Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Shaper: nested queues

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    4
    1537
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Peter Kaagman last edited by

      Preface:
      I work for a school in the netherlands (http://www.atlascollege.nl). This school is an organisation with 5 separate educational location and 1 central adminstration. Al those locations share 1 Internet uplink of 40mbits. To make sure each of those locations gets its fair share of that bandwidth we have a (linux based with tc) traffic shaper in production. In essence each of the location has a right on 6mbit bandwidth and can borrow from other queues if the other does not utilize their bandwidth.

      To do this we have a Linux box with a couple of bash script implementing iptable and tc rules. This has worked just fine for a couple of years but:

      • we are looking for more ease of use
      • we need to provide for new services (vpn for instance)

      pfSense looks like a serious candidate to replace our current setup. Traffic shaping is heavy on our wishlist. Not the QOS part…. but sharing bandwidth.
      Our shaping model:
      At the moment we have 3 mayor network: WAN, LAN (with at least 6 subnets) and a DMZ. Shaping is done on the LAN interface. The first layer of queues divides between WAN and DMZ. All traffic from the DMZ is assigned to a DMZ queue  being at least 60mbit but borrows from the WAN queue if that one allows it.
      The WAN queue is devided in queues for each of the locations.
      Traffic coming from the DMZ network is assigned to the DMZ queue based on the source ip. Traffic for the locations is assigned to their specific queue based on the target ip.

      pfSense 1.2.3:
      I did not seem able to nest queues in the 1.2.3 version which is vital for my setup.

      pfSense 2.x (the march 3 version):
      In this version I was able to make a hierarchial tree of queues. I saw borrowing from other queues is possible. But where are the rules to assign traffic to a specific queue? Is this still to come in this version?

      In essence my question:

      where is the GUI interface to make rules for shaping

      1 Reply Last reply Reply Quote 0
      • P
        Peter Kaagman last edited by

        owke…. just found it  :'(.... floating rules seems to be the keyword and they are located in te firewall rule section

        1 Reply Last reply Reply Quote 0
        • E
          eri-- last edited by

          Its not limited just to Floating rules.

          1 Reply Last reply Reply Quote 0
          • D
            dusan last edited by

            Every firewall rule is a traffic shaping rule. The keyword is 'queue'.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy