Sharing limiters and child limiters between firewall rules
-
I understand how to create limiters and child limiters, but I have a question regarding sharing a limiter between different rules.
My scenario:
I have 3 tenants at my property, who during certain hours hammer my connection with VoIP and streaming usage. I currently have a number of pre-defined limiters set to work with, in granular increments, however the two limiters I'm using are –-
Up_3_Mbps (Source address)
- qUp_3_Mbps (Source address)
-
Down_20_Mbps (Destination address)
- qDown_20_Mbps (Destination address)
Each limiter has a child limiter as described above.
I've made 3 firewall pass rules, with the source being an alias for each tenant's devices. The rules have their In/Out pipes defined to the child limiters described above (qUp_3_Mbs / aDown_20_Mbps).
The desired effect is to have all 3 tenants share a 20/3 connection, not to give each a separate 20/3 connection. Am I setting up the rules correctly?
Kindest regards for your advice!
-
-
I understand my question may have been answered before, but I'm unable to find a similar thread explaining this, thus the new post. If someone can off-hand recall a post that answers my question, please kindly link it here.
Thanks!
-
No you would not mask on the parent limiters - just the children. masking on the parent will create a separate pipe for every source/dest IP address.
-
Thanks for your reply Derelict.
So if I'm understanding you correctly, I should remove the source/destination address mask from the parent limiter (e.g. Up_3_Mbps), and instead set the mask to source on the child limiter (e.g. qUp_3_Mbps). So in my case, if I use the child limiter qUp_3_Mbps on multiple firewall rules, all those rules share that pipe? If I let's say create multiple child limiters under the parent (e.g. qUp_3_Mbps_1, qUp_3_Mbps_2, qUp_3_Mbps_3, etc. etc.) then they would all share a single 3 Mbps pipe?
-
That is my understanding, yes. You can put multiple interfaces into the same limiter and they will all share that bandwidth as long as they are not masked.
-
Thank you very much Derelict for confirming. I've now adjusted my firewall rules per your suggestion.