4. Dynamic Bandwidth sharing 1 LAN Multiple VLANS

Dynamic Bandwidth sharing 1 LAN Multiple VLANS

  • K

    Can someone answer this question?  I have read multiple thread and have gotten different response.

    I have 1 WAN 100/100 up/down.

    I have 3 VLANS

    VLAN 10 10.0.0.0/22

    VLAN 20 172.16.0.0/22

    VLAN 30 192.168.0.0/24

    I would like to give each 33/33 up and down.  But if the bandwidth is available, they can use other VLANs bandwidth until it is needed by other VLANS.

    From what i read, some people say that it can not be done because they are different interfaces.  Is this true?

    Thanks

    0
  • LAYER 8 Netgate

    You could make 100M limiters with /22 child masks. That would put each subnet in its own pipe but should allow each subnet to use what's available.

    Shapers on different sending interfaces have no concept of what the shapers on other interfaces are doing, unfortunately, so they can't work together.

    If you really want to shape that using HFSC you'll need a second pfSense with a transit network to shape them all on one interface.

    0
  • K

    So i guess the real answer is no.  :'(

    0
  • LAYER 8 Netgate

    It just takes more than one node to do it.

    Seems like there ought to be a way to add a "hop" inside pfSense using a loopback interface then shape out that to the various LANs.  It would double the packet processing inside the node and is certainly unsupported, if possible at all.

    0
  • D

    It can be done if you're running 2.1.X and not 2.2.X (because the limiters are broken in 2.2.X).

    What you need to do is to create 2 limiters with 100M bandwidth limit and child queues.
    For the child queues, set the mask to per source (for limiting upload) and per destination (for limiting download).

    In all of your interface tabs, adjust or set the rules (under Advanced) so that the child limiter queues are applied. Take note that you MUST set a rule at the top of the list to bypass internal traffic where need be (otherwise they would be limited too).

    This doesn't restrict each interface specifically to 33Mbps but it does allow the 100Mbps line to be shared equally among all clients.

    0
  • LAYER 8 Netgate

    Right. I was talking Limiters and Shapers as two distinct things.

    Limiters work on 2.2 as long as NAT or other redirection isn't involved on the subject interface.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy