General Questions (is traffic shapping ok for my networks)



  • Hello Everybody,

    Since a few months I'm "studying" PFsense in order to use it on 3 sites (>50 users/site). So I take a look at the different features and try the ones that may fit my needs in order to confirm PFsense fits my needs.

    Of course, my questions are about QOS and traffic shapping.
    My sites look like this:
    5 VLANs
    vlan1
    vlan…
    vlan5
    2 WANs
    WAN
    opt1

    Before posting here I have read and searched on the forum, the wiki (but I probably did not understand everything). Despite my readings there is a major point that did not fully understand (Q3) and 2 smaller questions (Q1 and Q2).

    Here are the questions for wich I didn't find answers (or I didn't understand...)

    Q1. Traffic Shapper alocate bandwidth but is it possible to give priority in terms of flow and speed rather than bandwidth?

    Q2. Do I have to reboot after I have ran wizzard?

    Q3. I've read many times that traffic shapper don't manage multi-wan and only work with 2 interfaces. I would like to have more details on this point:

    Q3.1 So it is impossible to shappe traffic between VLAN 1 and 2 WANs (so loadbalancing at the same time)
    It is also impossible to shappe traffic between VLAN 1 and 2 VLANs
    In other words those configs would be impossible:

    • VLAN1 <- QOS -> VLAN2-5
      or
    • VLAN1 <- QOS -> WAN-OPT1
      Am I right at this point?

    Q3.2 But is it possible to have QOS between 1 VLAN and 1 of the 2 WANs (as there are 2 WANs)
    Is it possible to have QOS between 1 VLAN and 1 other VLANs (in a multi VLANs site)
    In other words would those configs be possible:

    • VLAN1 <- QOS -> VLAN2
      or
    • VLAN1 <- QOS -> WAN

    Q3.3 Further, can I have several shapping rules for several pairs of interfaces:

    • VLAN1 <- QOS -> VLAN2
    • VLAN1 <- QOS -> WAN

    or

    • VLAN1 <- QOS -> VLAN2
    • VLAN1 <- QOS -> VLAN3

    I wish my questions were detailed enough and not too stupid...

    At least note that I am trying pfsense 1.2.2

    Thanks a lot for your advises, informations, feedback any iformation.



  • Hello earth-people!!!

    Lots of readings for my post…

    I guess you think "try and you'll see by yourself..." That's right!... but my VLAN capable switch is gone (snif snif) so I can't do tests on this point for a wile...

    Another point, the few "tests" I had time to do were with the wizzard (I give this information because I have read that only wizard config would be "supported").

    At least if my questions are so silly, or my english not understandable don't hesitate to tell me. Or if you don't understand why I ask those questions...

    Thanks for reading

    D



  • Damn, I'm lonely at the office and there is no more life on the web

    Holiday people, don't go out, stay indoor, sun's rays are bad, they will hurt your skin.
    My advise, stay close to your screen, rise your karma and… HELP ME

    D



  • Hello,

    It seems my topic interest a lot of people but no answer…

    • If my questions are stupid, don't hesitate to tell me
    • If you need more informations don't hesitate
    • If you don't understand my questions, tell me and I will try to use other words
    • If you have informations regarding one of my questions (not every), it does interest me very much too

    Thanks in advance for your help

    D



  • We are not alone he he

    some answers ..

    Q1. Traffic Shapper alocate bandwidth but is it possible to give priority in terms of flow and speed rather than bandwidth?
    You can use delay pools from squid too..

    Q2. Do I have to reboot after I have ran wizzard?
    It's better but you can just reset the states ..

    Q3. I've read many times that traffic shapper don't manage multi-wan and only work with 2 interfaces. I would like to have more details on this point:
    You can use 2 boxes better..



  • In theory the limiter could be used to setup a dynamic pipe/queue for each flow (sort of) through the router.  That would let you set the exact bandwidth each flow would be allowed to use.  pfSense doesn't currently support doing that via the gui though, probably for good reason.

    Take a look at the dummynet documentation at http://www.dummynet.com/

    Dynamic queue creation: mask …

    It is possible to associate a mask to a pipe so that bandwidth and queue limitations are enforced separately for packets belonging to different flows.

    The mask command lets you specify which parts of the following fields contribute to identify a flow:

    [proto N] [src-ip N] [dst-ip N] [src-port N] [dst-port N]

    where N is a bitmask where significant bits are set to 1. You can specify one or more masks, or the all keyword to mean that all fields are fully significant.
    The default (when no mask are specified) is to ignore all fields, so that all packets are considered to belong to the same flow.

    Whenever a new flow is encountered, a new queue (with the specified bandwidth and queue size) is created.

    WARNING!!! the number of dynamic queues that can be created in this way can become very large. They are accessed through a hash table, whose size you can define using the buckets NN specifier after the mask command.

    This would probably be pretty resource intensive to keep up, it probably isn't suitable for actual real life use.


Log in to reply