Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic Bandwidth sharing 1 LAN Multiple VLANS

    Scheduled Pinned Locked Moved Traffic Shaping
    6 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kabrutus
      last edited by

      Can someone answer this question?  I have read multiple thread and have gotten different response.

      I have 1 WAN 100/100 up/down.

      I have 3 VLANS

      VLAN 10 10.0.0.0/22

      VLAN 20 172.16.0.0/22

      VLAN 30 192.168.0.0/24

      I would like to give each 33/33 up and down.  But if the bandwidth is available, they can use other VLANs bandwidth until it is needed by other VLANS.

      From what i read, some people say that it can not be done because they are different interfaces.  Is this true?

      Thanks

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You could make 100M limiters with /22 child masks. That would put each subnet in its own pipe but should allow each subnet to use what's available.

        Shapers on different sending interfaces have no concept of what the shapers on other interfaces are doing, unfortunately, so they can't work together.

        If you really want to shape that using HFSC you'll need a second pfSense with a transit network to shape them all on one interface.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • K
          kabrutus
          last edited by

          So i guess the real answer is no.  :'(

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            It just takes more than one node to do it.

            Seems like there ought to be a way to add a "hop" inside pfSense using a loopback interface then shape out that to the various LANs.  It would double the packet processing inside the node and is certainly unsupported, if possible at all.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • D
              dreamslacker
              last edited by

              It can be done if you're running 2.1.X and not 2.2.X (because the limiters are broken in 2.2.X).

              What you need to do is to create 2 limiters with 100M bandwidth limit and child queues.
              For the child queues, set the mask to per source (for limiting upload) and per destination (for limiting download).

              In all of your interface tabs, adjust or set the rules (under Advanced) so that the child limiter queues are applied. Take note that you MUST set a rule at the top of the list to bypass internal traffic where need be (otherwise they would be limited too).

              This doesn't restrict each interface specifically to 33Mbps but it does allow the 100Mbps line to be shared equally among all clients.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Right. I was talking Limiters and Shapers as two distinct things.

                Limiters work on 2.2 as long as NAT or other redirection isn't involved on the subject interface.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.