Guaranteed bandwidth for IP

  • Hi!

    I´ve been searching this forum and googled a lot.
    But I can´t seem to find the proper setup for my network.

    Here´s the deal:
    I simply need two of my computers to get guaranteed bandwidth
    to the internet all the time. Or complete access, doesn´t really matter.
    Both have static IP:s, I also know the port they are using.

    I started by adding four limiters, in/out guaranteed and max up/download.
    Then I applied them in the rules for both LAN and my VPN connection.
    When doing this, I can´t choose IP in any place.

    Could someone please guide me or point me in the right direction?


  • Limiters are kinda confusing (to me).

    Just setup queues. Guaranteeing download is a bit more unpredictable than guaranteeing upload since the sender controls the flow.

    FYI, you need to assign the packets to a queue/limiters by using a firewall rule to match traffic.

  • My problem seems to be that other services won´t let go
    of their bandwidth. Whenever I start a heavy download to
    test, these two services I´m prioritizing goes down.

    I tried setting up queues and adding a firewall rule, but it just won´t do.
    Or do I miss something..?

    I also tried setting up an alias for two IP and adding a rule, someone told me about it.
    But, no.

    I just want two IP-addresses to always be the first traffic choice.
    Sorry about my cranky way, I´m just frustrated…

    What should I try next?
    Anyone knows of a good guide..?


  • LAYER 8 Netgate

    As far as I know the only way to guarantee bandwidth is HFSC.  Limiters try to guarantee nobody uses more than the specified bandwidth, but there are no guarantees of bandwidth.

    Regardless of the shapers/limiters used, you set the queues then place traffic into the proper queues using firewall rules.

    To guarantee two computers each receive a minimum of bandwidth, I believe you will need two realtime HFSC queues. one for each host.

    As has been said, you cannot control how fast someone sends traffic to you. You can only control how fast the interfaces in your router send traffic.

    Perhaps you should be more specific about the type of traffic you are trying to shape.

  • Ok, there are some security traffic that really need to come through.
    So let´s narrow it down and focus on incoming traffic.
    I don´t think outgoing is a problem.

    I ran the wizard again, this time with HFSC and setup an alias that
    included the two IP:addresses.

    The rules set up for the queues created above.

    Still, when I start some downloading or Netflix, my other traffic drops.

    Is it possible to get a walk-through, anyone?


  • LAYER 8 Netgate

    Not specific enough.  IP addresses, protocols, and ports.

    You expect a walkthrough for your specific situation.  It doesn't exist.

  • Too bad, I'm about to give up.
    Need to step back and get another angle of it…

    Thank you guys,  I'll be back.


  • @stm110:

    Ok, there are some security traffic that really need to come through.
    So let´s narrow it down and focus on incoming traffic.

    Incoming from the WAN side?  You can't control that.
    You can only control what leaves the box.
    What arrives at the box is decided entirely be the sending side.  Furthermore, if what arrives at the box is congesting other traffic arriving at the box, it's just too bad, you can't control that.
    Exceptionally, under specific circumstances, there are techniques to limit the sending of TCP ACKs so that the sending side will quench their output, but this is pretty advanced stuff, and I'm not sure the traffic shaper can help with this.

    If you're dealing with UDP traffic, all bets are off.


Log in to reply