Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simulate a slower Internet connection using Limiters

    Scheduled Pinned Locked Moved Traffic Shaping
    8 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CDuv
      last edited by

      I would like to pretend that one of my (I do multi-WAN) 100/100Mbits/s Internet connection is a 60/20Mbits/s.
      Goal is to determine if could migrate to something slower (and cheaper) or not, so I'm willing to restrict the whole Internet connection to 60/20M for some days and see if users complains or not.

      According to documentation, it can be handled by Limiters.

      I have created two limiter :

      • "link20up":
        Bandwidth: 20Mbits/s (schedule=none)
        Mask: none
        No advanced options

      • "link60down":
        Bandwidth: 60Mbits/s (schedule=none)
        Mask: none
        No advanced options

      And applied limiters changes.

      I have created a rule on my WAN_A interface :

      • Protocol: any

      • Source: any

      • Destination: any

      • In/Out: link60down / link20up

      Place that rule on top of WAN_A rules and applied rules changes.

      I started a SFTP transfer using FileZilla and both FileZilla progress bar and "Status: Traffic Graph" page confirms the Limiter does not works (I can still upload to 40MBits/sec).
      I did reset all the states (via "Diagnostics: Reset state" page): Still the same issue.

      What have I done wrong?
      Thanks for any lead.

      I am using v2.2.5-RELEASE (i386).

      1 Reply Last reply Reply Quote 0
      • N
        Nullity
        last edited by

        Yes, limiters (actually "dummynet" from FreeBSD) were originally intended for network testing.

        Personally, I have had bad luck with limiters. Whether I am unable to configure it properly or that they did not work, I do not know. Configuring limiters is tricky.

        You should be able to accomplish your goal with the traffic-shaper queues though. Just use HFSC's "upper-limit" parameter.

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • C
          CDuv
          last edited by

          Would the Trafic Shapper apply limits on one WAN only?
          I want to restrict bandwidth of only one of our Internet connection, not restrict the global bandwidth.

          1 Reply Last reply Reply Quote 0
          • N
            Nullity
            last edited by

            @CDuv:

            Would the Trafic Shapper apply limits on one WAN only?
            I want to restrict bandwidth of only one of our Internet connection, not restrict the global bandwidth.

            I am too lazy to think atm, but you should be able to limit the upload on one WAN easily, but since I think download must be limited at the LAN you might need to use packet tagging/marking to mark traffic passing through the appropriate WAN, then match that marked traffic at the LAN where it will then be assigned to the appropriate queue.

            That may be pure nonsense. I dunno. My brain is off until after New Years.

            Please correct any obvious misinformation in my posts.
            -Not a professional; an arrogant ignoramous.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Firewall rules match on the interface where traffic is initiated. In that circumstance, you want the rule with limiters on LAN, not WAN. And you definitely don't want an allow all rule on any WAN interface, that's opening you up to the world.

              No need for anything on WANs at all, just specify the limiters on your LAN rule. Match a specific source IP to make it not apply to everything.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Your problem is going to be applying the limiters to one WAN only.

                What Multi-WAN configuration are you using? Load Balancing or failover or both.

                In other words, what are you doing to determine what traffic goes out what WAN link?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • C
                  CDuv
                  last edited by

                  My multi-WAN is a Load Balancing.
                  I have no rule that dictates which Internet connection should be used (except for some very specific remote IP).

                  Is why, I as want to limit only one of my WAN, I had placed the limiter-applying-firewall-rule on the WAN_A interface.

                  If I have to create a firewall rule on the LAN interface, how could I make it limit the WAN_A traffic only?

                  1 Reply Last reply Reply Quote 0
                  • N
                    Nullity
                    last edited by

                    @CDuv:

                    My multi-WAN is a Load Balancing.
                    I have no rule that dictates which Internet connection should be used (except for some very specific remote IP).

                    Is why, I as want to limit only one of my WAN, I had placed the limiter-applying-firewall-rule on the WAN_A interface.

                    If I have to create a firewall rule on the LAN interface, how could I make it limit the WAN_A traffic only?

                    Will packet marking that I outlined above not work?
                    Apply the mark if the packet is incoming WAN_A.
                    Then match the mark at the LAN and assign it to queue/limiter.

                    Edit: Changed "WAN" to "WAN_A" to clarify.

                    Please correct any obvious misinformation in my posts.
                    -Not a professional; an arrogant ignoramous.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.