Guaranteed Bandwith to a VLAN
-
Thank you very much for your detailed post.
What I don‘t understand is why do VLAN 20 and 21 gets the desired guaranteed bandwidth with this settings (20% for vlan 20, 10% for vlan 21 an 70% for all other vlans)? -
By setting up a limiter with 500Mbit limit and weighted queues underneath that limiter you can ensure that traffic in those queues has access to the desired bandwidth in a scenario where the connection might be maxed out.
In your case, 20% of 500Mbit is 100Mbit, 10% of 500Mbit is 50Mbit, and 70% is 350Mbit. If your connection is connection is saturated this should guarantee that VLAN 20 gets 100Mbit, VLAN 21 gets gets 50Mbit, and the rest of the VLANs share 350Mbit (total = 500Mbit). In a scenario where there connection is not saturated, all VLAN's should have access to the full 500Mbit bandwidth (e.g. if there were only one users in VLAN 21 for instance).
Is this not what you are looking to accomplish?
-
Yes, I thik this is what I want. I had to read your post a few times more :D
When all vlans can download full speed when the bandwidth is not saturated it is cool.
thank you very much. I will try it -
One more question. When I have 2 250Mbit wan connections and load balance it,I can use the same settings used for 1 500Mbit wan connection, because we only make changes in the vlan settings and not in any wan setting right?
-
Great! I think the key thing to understand here is that there is only one limiter with 500Mbit limit and multiple queues sharing that limit. In a scenario where the connection is saturated, the weights on the queues come into play ensuring that the desired bandwidth is available to traffic in those queues.
Now, if you instead wanted to ensure that VLAN 20 and VLAN 21 could never under any circumstances access more than 100Mbit and 50Mbit respectively (even if the 500Mbit connection is not saturated), you'd actually have to setup multiple limiters (one with 100Mbit limit, and one with a 50Mbit limit).
–---------------------
Regarding the WAN load balancing question- I don't have experience setting up limiters under such a scenario. However, I think it may still work for the reason you described. Go ahead and give it a try.
-
So, now I found time to test this scenario in our office.
I had now only 70MBit in down and 20MBit up, but the setting are the same except the weight settings. I have 20 Notebooks connected to several VLANs, and one Notebook that is connected to VLAN 53. This VLAN should have a guaranteed bandwith of 20MBit down/5 Up.
I configured pfSense as you write. Unfortunately it doesn´t work. I start a download of a linux distribution (1,8GB) on all stations, but the bandwith is on all machines the same (also the Notebook on vlan53). It seems that the queues doesn´t be enabled. I test it with a weigt of 99 (VLAN53) and 1 (all other VLANs.). Also no changes.
Only when I don´t use the queues it works with the limiter. For example: I make a limiter with 20MBit down for VLAN 53 and a other limiter with 1 MBit down for all other VLANs. Than the Notebooks in all other VLANs can download with 1 MBit (for each machine, they don´t share the 1 MBit) and the Notebook in VLAN 53 can download with 20MBit.
But this is not what I want. The Notebooks in all other VLAN should be able to download in full-speed when the Notebook in VLAN 53 does not use the Internetconnection.
Any ideas? -
Does anyone have an idea to fix this problem?
-
pfSense cannot shape across interfaces. (Man, I wish it could).
The only solution I found, was to have a floating rule that put each networks' traffic into a single queue, and put the weights on those queues. It allows for queue1,2,3... to have guaranteed bandwidths, but it does not allow for QoS of different types of data within each queue - so you would not be able to prioritize VoIP packets over HTTP data within queue1, for example.
-
Hi moikerz,
thank you for your reply.
Can you give me a step by step instruction for this? -
Not really, no. I don't currently have it set up in my current environment.
I can tell you to go through the HFSC wizard with as minimal options as possible. You should end up with a basic shaper with 2 LANs, and some firewall rules. You need to trim the basic shaper down to only two "internet" queues (one per LAN), and have those same two queues on the WAN. Then in the Firewall floating rules, remove all of the shaping-related firewall rules, and make two new ones (one for each LAN network) and put that traffic into it's respective queue.