i removed the limiter setting and all started to work again...Has someone else tried these settings in the newest release ?
Or is it a fact that it only works in the older versions ?Kind regards
PES
-
Hi
I tried to input these settings in 2.3.2-RELEASE (amd64) and it worked for a while, but all of a sudden some webpages could no be accessed…..
I rebooted the router but i did not help, i removed the limiter setting and all started to work again...Has someone else tried these settings in the newest release ?
Or is it a fact that it only works in the older versions ?Kind regards
PES
I've personally haven't run into this. Do you have any extensions installed on your browser?, and do you have any packages or configurations running on your pfSense box like?
-
@crisdavid:
I've personally haven't run into this. Do you have any extensions installed on your browser?, and do you have any packages or configurations running on your pfSense box like?
I only have squid running, and the problem happened on several different computers,ipads and different brrowser (chrome, safari and firefox), so i don't think its a browser thingie..
Everything worked great before limiters and after i removed the limiters, so the only conclusion i came to that it doesn't work in 2.3.2,
can squid have an impact ? -
I have also tried the instructions in post https://forum.pfsense.org/index.php?topic=63531.msg364520#msg364520 at 2.3.2 64bit but no result. I also tried them at the latest 2.3.3 snapshot and even in that case they did not have any effect. Of course i have tried to modify the default LAN –> To any rule, make a new one with destination NOT LAN NET, no luck at all.
At my case, when i download a big file, even with 1 concurrent connection, no one at my local network can access the internet. The pings are crazy, 700ms+!!
Can anyone help me? -
I followed the guide, setting my speed correctly. I then loaded up an nzb on my server. Normally this would max out my connection 12-14MB/s, but I was only getting 4.5-5.5MB/s. I then loaded up speedtest on my PC and was getting ~40mbps. At this point I figured that it was splitting my speed as desired, so I stopped the NZB and reran speedtest (multiple times actually) but was never able to get higher than ~40mbps. I then stopped all traffic from my PC, and started the NZB backup, and same thing, I can't exceed 40-50mbps.
Now the whole time I was running these tests, I was watching my interface traffic, which never exceeded ~50mbps, and I know nothing else was using the network. So either I set it up incorrectly, it's not working correctly, or (and this is my guess) that I have device(s) on the network that are sending just enough data in the background to warrant splitting of my bandwidth.
Somewhat related, but I also have 2 other subnets/vlans, how would I go about setting the limiters in that case? And does this work well with VoIP, or should I also use QoS?
-
I have both HFSC shaper and evenly set limiters by foxale08 guide, but I can not get limiters to work. If I start ookla speedtest simultaneously on 2 IP addresses, one on the PC and second on the smartphone, PC always wins. Standalone running smatphone will score at 90Mbps and PC at 265Mbps, when started simultaneously — PC wants to aggregate all possible bandwidth and eats up to 245Mbps, smartphone drops to 20Mbps, seems like limiters do not work as desired or i miss something else. I've tried amd64 2.3 and beta 2.4. Any suggestions?
-
OK got some progress, I've played with bandwidth values decreasing them and I see some progress in bandwidth share, smartphone is now hits 64Mbps, thats is much better, but could be better anyway. :)
-
Maybe the smartphone doesn't download as fast as the PC?
What does it transfer when it is transferring without the competition?
The limiter doesn't say "I see two connections I will give them each half." It tries to balance the network as best it can based on the demands of each IP address.
-
Maybe the smartphone doesn't download as fast as the PC?
What does it transfer when it is transferring without the competition?
The limiter doesn't say "I see two connections I will give them each half." It tries to balance the network as best it can based on the demands of each IP address.
Without competition it is transferring at 88-90Mbps. If I screw bandwidth down to ~200Mbit then it works as intended, smartphone transfers at maximum speed, but it limits all bandwidth used to ~190Mbit that is not acceptable on 300Mbit symmetrical (275 stable).
Can you clarify how balancing works in this scenario?I just expected something similar to
@Derelict:Huh?
How do you want it to work? That's the exact behavior expected.
If you want the first host to get 120Mbps then that's what you set the limiter to. Then you create a child limiter that masks on each source/dest IP address under that. Then you'd get something like:
120
60/60
40/40/40
30/30/30/30
24/24/24/24/24
20/20/20/20/20/20etc
-
Right but that is if everything else is equal, which it never is.
-
This does not explain why bandwidth limiting helps, some bottleneck detection mechanism triggers earlier?
-
What did you say?
-
Did you read my previous messages?
If I decrease the limiter bandwidth then "equalization" works much better, giving smartphone his maximum transfer rate and limiting PC transfer rate. For example standalone, without competition, transfer for PC is 265Mbps and 89 for smartphone, limiting bandwidth in limiter to 200Mbps gives in result that smartphone transfers with 89Mbps and PC transfers at ~110Mbps with competition. If I set limit at 275Mbps as it theoretically should be set, then smartphone transfers at 45-65Mbps and PC at ~210Mbps with competition, thats why I am asking what is wrong, nothing else.
