Assistance with bandwidth limiting please?



  • Hey all, basically i would like to do bandwith shaping/limiting.. I have a small WISP, my setup is this:

    Internet(WAN) >>> pfSense Box with 2 LAN's (one for my office, the other for external router to service customers)

    My office is on OPT1, the clients on LAN

    I want to give each person an internet experience on 2mb(Down)/512k(Up).. How do i do this so that each user when connected just gets a maximum of 2mb, and no more.. is it the Traffic Shaper function? If so, on which NIC do i traffic shape? Do i select to traffic shape the LAN or the WAN? Was worried that if i traffic shape the WAN, then everyone would share a shaped 2mb connection?


  • Netgate Administrator

    You will be wanting to use limiter pipes:
    http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter

    Steve



  • Thanks for the reply steve. I read through that, and it mentions about pipes and what they are, but doesnt say how i am supposed to create/install them?

    It mentions going to check on the pipes at Diagnostics > Limiter but that menu doesnt exist for me.. 2.0RC2


  • Netgate Administrator

    As a WISP are you using the captive portal? If so then this seems relevant:
    @Traffic:

    The captive portal can setup it's own pipes for each logged in user, no need to set this up manually. Take a look at the captive portal setup page to set this up.

    Ok, I should first say that I've never tried this and it's 1:50AM here but …..

    You first create two pipes, one for upload one for download, set the mask option to source for upload and destination for download. This should create dynamic pipes for each IP using them.
    Then change the firewall rules on LAN adding the advanced in/out option to point at your pipes.

    I imagine this will take some trial and error so you'll probably want to test it on your own traffic first!  ;)

    The diagnostic page will only show after you've created some pipes.

    Steve



  • Yes i will want to use the Captive portal, so i guess that is easier.. I still just cant find where, what section i 'create pipes'..  Thanks for the replies, you have always been very helpful!


  • Netgate Administrator

    Ah yes it's in: Firewall>>Traffic Shaper>>Limiter>>Create new Limiter.

    Good Luck!  ;)

    Steve



  • Ah great, thanks for that Steve, will go and play around with that now..


  • Rebel Alliance Developer Netgate

    I added a note under the limiter setup on the wiki that points to where they are added in the GUI. Not sure how that info was overlooked when the original writeup was done.



  • @stephenw10:

    As a WISP are you using the captive portal? If so then this seems relevant:
    @Traffic:

    The captive portal can setup it's own pipes for each logged in user, no need to set this up manually. Take a look at the captive portal setup page to set this up.

    Ok, I should first say that I've never tried this and it's 1:50AM here but …..

    You first create two pipes, one for upload one for download, set the mask option to source for upload and destination for download. This should create dynamic pipes for each IP using them.
    Then change the firewall rules on LAN adding the advanced in/out option to point at your pipes.

    I imagine this will take some trial and error so you'll probably want to test it on your own traffic first!  ;)

    The diagnostic page will only show after you've created some pipes.

    Steve

    Hey Steve, i have just gotten around to doing this, so in that advanced in/out option.. is the 'in' download and the 'out' upload?


  • Netgate Administrator

    Nope, the other way around it seems:
    @Traffic:

    Once you setup a limiter pipe, the next step is to assign traffic to it by setting the "in/out" option in a firewall rule. Remember that in and out are from the perspective of that interface on the firewall. If you're choosing limiters on the LAN interface, "out" is download speed (traffic from the LAN NIC into the LAN) and "in" is upload speed (traffic from the LAN into the LAN NIC).

    Steve



  • Thanks steve.  One last issue, how do i know that this is actually working?  I mean, i have a bunch of Wireless clients and i dont know if this is actually working or not?  From what i tested before with using rate limiting using the captive portal, it didn't work at all…

    These limiters should make it that no one can download at a higher rate that what i put right? 1500/512 for example..


  • Netgate Administrator

    It should do but like I say I'm not running any limiters so I don't know for sure. Perhaps someone else can advise.

    Steve



  • Thanks for replying anyways. Do you actually know if there is ANY way that i can tell, by user (Antenna) IP i can see what bandwidth speed they are getting or using?


  • Netgate Administrator

    iftop seems quite good for this sort of thing, I've only just discovered it.
    It's a FreeBSD package so you have to install it from the CLI:

    pkg_add -r iftop
    

    Then run it on whatever interface you want, em1 for example:

    iftop -i em1
    

    You have to know what the interface names are not what you may have labled them in pfSense.

    Here's a screenshot of my own traffic. Me downloading a test file and also connected to my pfSense box running iftop.

    Steve




  • Looks good, will give it a whirl.  Does that just show how much the client is downloading currently?

    My  main problem is this. I want to try and sell a 2000k/1000k connection to clients, but i really am having trouble working out what speed connection they are actually getting.. I have been overselling the bandwidth, and am currently waiting on more to be installed.

    What is weird is that i can go to a client, download a test file and get like 150kbps (so 1500k connection basically) but then run a test at www.speedtest.net and it will say download speed 0.20mb!! really slow, ans completely not correct..

    I am pretty new with this stuff, and am finding the hole management dificult.. How to allocate a correct speed to a client, and how to make sure they are getting it..


  • Netgate Administrator

    It's a real time tool but it does have a lot of options.
    I'm not convinced speedtest.net is the best tool. It is able to combine feeds from several wans though if you are testing a loadbalancing setup.
    I don't know how many clients you have or how much profit you are hoping to make (if any) but it might be worth getting some assistance from bsdperimeter.

    It's all good learning experience!  :)

    Steve


Locked