Sharing limiters and child limiters between firewall rules
I understand how to create limiters and child limiters, but I have a question regarding sharing a limiter between different rules.
I have 3 tenants at my property, who during certain hours hammer my connection with VoIP and streaming usage. I currently have a number of pre-defined limiters set to work with, in granular increments, however the two limiters I'm using are –
Up_3_Mbps (Source address)
- qUp_3_Mbps (Source address)
Down_20_Mbps (Destination address)
- qDown_20_Mbps (Destination address)
Each limiter has a child limiter as described above.
I've made 3 firewall pass rules, with the source being an alias for each tenant's devices. The rules have their In/Out pipes defined to the child limiters described above (qUp_3_Mbs / aDown_20_Mbps).
The desired effect is to have all 3 tenants share a 20/3 connection, not to give each a separate 20/3 connection. Am I setting up the rules correctly?
Kindest regards for your advice!
I understand my question may have been answered before, but I'm unable to find a similar thread explaining this, thus the new post. If someone can off-hand recall a post that answers my question, please kindly link it here.
No you would not mask on the parent limiters - just the children. masking on the parent will create a separate pipe for every source/dest IP address.
Thanks for your reply Derelict.
So if I'm understanding you correctly, I should remove the source/destination address mask from the parent limiter (e.g. Up_3_Mbps), and instead set the mask to source on the child limiter (e.g. qUp_3_Mbps). So in my case, if I use the child limiter qUp_3_Mbps on multiple firewall rules, all those rules share that pipe? If I let's say create multiple child limiters under the parent (e.g. qUp_3_Mbps_1, qUp_3_Mbps_2, qUp_3_Mbps_3, etc. etc.) then they would all share a single 3 Mbps pipe?
That is my understanding, yes. You can put multiple interfaces into the same limiter and they will all share that bandwidth as long as they are not masked.
Thank you very much Derelict for confirming. I've now adjusted my firewall rules per your suggestion.