Shapinq + dual wan

  • I understand this can't be done with pfSense alone, I currently use a xincom 502 for balancing by ip.  My question is could I use a pfSense box directly lan-side of my 502, let the 502 handle balancing and let pfSense do the shaping and bandwidth throttling at the CPEs?  What setup troubles might I face?

  • This is possible. However you can't use bridgemode at the pfsense if you need trafficshaping. I suggest using a double NAT setup.

  • Replacing the 502 with another pfSense box would then allow me 3 or more wans and the shaping done in a second pfSense box.  Has anybody tried this?  The solution seems rather straightforward. Too easy. I'm supicious. ???

  • The problem with this type of setup is that you only can shape the COMPLETE bandwidth of all 3 WANs. There might be situation where some connections are running at WAN1 and WAN1 is already fully loaded where WAN2 and WAN3 are more or less idle. However, your trafficshaper will think, hey I can give it more bandwidth and will overload WAN1. This won't give you good shaping. The better attempt would be to have trafficshapers at each WAN and a loadbalancer behind it (you need 4 systems for this kind of setup then :o ) but it would work around this problem.

  • I think I understand, if we are talking about balancing by IP.  That would have been a problem with the 502 anyhow.  Wan side of the pfsense shaper has only one IP so it would go out one pipe regardless of the traffic.  However, if the 502 balancer is set to balance by sessions then wouldn't the pfSense shaper be establishing new sessions as traffic  increases and the 502 balancer send those sessions out the least loaded pipe?  This should work with the 502 balancer, correct?  Now if we swap the 502 Balancer for a pfSense box, can it be set to balance by session?  I'm not savvy of the pfSense balancing, I can't say I understand the rules thing yet.

  • pfSense does balance by roundrobin every new connection to the next gateway in the pool. So if you hit a http download at a good server one of your WANs will bel fully loaded while the other one is still idle. I think situations like this can occur with any loadbalancer in front of the trafficshaping pfSense. Trafficshaping when using multiwan is a limitation atm.

  • By roundrobin, does that mean it ignores current loading and adds connections sequentially? None the less, the shaping issues I really need controlled is prioritizing uphill traffic and preserving https connections.  Will the arrangement we discussed accomplish these two tasks? If somebodys download speed drops in half because the network is busy is acceptable.  Losing the network to sombody emailing abunch of pictures or p2p stuff is unacceptable.

  • Yes, it doesn't take care of the load of the lines but just takes the next WAN for the next connection. It will work somehow but it won't help you with highly critical services like VoIP.

  • Thank you kindly, No voipers yet, maybe in the future I can dedicate a pipe to such critical services. For now I think I will try and hope I do not fail miserably.