Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Per IP traffic shaping–share bandwith evenly between IP addresses??

    Scheduled Pinned Locked Moved Traffic Shaping
    172 Posts 75 Posters 139.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spritzup
      last edited by

      I followed the guide, setting my speed correctly. I then loaded up an nzb on my server. Normally this would max out my connection 12-14MB/s, but I was only getting 4.5-5.5MB/s. I then loaded up speedtest on my PC and was getting ~40mbps. At this point I figured that it was splitting my speed as desired, so I stopped the NZB and reran speedtest (multiple times actually) but was never able to get higher than ~40mbps.  I then stopped all traffic from my PC, and started the NZB backup, and same thing, I can't exceed 40-50mbps.

      Now the whole time I was running these tests, I was watching my interface traffic, which never exceeded ~50mbps, and I know nothing else was using the network. So either I set it up incorrectly, it's not working correctly, or (and this is my guess) that I have device(s) on the network that are sending just enough data in the background to warrant splitting of my bandwidth.

      Somewhat related, but I also have 2 other subnets/vlans, how would I go about setting the limiters in that case? And does this work well with VoIP, or should I also use QoS?

      1 Reply Last reply Reply Quote 0
      • w0wW
        w0w
        last edited by

        I have both HFSC shaper and  evenly set limiters by foxale08 guide, but I can not get limiters to work. If I start ookla speedtest simultaneously on 2 IP addresses, one on the PC and second on the smartphone, PC always wins. Standalone running smatphone will score at 90Mbps and PC at 265Mbps, when started simultaneously — PC wants to aggregate all possible bandwidth and eats up to 245Mbps, smartphone drops  to 20Mbps, seems like limiters do not work as desired or i miss something else. I've tried amd64 2.3 and beta 2.4. Any suggestions?

        1 Reply Last reply Reply Quote 0
        • w0wW
          w0w
          last edited by

          OK got some progress, I've played with bandwidth values decreasing them and I see some progress in bandwidth share, smartphone is now hits 64Mbps, thats is much better, but could be better anyway.  :)

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Maybe the smartphone doesn't download as fast as the PC?

            What does it transfer when it is transferring without the competition?

            The limiter doesn't say "I see two connections I will give them each half." It tries to balance the network as best it can based on the demands of each IP address.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • w0wW
              w0w
              last edited by

              @Derelict:

              Maybe the smartphone doesn't download as fast as the PC?

              What does it transfer when it is transferring without the competition?

              The limiter doesn't say "I see two connections I will give them each half." It tries to balance the network as best it can based on the demands of each IP address.

              Without competition it is transferring at 88-90Mbps. If I screw bandwidth down to ~200Mbit then it works as intended, smartphone transfers at maximum speed, but it limits all bandwidth used to ~190Mbit that is not acceptable on 300Mbit symmetrical (275 stable).
              Can you clarify how balancing works in this scenario?

              I just expected something similar to
              @Derelict:

              Huh?

              How do you want it to work? That's the exact behavior expected.

              If you want the first host to get 120Mbps then that's what you set the limiter to. Then you create a child limiter that masks on each source/dest IP address under that. Then you'd get something like:

              120
              60/60
              40/40/40
              30/30/30/30
              24/24/24/24/24
              20/20/20/20/20/20

              etc

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Right but that is if everything else is equal, which it never is.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • w0wW
                  w0w
                  last edited by

                  This does not explain why bandwidth limiting helps, some bottleneck detection mechanism triggers earlier?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    What did you say?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • w0wW
                      w0w
                      last edited by

                      Did you read my previous messages?
                      If I decrease the limiter bandwidth then "equalization" works much better, giving smartphone his maximum transfer rate and limiting PC transfer rate. For example standalone, without competition, transfer for PC is 265Mbps and 89 for smartphone, limiting bandwidth in limiter to 200Mbps gives in result that smartphone transfers with 89Mbps and PC transfers at ~110Mbps with competition. If I set limit at 275Mbps as it theoretically should be set, then smartphone transfers at 45-65Mbps and PC at ~210Mbps with competition, thats why I am asking what is wrong, nothing else.

                      1 Reply Last reply Reply Quote 0
                      • T
                        ThinkPadNL
                        last edited by

                        Is the tutorial from foxale08 still relevant for 2.3.4-RELEASE-p1 ?

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          Looks fine.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • C
                            clacker
                            last edited by

                            Justed wanted to say a big thankyou to foxale08!

                            I had setup the limiter pretty much as he had with the exception of the source mask…did that and perfectly even sharing on 2.3.4-RELEASE-p1 (amd64).

                            Almost brought a tear to my eye running speedtest on 3 devices and seeing the traffic graph stats so consistent between them.

                            1 Reply Last reply Reply Quote 0
                            • B
                              belt9
                              last edited by

                              https://forum.pfsense.org/index.php?topic=126637.0

                              Read this thread, pfSense 2.4 has fq_codel (via CLI / shellcmd) fur limiters.

                              What this means to you is that it will do exactly what you described in Monowall, but better. It will keep your latency low when when the network is slammed.

                              1 Reply Last reply Reply Quote 0
                              • 6
                                6bizkit9
                                last edited by

                                @foxale08:

                                continued 3

                                Hi,

                                I am new to pfsense. Just wanted to have clarification regarding foxale08 config.

                                I have a 50 mbps internet connection single ISP. I created a limiter and rules to control the traffic to browsing ports (HTTP, HTTPS etc.) I set it up to 30 mbps for bandwidth pool.

