Will pfSense do what I need?

  • Hey guys,

    I am thinking about using pfSense for a project I may be taking on. Basically I have a 1Gbps internet connection I want to run through pfSense then onto a switch in order to provide internet access to users in different offices. I need pfSense to share the access equally between the different offices, so each office for example will have a 10mbps connection. I also need to monitor the network, I think i can do this with BandwidthD, NTOP, or Darkstat.

    So my questions: Can the bandwidth be split and shared equally among the different offices? What kind of hardware would I need for this? Are there any Examples of this kind of setup?

    I've attached an example of what the setup might look like.

  • Yes, all this can be done in pfSense with the traffic shaper or the limiter. With the limiter, you can hold each subnet to exactly 10mbps. With the traffic shaper, you can hold them to 10mbps if all subnet want full load. They can go above that if the resources are free. As in subnet 1 is only using 5 then subnet 2 can use 15 but will scale down if subnet 1 needs more BW. Not sure of any example setups. As for hardware, perhaps something like this:

  • thanks, I'll try setting up a test system in a VM tomorrow and see how far I get.

  • I can't be sure, but I think limiters place some load on the system, and if you are planning to push 1Gbps for a large number of clients, then you are already pushing the hardware kinda hard.

    As an alternative, you may want to do what my collocation center does and simply get a managed switch (or more than one) and FORCE all interfaces going to your clients to auto negotiate to 10/full.  This will give you the 10Mbps you wanted for your clients, but will do it at layer 2 in hardware, rather than in software with pfSense.  This also has the positive of still letting you set the links between your core switches to 1Gbps/full to avoid bottlenecks…

    Just my $0.02 as they say...

  • Numerous ISPs, and businesses that aren't ISPs but act as one (generally sharing their Internet amongst a building of other tenants), do exactly what you describe. Limiters generally the best for that type of usage, and the easiest to configure.

Log in to reply