• Hello,

    While deploying basic traffic shaping in my environment (2.3.1-RELEASE-p5 (amd64) Netgate SG-2440 - supporting development in a more tangible way  :)  ) I noticed that Traffic Shaping is limiting VLANs (local) traffic between them to the speeds of my ISP rules. I'm unsure if this is a expected behavior or a bug so I would like to hear from those with more experience than myself with pfsense. I was under the assumption that Traffic Shaping didn't affect LAN-LAN by default.

    My setup:


    • VLANs all on the lan interface

    How to duplicate what I've experienced:

    1- Use traffic shaping wizard for a default multi-lan/wan 30/5
    WAN - 5 Mbps up
    LAN - 25Mbps down
    VLAN1 - 25Mbps down
    VLAN2 - 25Mbps down
    VLAN3 - 25Mbps down
    2- Transfer files from a VLAN to a LAN Server and the speed is actually limited to 25Mbps

    The reason why I assume that this might be a bug is because after the traffic shaping wizard LAN to LAN traffic wasn't affected… what I mean by this is that a server and a client in the LAN could transfer at 1GBps speeds while traffic from a VLAN to the same server on that LAN was limited to 25Mbps! Basically the traffic from VLANs to LAN were all shaped.

    My workaround was to go back to the Root LAN/VLAN traffic shaping rule and set the speed to 1GB/s and then create a floating matching rule where sourcing LAN traffic that isn't LAN/VLAN destined to use the respective queue so that my Internal traffic wasn't limited to 25Mbps.

    Screenshots attached.

    ![Screen Shot 2016-07-18 at 6.56.52 PM.png](/public/imported_attachments/1/Screen Shot 2016-07-18 at 6.56.52 PM.png)
    ![Screen Shot 2016-07-18 at 6.56.52 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-07-18 at 6.56.52 PM.png_thumb)
    ![Screen Shot 2016-07-18 at 6.58.04 PM.png](/public/imported_attachments/1/Screen Shot 2016-07-18 at 6.58.04 PM.png)
    ![Screen Shot 2016-07-18 at 6.58.04 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-07-18 at 6.58.04 PM.png_thumb)

  • Just beware that pf does not distribute bandwidth between multiple local interfaces. For example, as far as pf is concerned, LAN is allowed to download at 25mbps at the same time as VLANs 1,2,3 are each allowed to download at 25Mbps. They will all fight for 25Mbps, and your upstream router will end up doing your traffic shaping for you, instead of pf.

    The only native way to fix is, is to allocate explicit bandwidth to each interface (example, LAN 5Mbps, VLAN1 5Mbps, VLAN2 5Mbps, VLAN3 5Mbps).

    Other than that, to directly answer your question: yes, you have told the interface that it only has access to 25Mbps. So routing between interfaces will subject you to the limit/cap. But routing on the same interface is handled by your downstream switch, so the traffic never gets seen by pf.

    The best way to fix the problem of routing limits, is to set a floating rule, identify the traffic and assign it to a qLink queue, which has a high bandwidth (say, 975Mbps (because 1Gbps - 25Mbps = 975Mbps)).

  • Traffic shaping affects the entire interface. A VLAN is an interface. If you set a VLAN to be 15Mb/s, then ALL traffic will affected. If you want to shape it to recognize LAN-to-LAN flows, then you'll need to configure the queues and firewall rules that way.