Need some help with traffic shaping



  • I'm completely lost on traffic shaping and I'm hoping someone can assist. There simply isn't enough documentation to explain the differences in queues. Even the wizard is confusing. I'm migrating from a Ubiquiti EdgeRouter where shaping was much easier. Basically I'm looking to do the following:

    I'm only looking to limit WAN traffic via IP subnet or VLAN (whichever is easier).

    I have 110Mbit DL and 11Mbit UL on my WAN connection with 6 VLANs.

    Downloads and upload guarantees are essentially the same, the only differences being the maximum values.

    Can anyone assist?  :'(

    Download:
    VLAN1 - 3% guaranteed / 25% max
    VLAN2 - 30% guaranteed / 90% max
    VLAN3 - 20% guaranteed / 80% max
    VLAN4 - 20% guaranteed / 80% max
    VLAN5 - 5% guaranteed / 10% max
    Default - 2% guaranteed / 5% max

    Upload:
    VLAN1 - 3% guaranteed / 50% max
    VLAN2 - 30% guaranteed / 90% max
    VLAN3 - 20% guaranteed / 90% max
    VLAN4 - 20% guaranteed / 90% max
    VLAN5 - 5% guaranteed / 30% max
    Default - 2% guaranteed / 20% max



  • Traffic shaping is only done on the egress of an interface and cannot share bandwidth across multiple interfaces.

    Right now, you have multiple LAN interfaces(VLANs), and I assume one WAN that is shared. You can shape the egress on your WAN interface and you can shape one the individual VLAN interfaces, but you can't shape across the VLAN interfaces.



  • So does pfsense not have a Vayatta equivalent? This is actually extremely easy in Vayatta.

    Can I only shape the WAN per destination IP? Or redirect the interface into an input? Are there any third party packages I can setup to do this?

    In Vayatta, the config would be as follows:

    Upload:

    set traffic-policy shaper UPLOAD bandwidth 11mbit
    set traffic-policy shaper UPLOAD default bandwidth 10%
    set traffic-policy shaper UPLOAD default ceiling 50%
    set traffic-policy shaper UPLOAD class 2 bandwidth 10%
    set traffic-policy shaper UPLOAD class 2 ceiling 50%
    set traffic-policy shaper UPLOAD class 2 match MGMT ip destination address 192.168.2.0/24
    set traffic-policy shaper UPLOAD class 2 description "1st Floor VLAN - Upload"
    
    set traffic-policy shaper UPLOAD class 10 bandwidth 35%
    set traffic-policy shaper UPLOAD class 10 ceiling 90%
    set traffic-policy shaper UPLOAD class 10 match 1st_Floor ip destination address 192.168.10.0/24
    set traffic-policy shaper UPLOAD class 10 description "1st Floor VLAN - Upload"
    
    set traffic-policy shaper UPLOAD class 20 bandwidth 20%
    set traffic-policy shaper UPLOAD class 20 ceiling 90%
    set traffic-policy shaper UPLOAD class 20 match 2nd_Floor ip destination address 192.168.20.0/24
    set traffic-policy shaper UPLOAD class 20 description "2nd Floor VLAN - Download"
    
    set traffic-policy shaper UPLOAD class 30 bandwidth 20%
    set traffic-policy shaper UPLOAD class 30 ceiling 90%
    set traffic-policy shaper UPLOAD class 30 match 3rd_Floor ip destination address 192.168.30.0/24
    set traffic-policy shaper UPLOAD class 30 description "3rd Floor VLAN - Download"
    
    set traffic-policy shaper UPLOAD class 40 bandwidth 5%
    set traffic-policy shaper UPLOAD class 40 ceiling 30%
    set traffic-policy shaper UPLOAD class 40 match Guests_VLAN ip destination address 192.168.40.0/24
    set traffic-policy shaper UPLOAD class 40 description "Guests VLAN - Download"
    
    set interfaces input ifb1 traffic-policy out UPLOAD
    set interfaces ethernet eth1 redirect ifb1
    

    Download:

    set traffic-policy shaper DOWNLOAD bandwidth 110mbit
    set traffic-policy shaper DOWNLOAD default bandwidth 10%
    set traffic-policy shaper DOWNLOAD default ceiling 25%
    
    set traffic-policy shaper DOWNLOAD class 2 bandwidth 5%
    set traffic-policy shaper DOWNLOAD class 2 ceiling 25%
    set traffic-policy shaper DOWNLOAD class 2 match MGMT vif 2
    set traffic-policy shaper DOWNLOAD class 2 description "MGMT VLAN - Download"
    
    set traffic-policy shaper DOWNLOAD class 10 bandwidth 30%
    set traffic-policy shaper DOWNLOAD class 10 ceiling 90%
    set traffic-policy shaper DOWNLOAD class 10 match MGMT vif 10
    set traffic-policy shaper DOWNLOAD class 10 description "1st Floor VLAN - Download"
    
    set traffic-policy shaper DOWNLOAD class 20 bandwidth 25%
    set traffic-policy shaper DOWNLOAD class 20 ceiling 80%
    set traffic-policy shaper DOWNLOAD class 20 match 2nd_Floor vif 20
    set traffic-policy shaper DOWNLOAD class 20 description "2nd Floor VLAN - Download"
    
    set traffic-policy shaper DOWNLOAD class 30 bandwidth 25%
    set traffic-policy shaper DOWNLOAD class 30 ceiling 80%
    set traffic-policy shaper DOWNLOAD class 30 match 3rd_Floor vif 30
    set traffic-policy shaper DOWNLOAD class 30 description "3rd Floor VLAN - Download"
    
    set traffic-policy shaper DOWNLOAD class 40 bandwidth 5%
    set traffic-policy shaper DOWNLOAD class 40 ceiling 10%
    set traffic-policy shaper DOWNLOAD class 40 match Guests_VLAN vif 40
    set traffic-policy shaper DOWNLOAD class 40 description "Guests VLAN - Download"
    
    set interfaces ethernet eth1 traffic-policy out DOWNLOAD
    


  • Your upload seems strait forward. It looks like you have a single WAN multi-LAN setup. With my nearly non-existent understanding of what can be done with virtual interfaces in PFSense, I don't think it is possible to create a download traffic shaper for an interface.

    What you can do is create a traffic shaper on each of your LAN interfaces, but one interface cannot "borrow" bandwidth from another interface, because they know nothing about each other.

    It may be possible with using bridges and stuff, I'm not sure. this would require someone more knowledgeable than I.


  • Netgate

    Before everything gets rehashed again, please read this thread carefully and do a search on the terms you need more clarification on.

    https://forum.pfsense.org/index.php?topic=79589.msg434152#msg434152



  • So at least in Juniper & Vayatta, the VLAN interfaces are actually sub-interfaces of the parent physical port? Is that not the case w/ pfSense?

    If so, couldn't I just apply shaping on the egress interfaces of the WAN and then the LAN port and encompass all the VLAN interfaces by extension?

    Can anyone chime in with another option to possibly bridge these interfaces and how that might work?

    Thanks!



  • They're physically "sub" interfaces, but logically, they are all completely separate.