4. Multi VLAN Slowdown when Using HFSC

Multi VLAN Slowdown when Using HFSC

  • I

    Hello PF Community.  Thank you for any and all of your inputs and responses.

    I've been dealing with on many pf sense networks.  The issue is able to be recreated in a virtual environment.  I'm not sure if it's something that i'm doing wrong in the shaping configuration or if it is an issue with HFSC shaping on VLANS.  Troubleshooting and bench testing definitely point the finger at the traffic shaping, but i could be configuring the traffic shaping improperly.

    The problem in a nutshell:  Inter vlan traffic (NAT'ing from one subnet to another) goes smoothly.  I'm getting full speeds between vlans without any issues.  As soon I apply HFSC traffic shaping the speeds slow down drastically between vlans.  So I know the issue is definitely with the shaping i'm applying.  I guess i'm wondering if there is anyway to apply shaping to the outbound WAN traffic and not just each interface.  More so looking to balance traffic in real time between the vlans and the WAN internet connection without restricting inter vlan communications.

    0
  • H

    The default queue size is only 50 packets. This does not apply with TS disabled. You probably need to tweak your queue depths since you enabled TS.

    0
  • N

    @ispiff:


    I guess i'm wondering if there is anyway to apply shaping to the outbound WAN traffic and not just each interface.  More so looking to balance traffic in real time between the vlans and the WAN internet connection without restricting inter vlan communications.

    I think the Wizard creates a queue for LAN traffic on the local interfaces that explicitly avoids putting any restrictions on local traffic, so you might confirm that it is working. Is your problem caused by incorrect classification of traffic to the wrong queue? Is the queue bandwidth itself incorrect? Does simply enabling traffic-shaping cause the slow-down? We/you need to figure it out. Look at pftop and other diagnostics to confirm where the problem lies. Share more details.

    A possibly simpler method would be to only create WAN queues, but this will mean only your uploads will be shaped. You could maybe use limiters on WAN to shape downloads (queues only work on outgoing traffic) since limiters are capable of shaping in both directions on an interface.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy