Limit bandwidth per user or Share bandwidth evenly?

KOM

You do it the exact same way: limiters.

https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/limiters.html

p38016

That link tells me how limiters work, however no instructions for either of the two in my previous post.

So over to the opnsense link again. the instructions for "Limit bandwidth per user" is as follows:

Step 1 - Create Upload and Download Pipes
Create Pipe For Download
enabled: Checked
bandwidth: 5Mbps
mask: destination
description: PipeDown-5Mbps

Step 2 - Create Rules
sequence: 21
interface: WAN
proto: ip
source: any
src-port: any
destination: 192.168.1.0/24
dst-port: any
target: PipeDown-5Mbps
description: ShapeDownload

Good instructions by opnsense here so lets translate this over to pfsense.

1. should mask be "destination" for download and "source" for upload?
2. sequence: 21 where do i put this or is it even needed?
3. proto: ip ip does not exist under protocol in pfsense so what to choose instead?

KOM

I'm not really interested in looking at or translating OpnSense documentation. If you don't understand the docs, you can search for how to do it or perhaps someone else can explain it all. I don't use limiters myself.

Here is a good link that shows various scenarios about limiters and pfSense:

https://www.reddit.com/r/PFSENSE/comments/3e67dk/flexible_vs_fixed_limiters_troubleshooting_with/

johnpoz

What what possible reason are you asking about this here?

You do understand that is not pfsense right.. If you have questions on how to use that software or their documentation you should ask on their forums.

KOM

@johnpoz He is, John. He's asking how to do something in pfSense that he already knows how to do with OpnSense.

@p38016 OpnSense is kind of a dirty word around here. There were some issues between Netgate and the main OpnSense guy.

p38016

@KOM Thanks for the reddit link very informative.

Jimbohello

@p38016

best explication ever

https://www.reddit.com/r/PFSENSE/comments/3e67dk/flexible_vs_fixed_limiters_troubleshooting_with/?utm_source=amp&utm_medium=&utm_content=post_body

anand_phulwani

@Jimbohello I am having issues with flexible limiter and multiple gateway groups, i tried configuring it using floating rules, do you know someone who can help??

Jimbohello

@anand_phulwani

in floating rule !

in/out direction

you will have to test the in/direction on top option and specify the wan group in the field gateway

but before doing so ! you should just test your setting in the lan/rule first !!

then after play arround in the floating rules

anand_phulwani

@Jimbohello I should have been bit clear, i have 3 connections

• 100MBPS
• 40MBPS
• 8MBPS.

My gateway groups are

• 100MBPS_40MBPS_8MBPS
• 100MBPS_8MBPS_40MBPS
• 40MBPS_100MBPS_8MBPS

In Floating rules, i am just trying to match the IN direction first
Action: Match
Interface: Lan
Direction: In
Address Family: IPv4
Protocol: Any
Source: LAN Net
Destination: (Inverse/Not) LAN Net
Gateway: 100MBPS_40MBPS_8MBPS
In pipe: Upload_100MBPS_Queue
Out pipe: Download_100MBPS_Queue

Similar floating rule for 40MBPS_100MBPS_8MBPS with the following changes only
Gateway: 40MBPS_100MBPS_8MBPS
In pipe: Upload_40MBPS_Queue
Out pipe: Download_40MBPS_Queue

Now i have two questions

• Is the floating rule above defined correctly?
• I have read somewhere that for IN/OUT direction we should give IN/OUT queues separately, but defining just an OUT queue for an OUT direction floating rule gives this error "A queue must be selected for the In direction before selecting one for Out too."
• When we have a gateway group with different speeds of each WAN, how can we define fixed pipes.

Thanks for your help.
Anand

Jimbohello

@anand_phulwani
did you follw this simple tutorial

https://www.reddit.com/r/PFSENSE/comments/3e67dk/flexible_vs_fixed_limiters_troubleshooting_with/?utm_source=amp&utm_medium=&utm_content=post_body

Jimbohello

@anand_phulwani

are you using em driver ??

create file
/boot/loader.conf.local - final - best result ever !
if_em_load="YES"
cc_htcp_load="YES"
hw.em.eee_setting="0"
hw.em.rx_process_limit="-1"
hw.em.txd="2048"
hw.em.rxd="2048"
net.link.ifqmaxlen="4096"

the create like my setup

Jimbohello

@anand_phulwani

like my setup

limiter config Download
Codel
FQ_codel
queue lenght 100
ecn enable

limiter Queue Download
Mask / Destination Adresse /32
Codel

limiter config Upload
Codel
FQ_codel
queue lenght 100
ecn enable

limiter Queue Upload
Mask / Source Adresse /32
Codel

limiter on lan rules
in= upload-queue
out=download-queue

if you wan't floating just make the same in floating instead of lan rules but you will have to set the direction to out

that's the best i can do

floating-1.png change black spot with Lan Net
floating-2.png change black spot with Desired Gateway

anand_phulwani

@Jimbohello
I have made the following for sharing bandwidth evenly

• Upload Limiter
  
• Upload Queue
  
• Download Limiter
  
• Download Queue
  
• Floating Rule
  

but it still isn't working, i am using the traffic graphs / online web speedcheck to check for equal division, but it isn't happening.

Thanks again for so much help, you are the first person on the forum who is at least willing to discuss over it.

Thanks again,
Anand

Jimbohello

@anand_phulwani
replace the scheduler for fd_codel instead of worst-case

everything else seem perfecto

but this is for a max limit and not a per/user scenario.

you probably have to reset all state or reboot

if is still not working

try in lan first not floating

Jimbohello

@anand_phulwani
as i understand this is a flexible limit base on per/user/max-limit-all
so if 6 pc download silmutanous pfsense should divise the max of 100M for these 6 pc

if your looking to get a fix limit/per/user
you should check out de tuturial 1er scenario 'FIXED limit'

ciao

BUT i MAY be Wrong ! ain't god ! :)

anand_phulwani

@Jimbohello said in Limit bandwidth per user or Share bandwidth evenly?:

so if 6 pc download silmutanous pfsense should divise the max of 100M for these 6 pc

This is exactly what i am looking for 100M divided equally between active clients.

replace the scheduler for fd_codel instead of worst-case

Done

you probably have to reset all state or reboot

I always reboot first to check.

anand_phulwani

@Jimbohello
I changed it to FQ_Codel, there wasn't any option of FD_Codel.

Jimbohello

@anand_phulwani

sorry my mistake

now

im’ not sure if division would be equal. this will only allow a saruration to 100m and reduce bandwich to other pc if a added pc come into games. etc

you can see if limiter work in limiter info or staus

durianbusuk

@anand_phulwani as your floating rule is direction is 'out', you need to swap your in/out pipes. Place download to the left.

The left slot is always in the same direction as the floating rule direction. In this case, 'out' to the LAN means traffic from the firewall to your LAN devices (download).

Also, use tail drop for your queues; if you check the limiter info you will find that codel doesn't work if you have codel on both queue management and limiter, i.e. it's empty.

Turn off ECN and leave the queue length at default/empty.

From my experience bandwidth needs to be about 90% of speed test results before the even distribution will work.

Lastly, FQ-Codel doesn't distribute bandwidth evenly so stick to WF2Q+. To prove this, start a torrent or a steam download on 1 computer and do a speed test on another. If it works correctly you'll get roughly even bandwidth. FQ_Codel in this scenario, in a 40MBps connection, will have 2-3MBps to the speedtest and the rest to the torrent.