Traffic shaper changes
-
If interest grows anymore, I think we should have a section on the wiki to keep track of specific features that we want implemented into traffic shaping.
-
I wanted to comment on this one specifically as there are certain limitations.
I'll donate $75, if the new traffic shapper support the following:
- shapping an all interfaces
Consider this on the list. I'm struggling trying to figure out how to implement this in HEAD with the new bridge infrastructure (you can bridge more than two interfaces…essentially making a firewalling switch)
- shaping traffic inside individual IPSEC tunnels, that is tunnels terminating at the local pfsense box.
This may not be possible. ALTQ works outbound on the interface. While we could in theory shape the traffic coming in to your network via the tunnel (assuming you aren't doing tunnel to tunnel routing), the best we could do for outbound is shape the entire tunnel. The traffic is already encrypted by the time it hits the WAN interface and can't be inspected to see what ports it's on.
I might be able to donate more if it will be somehow possible to route traffic depending on the amount of traffic queueing. What I mean, is something like this:
Route everything through IPSEC tunnel X on Interface 1, prioritise VoIP. If there isn't enough bandwidth available, route everythoing except VoIP through Interface 2 instead of Interface 1.Hmmm, that digs into kernel space that I don't think I can modify in a satisfactory way.
–Bill
-
Please, lets keep this thread on track. I know everyone is excited for new features but this bounty is for a filtering altq bridge only. We can address the new kitchen sink down the road.
-
To give you an idea of what I need:
T1 line multiple IPs
|
pfsense (bridge)
|
router–-------------------------------------------------------------
/ \ \
workstation lan ip mail1 webserv2 server3(voip)I need pfsense to manage my bandwidth. Give VOIP the highest priority, mail the lowest, have a fast web browsing experience when the bandwidth is available, etc. So I would need port and ip based shaping.
-
hi guys,
I would donate $1000 after my first successful deal with the transparent shaper box.
my requirements are low:
just shaping in bridged mode (two interfaces) to give certain services the QoS they need (e.g. web / citrix / shh etc…)kind regards,
mrt_ok -
Would it be possible to make this work on a larger scale?
For example: OC12 connected to a few hundred servers in a datacenter. PfSense would limit the maximum amount of bandwidth each ip could use…If this can realistically be done, then the funding options for pfsense would dramatically increase.
This could open the door to companies with lots of money, as they could use pfsense on their own infrastructure. -
hi guys,
I would donate $1000 after my first successful deal with the transparent shaper box.
my requirements are low:
just shaping in bridged mode (two interfaces) to give certain services the QoS they need (e.g. web / citrix / shh etc…)kind regards,
mrt_okSorry but we need the cash up front. We have already been fooled into believing this from others and the policy now is half is due up front and half on completion. With this many people pooling their funds together we will need to gather the money up before starting the project. Sorry!
-
Would it be possible to make this work on a larger scale?
For example: OC12 connected to a few hundred servers in a datacenter. PfSense would limit the maximum amount of bandwidth each ip could use…If this can realistically be done, then the funding options for pfsense would dramatically increase.
This could open the door to companies with lots of money, as they could use pfsense on their own infrastructure.Per user bandwidth is a little more difficult. ALTQ does not have a per user distribution classifier so it would require a rule and queue for every user which is not doable in your case (it sounds like).
-
Would it be possible to limit any connection to any server to something like 10Mbps?
-
Would it be possible to limit any connection to any server to something like 10Mbps?
Yes. 1 rule + queue.
-
Question:
100 servers connected to oc12. all are web servers. 1 server is experiencing a traffic spike and receiving thousands of connections.Is there no way to prevent a single server from hogging the entire oc12, using altq?
-
Again, 1 queue and 1 rule per server or ip.
-
Question:
100 servers connected to oc12. all are web servers. 1 server is experiencing a traffic spike and receiving thousands of connections.Is there no way to prevent a single server from hogging the entire oc12, using altq?
You'll need a queue per server (I expect that we'll need a wizard for that…or a way to branch the existing wizard code...not terribly difficult) to make this work. Then all you do is specify realtime guarantee's on each queue such that each web server is guarantee'd a certain amount of bandwidth, but could burst to whatever limit you set (or don't set).
--Bill
-
hi guys,
I would donate $1000 after my first successful deal with the transparent shaper box.
my requirements are low:
just shaping in bridged mode (two interfaces) to give certain services the QoS they need (e.g. web / citrix / shh etc…)kind regards,
mrt_okSorry but we need the cash up front. We have already been fooled into believing this from others and the policy now is half is due up front and half on completion. With this many people pooling their funds together we will need to gather the money up before starting the project. Sorry!
Just to touch on this…I'm somewhat expecting that I'll be the one working on and claiming this bounty. As Scott mentioned, we've (myself included) had people offer up bounties and then not pay once the work has been completed. If it makes people feel better about fronting some of the bounty, I suspect (I haven't confirmed this with Scott and/or Chris yet) the primary pfSense donations account could be used to escrow the funds which could be returned minus whatever Paypal charges (not sure what type of account Chris has) if the bounty isn't fullfilled. Unless someone knows of a better way to escrow funds of course :)
--Bill
-
I think that would work well
-
For the purpose of getting more people interested in donating to this feature, I think it would be good to get some pricing information for commercial traffic shaping bridges from companys like Cisco or APconnections.
Then we can brag about how much money someone could save. -
Yes, we can use the pfSense account to escrow the money. That would work out well for everyone I would suspect.
-
With several people pooling it would be a good idea for Bill to let us know what he aims to do. Some of the requests may be non-feasible, some may even be in conflict.
-
Hi,
btw I would spent time and efforts to implement this in front.
Have to check if I can get some money for this at front…
with my customer
mrt_ok
Update: I guess I can gather that money (50%) in front. Bill, do you have an idea how long it takes to do this? I mean I cannot spend money in front without a schedule.
-
Hi,
btw I would spent time and efforts to implement this in front.
Have to check if I can get some money for this at front…
with my customer
mrt_ok
Update: I guess I can gather that money (50%) in front. Bill, do you have an idea how long it takes to do this? I mean I cannot spend money in front without a schedule.
I am sorry but I guess that you didn't read my entire sentence. With this many people contributing to one bounty, we need 100% of the funds up front. The last thing we need is to gather 50% from everyone and then two people disappear at the right time. It has happened before and we are tired of being burned by good faith agreements. Sorry!