Per IP traffic shaping–share bandwith evenly between IP addresses??

Spritzup

I followed the guide, setting my speed correctly. I then loaded up an nzb on my server. Normally this would max out my connection 12-14MB/s, but I was only getting 4.5-5.5MB/s. I then loaded up speedtest on my PC and was getting ~40mbps. At this point I figured that it was splitting my speed as desired, so I stopped the NZB and reran speedtest (multiple times actually) but was never able to get higher than ~40mbps.  I then stopped all traffic from my PC, and started the NZB backup, and same thing, I can't exceed 40-50mbps.

Now the whole time I was running these tests, I was watching my interface traffic, which never exceeded ~50mbps, and I know nothing else was using the network. So either I set it up incorrectly, it's not working correctly, or (and this is my guess) that I have device(s) on the network that are sending just enough data in the background to warrant splitting of my bandwidth.

Somewhat related, but I also have 2 other subnets/vlans, how would I go about setting the limiters in that case? And does this work well with VoIP, or should I also use QoS?

w0w

I have both HFSC shaper and  evenly set limiters by foxale08 guide, but I can not get limiters to work. If I start ookla speedtest simultaneously on 2 IP addresses, one on the PC and second on the smartphone, PC always wins. Standalone running smatphone will score at 90Mbps and PC at 265Mbps, when started simultaneously — PC wants to aggregate all possible bandwidth and eats up to 245Mbps, smartphone drops  to 20Mbps, seems like limiters do not work as desired or i miss something else. I've tried amd64 2.3 and beta 2.4. Any suggestions?

w0w

OK got some progress, I've played with bandwidth values decreasing them and I see some progress in bandwidth share, smartphone is now hits 64Mbps, thats is much better, but could be better anyway.  :)

Derelict

Maybe the smartphone doesn't download as fast as the PC?

What does it transfer when it is transferring without the competition?

The limiter doesn't say "I see two connections I will give them each half." It tries to balance the network as best it can based on the demands of each IP address.

w0w

@Derelict:

Maybe the smartphone doesn't download as fast as the PC?

What does it transfer when it is transferring without the competition?

The limiter doesn't say "I see two connections I will give them each half." It tries to balance the network as best it can based on the demands of each IP address.

Without competition it is transferring at 88-90Mbps. If I screw bandwidth down to ~200Mbit then it works as intended, smartphone transfers at maximum speed, but it limits all bandwidth used to ~190Mbit that is not acceptable on 300Mbit symmetrical (275 stable).
Can you clarify how balancing works in this scenario?

I just expected something similar to
@Derelict:

Huh?

How do you want it to work? That's the exact behavior expected.

If you want the first host to get 120Mbps then that's what you set the limiter to. Then you create a child limiter that masks on each source/dest IP address under that. Then you'd get something like:

120
60/60
40/40/40
30/30/30/30
24/24/24/24/24
20/20/20/20/20/20

etc

Derelict

Right but that is if everything else is equal, which it never is.

w0w

This does not explain why bandwidth limiting helps, some bottleneck detection mechanism triggers earlier?

Derelict

What did you say?

w0w

Did you read my previous messages?
If I decrease the limiter bandwidth then "equalization" works much better, giving smartphone his maximum transfer rate and limiting PC transfer rate. For example standalone, without competition, transfer for PC is 265Mbps and 89 for smartphone, limiting bandwidth in limiter to 200Mbps gives in result that smartphone transfers with 89Mbps and PC transfers at ~110Mbps with competition. If I set limit at 275Mbps as it theoretically should be set, then smartphone transfers at 45-65Mbps and PC at ~210Mbps with competition, thats why I am asking what is wrong, nothing else.

ThinkPadNL

Is the tutorial from foxale08 still relevant for 2.3.4-RELEASE-p1 ?

Derelict

Looks fine.

clacker

Justed wanted to say a big thankyou to foxale08!

I had setup the limiter pretty much as he had with the exception of the source mask…did that and perfectly even sharing on 2.3.4-RELEASE-p1 (amd64).

Almost brought a tear to my eye running speedtest on 3 devices and seeing the traffic graph stats so consistent between them.

belt9

https://forum.pfsense.org/index.php?topic=126637.0

Read this thread, pfSense 2.4 has fq_codel (via CLI / shellcmd) fur limiters.

What this means to you is that it will do exactly what you described in Monowall, but better. It will keep your latency low when when the network is slammed.

6bizkit9

@foxale08:

continued 3

Hi,

I am new to pfsense. Just wanted to have clarification regarding foxale08 config.

I have a 50 mbps internet connection single ISP. I created a limiter and rules to control the traffic to browsing ports (HTTP, HTTPS etc.) I set it up to 30 mbps for bandwidth pool.

I altered the default LAN rule based on foxale08 instruction which I created a limiter and rules to 50 mbps this is to maximize and share bandwidth evenly.

I didnt assign the remaining 20 mbps to limiter and left it as is, since gaming is not in browsing ports.

My expected result:

Browsing user1, user2, user3,…= share 30 mbps bandwidth
Gaming user1, user2, user3... = will share 20 mbps bandwidth
Total bandwidth used = 50 mbps. Using foxale08 config bandwidth will share evenly.

Now I just wanted to know if this set up is possible or which rules should go on top?

Derelict

Gaming will have access to all 50Mbit. If you want that behavior then you will have to make a 20Mbit limiter for the gaming traffic.

fsr

I wanted to thank foxale08 for the tutorial images he posted on the first page of this thread. Probably one of the most useful posts on the forum.

I configured this in 2.4.3-RELEASE (amd64), with 3 local adapters and one WAN adapter, and works perfectly.

Now, all the bandwidth is available to any computer, and if it hits the limit, it shares it in a very fair way. Heavy downloads can coexist with normal navigation without any problems, and the bandwidth is used very efficiently all the time.

rivasa

Would someone please help in resubmitting @foxale08's solution. It seems to have disappeared from the feed (or at least I cant see it).

Thanks

rnmkr

@rivasa said in Per IP traffic shaping–share bandwith evenly between IP addresses??:

Would someone please help in resubmitting @foxale08's solution. It seems to have disappeared from the feed (or at least I cant see it).

Thanks

Oh yes please. Someone update @foxale08 's solution please.

@fsr said in Per IP traffic shaping–share bandwith evenly between IP addresses??:

I wanted to thank foxale08 for the tutorial images he posted on the first page of this thread. Probably one of the most useful posts on the forum.

I configured this in 2.4.3-RELEASE (amd64), with 3 local adapters and one WAN adapter, and works perfectly.

Now, all the bandwidth is available to any computer, and if it hits the limit, it shares it in a very fair way. Heavy downloads can coexist with normal navigation without any problems, and the bandwidth is used very efficiently all the time.

Could you mind share your configuration?

fsr

My configuration is as follows:

You need to create two limiters. One for Download and one for Upload. The mask should be set to "none". The Bandwidth Limit of both should be set to the bandwidth of your connection.

Now, inside of the Download Limiter, you add a queue. The mask should be "Destination Address". The IPv4 mask bits will be 32 (i don't use IPv6, but it's set as 128 mask bits by default).

In my case, i had 3 internal adapters, so i added one queue for every adapter under the Download Limiter.

If you set this right, the screen will show the Download Limiter as a folder, and the queue(s) under it, something like this:

You then add queue(s) for the Upload Limiter. This is almost identical to the download queues, but you choose "Source Addresses" as the mask.

Finally, you need to add rules to link traffic to every queue. For example, my rule for the LAN adapter looks like this:

It's a floating rule.
Action: Match
Direction: in
Address Family: IPv4
Protocol: any
Source: LAN net
Destination: (NOT your internal networks)
In/Out Pipe: Lan Upload Queue / Lan Download Queue

For additional adapters, just add additional rules, with the corresponding Source.

That's it.
Regards.

kenpachizaraki

@fsr @foxale08 thanks for the guide i was able to fairly share bandwidth among users.
im reviving old thread. :)

just would like to know if what would be the correct setup if im using vlan.
sample would be below.

ISP1 --- 20Mbps
Vlan1 --- HR
Vlan2 --- Admin

I created the limiter below.
LAN_Upload -- 18Mpbs -- Mask = None
*** HR_Upload -- Mask = Source
*** Admin_Upoad --- Mask = Source

LAN_Download -- 18Mpbs -- Mask = None
*** HR_Download -- Mask = Destination
*** Admin_Download --- Mask = Destination

Firewall > Rules :
Vlan1 > In/Out = HR_Upload / HR_Download
Vlan2 > In/Out = Admin_Upload / Admin_Download

Or I can just use one queue for Vlan1 and Vlan2 since it only has one gateway?
Like one below :

LAN_Upload -- 18Mpbs -- Mask = None
*** Lan_Upload -- Mask = Source

LAN_Download -- 18Mpbs -- Mask = None
*** Lan_Download -- Mask = Destination

Firewall > Rules :
Vlan1 > In/Out = Lan_Upload / Lan_Download
Vlan2 > In/Out = Lan_Upload / Lan_Download