Netgate SG-1000 microFirewall

Author Topic: Multi-WAN and traffic shaping  (Read 164 times)

0 Members and 1 Guest are viewing this topic.

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Multi-WAN and traffic shaping
« on: February 16, 2018, 01:34:32 pm »
Currently, I have a DSL connection providing my WAN connection. I also created  three WAN interfaces for my VPN connections (VPN1_WAN, VPN2_WAN, and VPN3_WAN). On the other side of the equation, I have my LAN and 9 VLANs (although at this time I am only utilizing 5 VLANs). Using the Traffic Shaper Wizard I set up using 4 WAN interfaces and 10 LAN interfaces, when I get to the first part when asked what the upload/download speeds are for the WAN devices, I am at a loss.

My speed in theory is 20Mbps/5Mbps, and after many speed tests, I come up with my numbers (minus 10%) for the first WAN interface. Now should I use the same numbers for the other WAN interfaces or should I just use a single WAN interface when I use the wizard. Because my thinking is that if I use the 4 WAN devices and plug in the up/down speeds, I would assume (assume can be dangerous at times) that pfsense will believe that I have 20Mbps/5Mbps * 4 (or 80Mbps/20Mbps, and just using the advertised speed as opposed to the real speed) rather than just the 20Mbps/5Mbps shared among 4 WAN interfaces.

Since I am on this issues with the Multi-WAN/Multi_LAN, if I make use of (for instance) VOIP, and want to make use of UDP ports 19302-19309, I am assuming that everything ends up as a floating rule and will be handles across the board on all interfaces? I have yet to tackle the traffic issue because of the numerous interfaces, but I am now having issues with things like VOIP, etc, so would like to resolve this.

Any pointer would be greatly appreciated! 

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2341
  • Karma: +216/-12
    • View Profile
Re: Multi-WAN and traffic shaping
« Reply #1 on: February 17, 2018, 11:00:01 pm »
The wizard is pretty bad. Other than the default floating rules, I ditched the wizard and did everything myself.

If possible, I'd just use Limiters and setup fq_Codel, which is pain right now but should be a simple check-box soon(tm). Limiters have the benefit of being able to shape ingress, allowing for easy multi-WAN shaping, and fq_Codel is turn-key for nearly every situation with no config other than setting the bandwidth.