Limiter seems to be ignored. Cumulative outbound bandwidth is greater than limiter.

  • I have a server rack at a co-location facility. Within the rack are various servers on different VLANs. VLANs defined within pfSense. Whenever the cumulative outbound (from perspective of the LAN) throughput goes over 20Mbps we get charged by the colo facility. Of late, it has been adding up to quite a bit of money.

    Goal is to set a cap on cumulative outgoing bandwidth to a ceiling of 20Mbps.

    I'm aware of the difficulties of limiting bandwidth when using squid. Not using squid.

    When I run a speedtest on a server behind the pfSense, I can see that the limiter is active and "slowing" down the outbound throughput. But when I watch the traffic graphs for WAN I can clearly see my outbound going above 20Mbps.

    In this particular example I turned the limiter down more to a measly 10Mbps just to be sure I wasn't getting spikes and then the limiter catching up.

    I put the limiter under the floating rules:

    Float rule on all interfaces except for "sync":

    Here is the "advanced" rule part where the limiter is applied:

    Shown below is the limiter that should be working but seems to be ignored. The "in" and the "out" limiters are both the same settings just labeled differently.:

    Any pointers on whats going on and why the cap of the limiter is being ignored?


  • Interesting.

  • I'm not very familiar with limiters, but my guess is the configured mask is causing multiple limiters to be created, each one limited to 10Mb, but unlimited in aggregate.

  • @harvy66 Thanks. Are you suggesting that I adjust the "mask" within the limiter?
    Mask: Destination address
    IPv4 mask bits: 32 (?)

    If I did that, then that sounds to me like it is a limiter pipe per outbound destination - meaning that each outbound connection gets the 10Mb cap. (?) I'll review in the online book for pfSense and read up more on it.