                                I altered the default LAN rule based on foxale08 instruction which I created a limiter and rules to 50 mbps this is to maximize and share bandwidth evenly.

                                I didnt assign the remaining 20 mbps to limiter and left it as is, since gaming is not in browsing ports.

                                My expected result:

                                Browsing user1, user2, user3,…= share 30 mbps bandwidth
                                Gaming user1, user2, user3... = will share 20 mbps bandwidth
                                Total bandwidth used = 50 mbps. Using foxale08 config bandwidth will share evenly.

                                Now I just wanted to know if this set up is possible or which rules should go on top?

                                1 Reply Last reply Reply Quote 0
                                • DerelictD
                                  Derelict LAYER 8 Netgate
                                  last edited by

                                  Gaming will have access to all 50Mbit. If you want that behavior then you will have to make a 20Mbit limiter for the gaming traffic.

                                  Chattanooga, Tennessee, USA
                                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • F
                                    fsr
                                    last edited by

                                    I wanted to thank foxale08 for the tutorial images he posted on the first page of this thread. Probably one of the most useful posts on the forum.

                                    I configured this in 2.4.3-RELEASE (amd64), with 3 local adapters and one WAN adapter, and works perfectly.

                                    Now, all the bandwidth is available to any computer, and if it hits the limit, it shares it in a very fair way. Heavy downloads can coexist with normal navigation without any problems, and the bandwidth is used very efficiently all the time.

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      rivasa
                                      last edited by rivasa

                                      Would someone please help in resubmitting @foxale08's solution. It seems to have disappeared from the feed (or at least I cant see it).

                                      Thanks

                                      R 1 Reply Last reply Reply Quote 0
                                      • R
                                        rnmkr @rivasa
                                        last edited by

                                        @rivasa said in Per IP traffic shaping–share bandwith evenly between IP addresses??:

                                        Would someone please help in resubmitting @foxale08's solution. It seems to have disappeared from the feed (or at least I cant see it).

                                        Thanks

                                        Oh yes please. Someone update @foxale08 's solution please.

                                        @fsr said in Per IP traffic shaping–share bandwith evenly between IP addresses??:

                                        I wanted to thank foxale08 for the tutorial images he posted on the first page of this thread. Probably one of the most useful posts on the forum.

                                        I configured this in 2.4.3-RELEASE (amd64), with 3 local adapters and one WAN adapter, and works perfectly.

                                        Now, all the bandwidth is available to any computer, and if it hits the limit, it shares it in a very fair way. Heavy downloads can coexist with normal navigation without any problems, and the bandwidth is used very efficiently all the time.

                                        Could you mind share your configuration?

                                        1 Reply Last reply Reply Quote 0
                                        • F
                                          fsr
                                          last edited by fsr

                                          My configuration is as follows:

                                          You need to create two limiters. One for Download and one for Upload. The mask should be set to "none". The Bandwidth Limit of both should be set to the bandwidth of your connection.

                                          Now, inside of the Download Limiter, you add a queue. The mask should be "Destination Address". The IPv4 mask bits will be 32 (i don't use IPv6, but it's set as 128 mask bits by default).

                                          In my case, i had 3 internal adapters, so i added one queue for every adapter under the Download Limiter.

                                          If you set this right, the screen will show the Download Limiter as a folder, and the queue(s) under it, something like this:

                                          alt text

                                          You then add queue(s) for the Upload Limiter. This is almost identical to the download queues, but you choose "Source Addresses" as the mask.

                                          Finally, you need to add rules to link traffic to every queue. For example, my rule for the LAN adapter looks like this:

                                          It's a floating rule.
                                          Action: Match
                                          Direction: in
                                          Address Family: IPv4
                                          Protocol: any
                                          Source: LAN net
                                          Destination: (NOT your internal networks)
                                          In/Out Pipe: Lan Upload Queue / Lan Download Queue

                                          For additional adapters, just add additional rules, with the corresponding Source.

                                          That's it.
                                          Regards.

                                          K ? 2 Replies Last reply Reply Quote 0
                                          • K
                                            kenpachizaraki @fsr
                                            last edited by

                                            @fsr @foxale08 thanks for the guide i was able to fairly share bandwidth among users.
                                            im reviving old thread. :)

                                            just would like to know if what would be the correct setup if im using vlan.
                                            sample would be below.

                                            ISP1 --- 20Mbps
                                            Vlan1 --- HR
                                            Vlan2 --- Admin

                                            I created the limiter below.
                                            LAN_Upload -- 18Mpbs -- Mask = None
                                            *** HR_Upload -- Mask = Source
                                            *** Admin_Upoad --- Mask = Source

                                            LAN_Download -- 18Mpbs -- Mask = None
                                            *** HR_Download -- Mask = Destination
                                            *** Admin_Download --- Mask = Destination

                                            Firewall > Rules :
                                            Vlan1 > In/Out = HR_Upload / HR_Download
                                            Vlan2 > In/Out = Admin_Upload / Admin_Download

                                            Or I can just use one queue for Vlan1 and Vlan2 since it only has one gateway?
                                            Like one below :

                                            LAN_Upload -- 18Mpbs -- Mask = None
                                            *** Lan_Upload -- Mask = Source

                                            LAN_Download -- 18Mpbs -- Mask = None
                                            *** Lan_Download -- Mask = Destination

                                            Firewall > Rules :
                                            Vlan1 > In/Out = Lan_Upload / Lan_Download
                                            Vlan2 > In/Out = Lan_Upload / Lan_Download

                                            F 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.