[pfSense] 2 LANs and time based limits
athompso at athompso.net
Fri May 11 07:51:08 EDT 2012
> So am I correct with this scenario :
> 1 - Create the 7a.m. to 6p.m. schedule
> 2 - Create a single limiter, say 20 Mbits/s, with no other option,
> to dedicate 20 Mbits/s to classrooms (so appartments will use the
> remaining bandwidth that is still available when this limiter
> 3 - When creating a rule, I add this rule only to the "classrooms"
> interface, and use the single limiter's name in both the IN and OUT
> drop down lists in the "Advanced features" of rule creation. Then I
> put this rule with "PASS" mode at the top for it to be evaluated
> first (or is it important at all where I put it wrt other rules) ?
> Am I correct ?
> Thanks for your feedback, I've never used limiters before and since
> I'll do this on the production system I'd like to not make too much
> Thanks in advance for your help
That looks right, BUT...
QoS on ADSL is notoriously difficult, and does not usually work quite as
expected. There are implementation issues to blame, as well as a
When you configure your system as described, you will rarely - if ever -
get exactly the results you expected. Aim for "good enough", instead of
"perfect" and you will likely succeed.
First and foremost: you do not directly control what data is being
transmitted to you. You have indirect control over it, at most. To fully
control the downstream (i.e. towards you) traffic flow, you would need to
have a device sitting at the ISP end of the connection implementing your
I have this problem as an ISP; the best traffic shaper in the world can
only *indirectly* affect what comes back down the pipe towards me. I can
easily drop packets once they arrive at my network (and artificially limit
what each client receives), but at that point, why bother, because they've
already consumed the scarce resource: incoming bandwidth.
You *will* be able to control outgoing bandwidth - as long as you never
saturate the ADSL modems' buffers. This means capping the outbound
bandwidth at around 95% of your theoretical upstream; this needs to be
done on the last device before the modem, so I hope your load-balancer can
do this! Depending on how your load-balancer works, the bandwidth you
need to limit to at the pfSense gateway might not be obvious - some
experimentation may be required.
(BTW: for a more detailed explanation of why you need to cap outbound
Assuming you aren't hosting publicly-available services (e.g. a public
webserver or FTP site) standard traffic-shaping tools like what pfSense
provides will probably be good enough for your purposes.
athompso at athompso.net
More information about the List