Throttle down traffic with HFSC after x seconds



  • I'm searching for a practical method to prevent or limit HTTP/HTTPS cloud uploads from hammering browser requests.  Currently using Cbq on Wan and Prio on Lan.

    I'm finding that shaping various traffic using these two ports is not practical from a destination ip/port method.  Question #1, would the use of HFSC shaping that throttles back to lower throughput after a number of seconds be a better solution?  Question #2, does it throttle back each connection or all traffic into a particular queue?  If all traffic into queue I don't think this is going to help me segregate cloud traffic (non-bursty) from browser traffic (bursty) as both would be throttled back on equal basis.

    Re: http://www.probsd.net/pf/index.php/Hednod's_HFSC_explained

    Thanks.



  • I since answered question #1, that FreeBsd does not provide the ability to modify an active connection to a different shape bucket like Linux can.  That's how I use to deal with heavy port 80 uploads but apparently isn't an option with PfSense.  So I thought I should explore how HFSC handles throttling.

    Nobody has an answer for question #2?



  • The firewall is not connection-aware, it just filters packets.

    Squid works for HTTP traffic only, but it is connection-aware. I vaguely remember that Squid has some limiting/throttling options, but I have no idea if that would useful for you.