Trafficshaping out



  • Hello all!

    I'm back trying out 2.0. It feels good to be back on a stable firewall (been through Vyatta, Astaro and other things I can't remember).

    Ok, what I want to achieve is shaping out and in.
    After what I understand, shaping LAN = download and WAN = upload.
    I use 2 VLANs and can therefore "shape" the download. However, how do I shape the upload with data coming from the VLANs?

    E.g I have 5 Mbps uplink, and VLAN1 shall have guaranteed (CQB) 4 Mbps and VLAN2 should have 1 Mpbs. Using borrow will give them more whenever bandwidth is available.

    Hope somebody can help me out here!

    Brgds,
    Mam



  • I'm assuming you are using pfSense 2.0.

    In this case, the upload and downloads require separate rules.

    In each VLAN interface tab, you set the outbound rule and tag it to the appropriate queue.

    i.e.

    VLAN1 goes to Queue1.  So you'll amend the Allow any any rule to pipe traffic to Queue1.  This affects outbound only (VLAN1 to WAN).

    Do the same for VLAN2 with the appropriate Queue name.

    In CBQ edit the outbound queues accordingly with the commited traffic.  Note that you shouldn't set the commited to 4mbps & 1mbps if your WAN link is only 5mbps.  That is commited and guaranteed per queue and cannot be borrowed by another queue.

    Use the floating rules to set the inbound shaping by setting the destination subnets for VLAN1 and VLAN2 respectively.



  • First of all,

    thank you for answering me.

    Yes, I'm on pfSense 2.0

    What you just told me is probably 100% correct and make sense for other people, but not for me.
    I did not understand too much, nor have I found any good documentation, so I'm kinda lost… This way one of the reasons I went away from pfSense before, but now I really want to make it work.

    Could you please be so kind to give me a bit more detailed explanation?

    Thanks!



  • Ok,

    I've been messing around and still not figured it out.
    I promise to help out on updating Traffic Shaper documentation based on my setup if anybody help me out.

    Please don't force me trying another firewall solution because of the shaper!

    :-(



  • I'm kinda new to pfSense myself. Altho i may understand a little bit of network stuff, the new things are always complex :D

    Besides the configured stuff like forward, dhcp, etc.. In pfSense, you can't think there will be some option available to do what u want, the configurations are sometimes "tricky" and u have to set up some thing and then associate them witch other to obtain the wanted solution.

    At least is what i'm getting so far. So don't give up just now, coz for me this OS was the best i found so far to do network configurations.



  • @mamruoc:

    First of all,

    thank you for answering me.

    Yes, I'm on pfSense 2.0

    What you just told me is probably 100% correct and make sense for other people, but not for me.
    I did not understand too much, nor have I found any good documentation, so I'm kinda lost… This way one of the reasons I went away from pfSense before, but now I really want to make it work.

    Could you please be so kind to give me a bit more detailed explanation?

    Thanks!

    CBQ basically commits (guarantees) a certain bandwidth per queue and there is a priority setting.  When 2 or more queues have exceeded the commited bandwidth, priority is used to determine how much of the remaining bandwidth is allocated (borrowed) to each queue.

    I have no idea how you want to shape your traffic but the most basic is just bandwidth for both VLAN subnets as a whole.

    Let's assume VLAN1 has subnet 10.0.1.0/24 and VLAN2 has subnet 10.0.2.0/24.

    Also assume that you create 2 queues for your shaper ->  qVLAN1 & qVlan2 (set this as default to keep the shaper happy).
    Depending on your needs, set the commited bandwidth accordingly.  You might want to set say 400Kbps and 100Kbps respectively.  This leaves 4.5Mbps of bandwidth for borrowing.
    Change the Priority of qVLAN1 to 4 and qVLAN2 to 1.  This approximates a 4:1 borrow ratio if I recall correctly.
    Note that this needs to be done for both upload and download queue sets.

    Any traffic heading out to WAN for these 2 subnets will have to go through the allow any any rule you'd need by default.
    Under firewall rules, look in VLAN1 tab and find that rule.  Edit it and set it so that the traffic shaping queue is set to qVLAN1.  Ignore the Ack queue for now since that is beyond the current scope and you can change the rules and edit the queues later when you get the gist of the shaper.

    Go to VLAN2 tab and do the same except that you set it to qVLAN2 for the shaper.

    This settles your outbound traffic.

    Now go to Floating rules.
    Make a new rule on quick match.  Set the 'In' interface to WAN and any for protocol.
    Set the Source to any and the destination to 10.0.1.0/24 subnet (VLAN1 subnet).
    Set the queue to qVLAN1.
    Repeat for VLAN2 by changing the destination subnet and queue respectively.

    This settles the inbound traffic to each VLAN.


Locked