Netgate SG-1000 microFirewall

Author Topic: Prioritizing instead of Limiting  (Read 303 times)

0 Members and 1 Guest are viewing this topic.

Offline st.it

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Prioritizing instead of Limiting
« on: February 05, 2018, 04:49:10 am »
Hello, I've been searching for it everywhere and I couldn't find any solution to my question.
How can I prioritize internet Bandwidth to an ip or alias instead of limiting it ?
I would like step by step instruction on how to do that please. Also if possible to set the bandwidth by percentage instead of being set since the internet here is not constant.

Thank you

Online Harvy66

  • Hero Member
  • *****
  • Posts: 2324
  • Karma: +213/-12
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #1 on: February 05, 2018, 07:04:52 am »
There is no way for pfSense to know how much bandwidth is available. Some people using OpenWRT have created a collection of scripts that try to infer how much bandwidth you have, but pfSense does not have any of these because it's meant to be used in Enterprise settings with dedicated bandwidth.

Prioritization is a subset of limiting or shaping. If you limit/shape all of your bandwidth, but some class of your traffic you limit less than some other class of traffic, the one set of traffic will effectively have higher priority. This is a fundamental concept for any shaping/limiting.

Offline st.it

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #2 on: February 05, 2018, 07:08:27 am »
Thank you very clear.
Yes I ended up limiting everyone expect the alias I wanted to prioritize.

Offline captainjackla

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #3 on: February 08, 2018, 10:34:20 pm »
Thank you very clear.
Yes I ended up limiting everyone expect the alias I wanted to prioritize.

How did you make your "limits"?  The only way I found was to add any IP address for the limiter.  Anyone else will have full throttle.

In my case, we will have 50 users, and we need to limit about 30 of them.  My best solution that I can think of is make all of the limited machines with Static IP addresses in the range to limit.  Anyone in DHCP will have full access.

Could there be any other way?

Online Harvy66

  • Hero Member
  • *****
  • Posts: 2324
  • Karma: +213/-12
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #4 on: February 09, 2018, 12:38:57 pm »
You may want to create your own thread for your own situation, but my personal recommendation is to try using Limiters+fq_codel on your WAN interface(s) and see if that solves the issues you're actually having, and not issues you're worried about happening. fq_codel is a great virtually zero-config turn-key solution to most people's woes. It is not turn-key to enable in pfSense yet, but it is technically slated to be completed in 2.4.3, assuming it doesn't get bumped.

Offline SammyWoo

  • Jr. Member
  • **
  • Posts: 40
  • Karma: +0/-0
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #5 on: February 10, 2018, 10:54:56 am »
LIMITING won't be so limiting (punt intended) if it allows % of total bandwidth, rather than a fixed number.

But I disagree with above, Pfsense KNOWS how much bandwidth you got, Traffic Shaper MAKE you to tell it doesn't it?  So OK, SOHO have no guaranteed BW, but since Pfsense makes you input something, at least there is something to go by.

Offline captainjackla

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #6 on: February 10, 2018, 01:05:37 pm »
LIMITING won't be so limiting (punt intended) if it allows % of total bandwidth, rather than a fixed number.

But I disagree with above, Pfsense KNOWS how much bandwidth you got, Traffic Shaper MAKE you to tell it doesn't it?  So OK, SOHO have no guaranteed BW, but since Pfsense makes you input something, at least there is something to go by.

The only way I tested it so far was to enter an IP address in the range for the Limiter. Then change my computer IP to that address.  Run a speed test, and it was right on the money. We have 100/100 internet, I made the limits at 12/6.  And it was right there.  Then I changed my IP address outside the range, it was back to 100/100.  So it worked, but only If I knew the IP addresses or range.  That's why I might have to make those 30 computers with static IP range above my DHCP range.  Then I know exactly which machines are limited.

Online Harvy66

  • Hero Member
  • *****
  • Posts: 2324
  • Karma: +213/-12
    • View Profile
Re: Prioritizing instead of Limiting
« Reply #7 on: February 15, 2018, 08:58:54 am »
LIMITING won't be so limiting (punt intended) if it allows % of total bandwidth, rather than a fixed number.

But I disagree with above, Pfsense KNOWS how much bandwidth you got, Traffic Shaper MAKE you to tell it doesn't it?  So OK, SOHO have no guaranteed BW, but since Pfsense makes you input something, at least there is something to go by.

"So OK, SOHO have no guaranteed BW" exactly the problem. Just because you know your car can go 100mph doesn't mean you can do that during rush hour.