Shape HTTP Based On Time/Size?



  • Hi Everyone,

    New pfsense user here, but I'm somewhat familiar with shaping.  I have one pfsense box running on my network at work, and I have the following question about shaping:

    How do I prevent large downloads (specifically, http downloads) from swamping out things like web-browsing?

    It seems that since this is http traffic over tcp/ip, I should be able to shape the traffic outgoing on my LAN interface in order to coerce the sender into throttling the large http transfers to a speed that still allows for fairly interactive use (i.e. web browsing).  Am I wrong in this?  And if I'm not, then how do I differentiate between web-browsing http traffic vs. large downloads?  My thought was that I would be able to based on the amount of data transferred over the connection, but I would even settle for a time-based solution (i.e. http connections open longer than x amount of time will be throttled appropriately).

    Perhaps this is not currently possible with pfsense, or perhaps the networking issues I'm seeing aren't necessarily related to these large downloads killing interactivity; however, I suspect that trying to shape the egress traffic for http connections on my LAN interface would do what I want it to do.

    Thanks for reading, any help/comments/suggestions will be greatly appreciated.  Great job on pfsense, otherwise I'm very happy!



  • Use squid.



  • I was under the impression that with RED, the more bandwidth a person is using, the more likely he will be dropped.

    http://www.openbsd.org/faq/pf/queueing.html#red

    "Random Early Detection….When dropping packets, RED randomly chooses which connections to drop packets from. Connections using larger amounts of bandwidth have a higher probability of having their packets dropped. "


Locked