Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    one real WAN, on two WAN NIC's with different subnet

    Scheduled Pinned Locked Moved
    Traffic Shaping
    2
    3
    415
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digidax
      last edited by

      Hi,
      this is my situation: we have a 10 MBit fiber access, this goes on a switch which is doing split it into two copper ports, going as WAN 1 and WAN 2 into pfsense. On each WAN interface is a /29 public subnet.

      If I do now start the "traffic_shaper_wizard_multi_all.xml", in step 1, I have to set the Setup connection speed and scheduler information for interface WAN#1 and WAN#2. So if I enter for each 10 MBit, I think the scheduler is thinking it has 2x 10 MBit, total 20 Mbit to share but this is not right. If I enter for each 5 Mbit, the sum would be right but then on each interface more than 5 Mbit would be possible?

      What option I will have, to set up a right shaping? Thanks for any useful hints.

      ATB, Frank

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The shaper wizard cannot handle this kind of scenario, for the same reason it can't properly handle shaping on VPNs which share bandwidth with the WAN circuit. There is no concept of links sharing the same bandwidth.

        Limiters and queues might work out better since you could assign the same limiters with a shared 10Mbit/s limit to traffic on both WANs, but that would need some care as well, limiters and multi-wan have a history of not getting along well either.

        Why do you need to present the circuit as two separate interfaces? You can have both of the /29 networks on a single WAN using VIPs if you need to. Or better yet, just use one /29 on WAN and have them route the second /29 to the firewall address in the first.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          digidax
          last edited by

          Thanks about the background info for the shaper function.

          If I would add VIPs from the 2nd interface to the 1st, I have first of all disable the 2nd interface so that I will have not after commit on both interfaces the same IP's, then I have to check my NAT and LAN rules, having the correct destination addresses / gateway address in use. OK, should be possible to do.

          What do you mean with the 2nd hint:
          "Or better yet, just use one /29 on WAN and have them route the second /29 to the firewall address in the first."?
          Can you explain a little bit detailed please?

          Thanks for your help.
          Frank

          1 Reply Last reply Reply Quote 0
          • First post
            Last post