Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PRIQ Affecting LAN Networks

    Scheduled Pinned Locked Moved Traffic Shaping
    traffic shaperpriqlan-to-laninternal lan
    2 Posts 2 Posters 33 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      shellbr
      last edited by

      Hello. I have an issue that can be easily reproduced, which leads me to think it's me not understanding how things work and less likely a bug. It goes as follows:
      A switch capable of VLANs
      A pfsense machine with 2 NIC ports where LAN is configured as a trunk between pfsense and the switch. The WAN port doesn't really matter for this test. You could connect it to anything... just so the link shows in UP state and ensure it cannot reach any LAN networks at layer 2.
      pfSense CE 2.8
      Start with a factory default config, then add the following
      1 WAN interface assigned to the first NIC port
      Assign WAN IP or leave DHCP
      Assign LAN IP
      Create 2 VLANs for internal LAN networks. I used VLAN 5 and 6 and be sure to assign the correct parent physical port.
      Configure access and trunk ports on the switch
      Re-assign the LAN to the second NIC port via VLAN 5
      Create a new interface for LAN2 and assign to second NIC via VLAN 6.
      Assign an IP to LAN2
      Connect 2 hosts which have iperf installed; one on VLAN 5 and another on VLAN 6.
      For simple testing, create an any/any rule so VLAN 5 and reach VLAN 6.
      Start iperf in server mode on the host in VLAN 6
      Perform an iperf test from the host in VLAN 5
      Observe the test will complete at full speed of whatever your network links are between hosts.
      Configure a traffic shaper using the multi lan/wan wizard and specify the following
      1 WAN, 2 LAN type interfaces
      LAN1 PRIQ
      LAN2 PRIQ
      WAN PRIQ, download 300 Mbit/s, upload 300 Mbit/s
      VOIP leave default / blank
      Penalty Box default / blank
      Peer-to-Peer blank
      Network games blank
      Raise or lower other: Enable checkbox
      Set a few things to higher and lower priorities just to get some rules and queues created and so the shaper will have something to do
      Filter reload
      Perform an iperf test again from the host in VLAN 5
      Observe the test will complete at 300 Mbit/s

      Why does this happen? Shouldn't only traffic destined for the WAN be limited (or better described, prioritized)? If I understand correctly, PRIQ only prioritizes and does not limit speed directly--speed will get affected if certain traffic has to wait in queue if competing with higher priority traffic. In the environment where I was testing, there was nothing else going on. I see 2 problems: (1) The wizard is configuring things in a way that affects internal LAN to LAN subnets, (2) There was no competing traffic during my test so the shaper should not have affected network performance anyway.

      Hopefully someone can fill in what I'm missing. Thanks for your assistance.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Galactic Empire @shellbr
        last edited by

        @shellbr I know the docs say "It does not care about bandwidth on interfaces, only the priority" but in my experience the limits on WAN and LAN are enforced.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.