Separate queues on WAN and LAN, why…?
-
I went in some deep dive of how ALTQ works and PF in general. To me there doesn't really seem a reason why you would do separate queues on WAN and LAN interfaces… Other than you have physical ports you want to shape the traffic from with different priorities.
Cause if it's only the internet you want to shape, one list of queues in the WAN and a rule set to point every lan in the desired queue should be enough in my opinion. You don't need it to be enabled in the interface to direct it into it.
Also it's not that it would threat WAN and LAN as up/down or something. That's not how ALTQ works, there doesn't seem any split in upload / download that I can see. Just deciding which packets get processed first by the firewall.
So my question sort of is why? Or what are the opinions here?
-
You seem to be make some assumptions with what you're talking about and you're leaving out the details and reasoning. At an abstract level, many of us understand how the queues in PFSense work and it seem reasonable. The only reason it would not seem reasonable is because of an incorrect assumption on your part or something you think could be simplified, but you have not really made much of that clear.
One thing that I do clearly see if you talk about upload and download. Technically, you can only shape egress traffic. Practically, you can shape download traffic, but it gets messy code-wise. It's easier just to shape data leaving. In this way, you have a separate queue for WAN and LAN so you can shape data leaving each interface.