Prioritizing Traffic From Specific LAN Client
-
Hi all,
Hopefully this is a pretty simple ask - but I'm looking to prioritize the upload traffic from a specific server on my LAN.
I have a LAN, WAN, OPT1 and OPT2 for interfaces, and do some gateway routing for traffic on specific ports already.
What I want is to say that any upload traffic from my LAN client IP address of 10.0.0.14 gets the highest priority out of all upload/outbound traffic in the LAN and WAN (final gateway).
The pfsense is a virtual machine running on proxmox. The physical NICs are 2.5Gbps, but the virtual NICs are 10Gbps. Proxmox is just passing a virtual linux bridge as the adapter to the pfsense box.
I don't need bandwidth limiting, I need to say "anything being uploaded from this other device on the LAN gets highest priority (including through the WAN because there's both LAN and WAN connections to this server that need to be prioritized), everything else gets default priority".
I haven't been able to find a reliable guide for this as all guides focus on bandwidth limiting per IP with a generic limiter, and not traffic prioritization. Furthermore this isn't about prioritizing a specific type of traffic like games or VoIP or HTTP - it just needs to be "any upload traffic from this LAN client IP gets highest priority out of everything on the LAN and WAN regardless of final destination".
Hoping someone can help with this. Thanks!
-
@wolfjmz you would most likely need to use ALTQ type qos - where traffic can be assigned into different queues. but your device your wanting to give priority would have to set this on traffic it is sending.
https://docs.netgate.com/pfsense/en/latest/trafficshaper/index.html
Pfsense would then use that setting to determine which queue it goes into.. This is normally based upon the DiffServ setting on the traffic (which would need to be done by sending device).
Keep in mind this sort of traffic shaping really only comes into play when the you are seeing saturation on a link. There is little benefit to letting traffic cut in line so to speak, when there is no real line.
Think of it as a fast pass to get on a ride at the amusement park.. Sure if there is a long line of people waiting to get on the ride, cutting to the front of the line gets you on the ride faster - but if there is no line forming, it doesn't get you on the ride any faster. You just get when you get there.
To use this your interfaces would need to support altq - do they? Not sure about a virtual interface? And your device would need to mark the traffic so pfsense would know what queue to put it in.. Does it go in the fast pass lane, does it just wait in line with the rest of the traffic, or does it go in the hey we will let you on when everyone else has gotten on ;)
Are you saturating the link? Where you would need to be able to cut in line?
-
@wolfjmz this doc section mentions tagging packets for outbound prioritization.
https://docs.netgate.com/pfsense/en/latest/trafficshaper/advanced.html#shaper-rule-matching-tipsI can give a better example later if needed.
-
I agree with John that nobody can offer a comprehensive answer without taking into specific account the actual purpose for...
any upload traffic from my LAN client IP address of 10.0.0.14 gets the highest priority out of all upload/outbound traffic
...that.
-
said in Prioritizing Traffic From Specific LAN Client:
example
LAN rule (tags the packet):
advanced options adds the tag:
Then a floating rule:
to send to VOIP queue:
-
@SteveITS how is that going to help if the interface inbound into pfsense is saturated already.. The traffic would have to wait to get up the stack to the firewall rules to be tagged, before it could even be placed into a queue.
Guess it could help sending it on its way, if the outbound was saturated.
-
@johnpoz Right, it could help outbound on WAN, or for outbound on LAN it doesn't need tagging and that could be done via the shaping wizard. Floating for that direction looks similar:
(dest = VoIP_devices)
