Traffic shaping based in IP address range



  • I set up two limiters for download and upload on IP address range (172.23.1.5-172.23.1.253). Thereafter I added a new firewall rule and assigned the limiter with this rule. I am a little bit confused by the widget which dispalys the data transer. Can I be sure that the down-/upload limiters are used for each single IP and not for the interface. I am asking because the data transfer grafic shows me not more than 700KB for download. I set the limiter to 4Mbit download which is 500KByte. There are many users connected. So I assume to see more than max. 700KByte datatransfer for download on the WAN interface.



  • How did you configure an IP range for your limiters? In the limiter setup itself, you just specify a mask (None, Destination, or Source). I think what you want to do is give your download limiter a Destination mask of 32 and your upload limiter a Source mask of 32, then use firewall rules to assign your LAN hosts in the IP range 172.23.1.5-172.23.1.253 to those limiters. If you configure 32-bit masks on the limiters as described, then you should end up with a new dynamic pipe for each host. See the description for masks on limiters:
    If "source" or "destination" slots is chosen a dynamic pipe with the bandwidth, delay, packet loss and queue size given above will be created for each source/destination IP address encountered, respectively. This makes it possible to easily specify bandwidth limits per host.



  • This post is deleted!


  • @thenarc Thank you very much for the response. It looks much better now. Looks like what I missed was setting a mask of 32 on the down-/upload limiters as you suggested. I just created the limiters and an alias for the IP address range (via Firewall / Aliases) and assigned the limiters and the IP address range (the created alias) to a firewall rule for the LAN interface. Now, after configuring a mask of 32 on the limiters the datatransfer graph shows much more ralistic values.



  • @eambrosch Great! Sounds like it's set up correctly to me. One other option available, which you may already be aware of, is to use the limiters (pipes) without any masks to set an absolute bandwidth limit (as you were seeing originally), and then use one or more queues assigned to the limiters in order to share that bandwidth evenly among multiple clients. However, if you want to ensure that no client ever gets more than 4Mbps, this configuration would not achieve that. Instead, it will attempt to evenly share the total available bandwidth (as set by the limiter) among all clients contending for it. So if there's only one active client, it will get all of the bandwidth. If this is preferred, the simplest way to achieve it would be to add one queue to each of your two limiters (assuming you just have one upload limiter and one download limiter), transfer the mask settings from the limiters to the child queues (so the queues are the ones with the masks set and the limiters have no mask), and then in your firewall rule(s) assign traffic to the queues instead of the limiters. I don't know if this holds any appeal to you beyond your existing configuration, but thought it was worth mentioning.



  • @thenarc Thanks. This is very useful information too. For now I have the configuration which was needed.