Dual WAN, traffic shaping, policy routing and failover?



  • Hi all,

    I'm going to be moving in a few months and I will have two connections available for my home office.  One is a 1.5/768 ADSL circuit with a block of static IPs (bridged or routed, my work is my ISP, so that's flexible), the other is dynamic cable (Cablevision 10/2).  I will be making my living off these connections and pfsense, so I want to do this right. :)

    What I need:

    -All port 22 traffic goes out the ADSL line if it's up
    -Some other destination IPs and/or ports should go out ADSL if it's up
    -VoIP, don't care where it goes, but it needs priority
    -An OPT interface will have a few low-bandwidth (private) servers with static IPs - only needs to work through ADSL line
    -Bulky and P2P traffic is low priority and should always go out cable if it's up
    -If cable fails, all traffic to ADSL with priority to the VoIP and SSH traffic
    -If DSL fails, all traffic to Cable with priority to the VoIP and SSH traffic
    -If either line fails, notification would be cool

    Above all else, my ssh and voip need to work well - delay/jitter/drops on either drives me batty.

    I currently run 1.0.1 on a 6.0/768 DSL line, very happy with it (especially the shaper).

    Is the above possible with pfsense?  On 1.0.1 or some newer snapshot?

    It's been a long time since I followed the lists, but I seem to remember some problems with dual wan and the shaper (ie: didn't work).  The first thing that comes to mind is how to tell the shaper about two lines with different speeds…

    Anyone else doing something similar?  Where's this dual-wan doc I saw referenced in search results?  Didn't see it as a sticky here.

    thanks all!

    Charles



  • Anyone?  Anyone doing anything close to the above?

    Thanks,

    Charles



  • Lot's has changed since 1.0.1 atm the latest is 1.2RC3 so go test it :)

    Traffic Shaper is on it's way, so if you got a spare $ it might go faster.
    http://forum.pfsense.org/index.php/topic,2718.msg41254.html#msg41254

    -If either line fails, notification would be cool

    From a post a some days ago it sounds like it only will be available in future release unless a bounty or a ugly hack comes a long.

    http://doc.pfsense.org/index.php/MultiWanVersion1.2



  • @sporkme:

    Anyone?  Anyone doing anything close to the above?

    Thanks,

    Charles

    I have a DSL connection (unlimited BW) and a cable connection (60Gig Cap) - just got both of them, even though I've been using pfSense for about 18 months.

    The dual connection works for me.

    I have traffic shaping set to severely adjust traffic - I also have FreePBX and need perfect phone quality (as perfect as voip gets).

    I have certain things (like my PS3) using my cable connection.

    I have a load balancer on so that web pages use the connections alternately to load web pages and graphics.

    Now, my only uncertainty is:

    • Even though things work great, how does traffic shaping work with TWO connections.  If I basically have Two 5 Meg connections, and I download something at 500Kb/second, does traffic shaping slow down the other line.

    Can I traffic shape my DSL line and NOT my cable line?  I don't have any entries for my cable line in my traffic shaping.

    But other than that, it was very easy to set up - deciding which machine gets what line was a simple entry in the Firewall Rules.



  • @parrotscience:

    Now, my only uncertainty is:

    • Even though things work great, how does traffic shaping work with TWO connections.  If I basically have Two 5 Meg connections, and I download something at 500Kb/second, does traffic shaping slow down the other line.

    in 1.2 traffic shaping only works between 2 interfaces, one WAN and one LAN.  The code in 1.3 is promised to be better. There is a bounty , see http://forum.pfsense.org/index.php/topic,2718.msg43304.html#msg43304



  • @sai:

    @parrotscience:

    Now, my only uncertainty is:

    • Even though things work great, how does traffic shaping work with TWO connections.  If I basically have Two 5 Meg connections, and I download something at 500Kb/second, does traffic shaping slow down the other line.

    in 1.2 traffic shaping only works between 2 interfaces, one WAN and one LAN.  The code in 1.3 is promised to be better. There is a bounty , see http://forum.pfsense.org/index.php/topic,2718.msg43304.html#msg43304

    My DSL connection is shaped, limited to say, 450Kb/second according to the rules.

    Does this mean
    My Cable connection could download things at full speed while my DSL connection is still shaped at 450Kb/sec?



  • Multiinterfaceshaping in 1.2 is tricky and not really working. What I do with my 3 wan, 6 lan install at work is to set the downstream in the wizard to the sum of all 3 wans and the upstream to the speed at the real wan upstream. This is working somehow and is giving me at least a little bit of shaping. Actually it's working better than no shaping at all but it's not really reliable or what you might expect from trafficshaping. With this setting it's possible to download at full speed using all WANs with a downloadmanager like downthemall for example. If you set your downstream to the real WAN downstream speed you are limiting everything that leaves at LAN to that speed. Also note that there is no shaping at all on the other lan subnets  with that config.



  • @hoba:

    Multiinterfaceshaping in 1.2 is tricky and not really working. What I do with my 3 wan, 6 lan install at work is to set the downstream in the wizard to the sum of all 3 wans and the upstream to the speed at the real wan upstream. This is working somehow and is giving me at least a little bit of shaping. Actually it's working better than no shaping at all but it's not really reliable or what you might expect from trafficshaping. With this setting it's possible to download at full speed using all WANs with a downloadmanager like downthemall for example. If you set your downstream to the real WAN downstream speed you are limiting everything that leaves at LAN to that speed. Also note that there is no shaping at all on the other lan subnets  with that config.

    Hoba, this solution is good enough for me. Can you help me to understand how to implement this "working somehow" shaping?

    My configuration will be:

    WAN1 (fiber 2Mbps/2Mbps) –----
                                                 
    WAN2 (ADSL 4Mbps/1Mbps) ---------> pfSense ---> LAN (14 users)
                                                  /
    WAN3 (WiMax 1Mbps/1Mbps) ----/

    My primary connection is WAN1 and don't really care about shaping settings for others. Other two WAN links will be used mostly when WAN1 is down.

    My questions are:

    1. If I run traffic shaper wizard and limit traffic for 2Mbps/2Mbps will this limit WAN1? I know that if WAN1 goes down shaper will not work at all, but this is not a problem for me.

    2. What is a working configuration for traffic shaping of WAN1 - load balancing or just failover? I really want to use all WAN connections if this is possible.



  • Run the wizard using interfaces WAN and LAN for up/downstream. Make upstream the real upstream bandwidth of WAN (2 Mbps, maybe a bit less to not be too close to the edge) and downstream the sum of all the WANs downstream ( 2+4+1 Mbps, again, maybe a bit less). You also might want to do some speedtest as I have seen connections often not having the advertised bandwidth.

    You can still use loadbalancing/failover pools and whatever in this setup.


Log in to reply