Simulate a slower Internet connection using Limiters
-
I would like to pretend that one of my (I do multi-WAN) 100/100Mbits/s Internet connection is a 60/20Mbits/s.
Goal is to determine if could migrate to something slower (and cheaper) or not, so I'm willing to restrict the whole Internet connection to 60/20M for some days and see if users complains or not.According to documentation, it can be handled by Limiters.
I have created two limiter :
-
"link20up":
Bandwidth: 20Mbits/s (schedule=none)
Mask: none
No advanced options -
"link60down":
Bandwidth: 60Mbits/s (schedule=none)
Mask: none
No advanced options
And applied limiters changes.
I have created a rule on my WAN_A interface :
-
Protocol: any
-
Source: any
-
Destination: any
-
In/Out: link60down / link20up
Place that rule on top of WAN_A rules and applied rules changes.
I started a SFTP transfer using FileZilla and both FileZilla progress bar and "Status: Traffic Graph" page confirms the Limiter does not works (I can still upload to 40MBits/sec).
I did reset all the states (via "Diagnostics: Reset state" page): Still the same issue.What have I done wrong?
Thanks for any lead.I am using v2.2.5-RELEASE (i386).
-
-
Yes, limiters (actually "dummynet" from FreeBSD) were originally intended for network testing.
Personally, I have had bad luck with limiters. Whether I am unable to configure it properly or that they did not work, I do not know. Configuring limiters is tricky.
You should be able to accomplish your goal with the traffic-shaper queues though. Just use HFSC's "upper-limit" parameter.
-
Would the Trafic Shapper apply limits on one WAN only?
I want to restrict bandwidth of only one of our Internet connection, not restrict the global bandwidth. -
Would the Trafic Shapper apply limits on one WAN only?
I want to restrict bandwidth of only one of our Internet connection, not restrict the global bandwidth.I am too lazy to think atm, but you should be able to limit the upload on one WAN easily, but since I think download must be limited at the LAN you might need to use packet tagging/marking to mark traffic passing through the appropriate WAN, then match that marked traffic at the LAN where it will then be assigned to the appropriate queue.
That may be pure nonsense. I dunno. My brain is off until after New Years.
-
Firewall rules match on the interface where traffic is initiated. In that circumstance, you want the rule with limiters on LAN, not WAN. And you definitely don't want an allow all rule on any WAN interface, that's opening you up to the world.
No need for anything on WANs at all, just specify the limiters on your LAN rule. Match a specific source IP to make it not apply to everything.
-
Your problem is going to be applying the limiters to one WAN only.
What Multi-WAN configuration are you using? Load Balancing or failover or both.
In other words, what are you doing to determine what traffic goes out what WAN link?
-
My multi-WAN is a Load Balancing.
I have no rule that dictates which Internet connection should be used (except for some very specific remote IP).Is why, I as want to limit only one of my WAN, I had placed the limiter-applying-firewall-rule on the WAN_A interface.
If I have to create a firewall rule on the LAN interface, how could I make it limit the WAN_A traffic only?
-
My multi-WAN is a Load Balancing.
I have no rule that dictates which Internet connection should be used (except for some very specific remote IP).Is why, I as want to limit only one of my WAN, I had placed the limiter-applying-firewall-rule on the WAN_A interface.
If I have to create a firewall rule on the LAN interface, how could I make it limit the WAN_A traffic only?
Will packet marking that I outlined above not work?
Apply the mark if the packet is incoming WAN_A.
Then match the mark at the LAN and assign it to queue/limiter.Edit: Changed "WAN" to "WAN_A" to clarify.