Few questions about pfsense with load balancing and routing



  • Hey everyone,

    I read the FAQ didn't really see anything specific to this in terms of a newbie answer.  I have a few questions.  I'm looking at pfsense as a load balancer, as I have 8 users, and 2 DSL connections.

    My question I couldn't tell is how does load balancing work with pfsense?  Is it more like:

    • 8 users, you 4 are on DSL1 you 4 are on DSL2.  If 2 people from DSL1 go offline it then adjusts and moves one person from DSL2 over to DSL1?

    or

    • 8 users, using TCP/IP settings on each machine I specify which DSL connection they're supposed to use?

    or

    • It's automatic, as in 4 on DSL1, 4 on DSL2.  If a user on DSL1 starts downloading a 100mb file sucking up bandwidth it automatically moved a couple people to DSL2 and so on?

    Or am I totally off with that?  My biggest thing is I just don't want to have to make changes on users laptops in terms of TCP/IP settings since they bring the machines home, and my main reason for this is because I don't want a user to start streaming some music website or something and to have other people suffer from it.

    My other question is in terms of routing.  Do I have any advanced routing capabilities, in terms of saying "For user XYZ's MAC address, 2Mbps is the max Internet speed for them, and for the local network they can use 20Mbps" or something like that?  Really just to deter users from streaming music and youtube and wasting bandwidth for people who really need it.

    Thanks so much!



  • The loadbalancer isn't user-based but connection-based.
    So if one user opens 10 connections to different servers, 5 connections will go to one WAN, 5 connections to the other WAN.

    You don't have to change anything on the users side. It's solely on the pfSense.
    If you want to limit the bandwidth of different users you should take a look at the traffic shaper.
    However as far as i know the traffic shaper in 1.2.3 is not MultiWAN-capable.

    Take a look at 2.0 for this.



  • It's worth mentioning that if your two connections are not identical, you can weight one over the other by adding multiple entries to the LB configuration.

    Even Sharing Example:

    • WAN1
    • OPT1

    60/40 split Example:

    • WAN1
    • OPT1
    • WAN1
    • OPT1
    • WAN1


  • Great thanks, they are identical though, they're from the same ISP but they're both 7mbps ADSL connections same upload/download.



  • Another question though, you mentioned not being able to do the traffic sorting with multiple WANs unless using 2.0.  Would I at least be able to say that a certain MAC address or IP address always be guaranteed to get a certain level of bandwidth?  I have an IP Phone that always needs priority so just wondering if I can do that?



  • @edokid:

    Great thanks, they are identical though, they're from the same ISP but they're both 7mbps ADSL connections same upload/download.

    If they are both from the same ISP: are the WANs in the same subnet?
    Because this will, due to how routing works, not work.
    Depending on the modem you're using you could do NAT on the modem and thus fool the pfSense into thinking there is a different subnet on one of it's WANs.



  • I'm confused, I'm not too sure if they are or not I'd have to check and see in the config.  Not at the office right now but pretty sure they're both 255.255.255.252.  Just confused why that matters, again total newb here.  They're 2 completely separate DSL connections, both have static IP and are paid separately.  I can't log into the modem to change anything it's configured at my ISP.

    If that's the case, you were saying that with multiple WANs only version 2.0 can do traffic shaping?  Load balancing was the main reason I wanted pfsense, as I'm in Toronto but finding an ISP that does more than 7mbps seems impossible, even though I can do 25-35mbps over fiber for residential, so I have 2 DSL connections.  With just 1 DSL connection though what type of control do I have with traffic shaping?  Like can I give only 1-2MBps internet to certain users, or is it more advanced in that I can restrict certain things or?



  • The same subnet mask is fine provided that the two IPs do not end up on the same network.

    For example, 192.168.0.21/255.255.255.252 and 192.168.0.25/255.255.255.252 are ok, but .21 & .22 wouldn't be.



  • Is that something I can send in pfsense or do I have to actually get people to enter their own IP addresses on their machines?  My issue is really that users take their laptops home so I can't use manual IP addressing on the actual units.  Just confused how I would set that.  I guess my other issue though is which is more important, traffic shaping, or just combining the 2 DSL connections with load balancing to get better speed that way.

    Maybe someone can suggest what is best.  Really my goal here is mainly to get the best bandwidth to all users, so that user A isn't downloading a torrent, or streaming music and slowing it down for everyone else.  I figured load balancing with 2 DSL connections would be better, but would traffic shaping be more ideal with 1 DSL connection and just restrict streaming or restrict users to certain speeds?



  • The IP addresses of your DSL connections doesn't have anything to do with your users.  That info would come from your ISP.



  • I'm confused, you're referring to the IP addresses assigned from my ISP?  I thought you meant 192.168 as in my local network.  Why would my ISP assign IP's like that those look like local ones, either way I have static IP so both connections have a static dedicated IP.  I'm not really understanding then what you mean by can't have 2 IPs the same?



  • @edokid:

    I'm confused, you're referring to the IP addresses assigned from my ISP?  I thought you meant 192.168 as in my local network.  Why would my ISP assign IP's like that those look like local ones, either way I have static IP so both connections have a static dedicated IP.  I'm not really understanding then what you mean by can't have 2 IPs the same?

    The addresses I gave were an example of two addresses that would work and two that would not.  Yes, they are non-routable IPs and very unlikely to be given by an ISP (though some service providers, primarily WISPs, do use private addressing for their clients), but the example still stands.

    All I am saying is that your two WAN connections cannot be on the same subnet.  If you are still confused then send me a private message with your IPs and subnet masks for each and I'll tell you if they'll be a problem.


Log in to reply