Netgate m1n1wall

Author Topic: Traffic shaper changes  (Read 20939 times)

0 Members and 1 Guest are viewing this topic.

Offline wcoolnet

  • Newbie
  • *
  • Posts: 21
    • View Profile
Traffic shaper changes
« on: November 06, 2006, 08:06:25 pm »
BILLM: Locking topic, please see http://forum.pfsense.org/index.php/topic,2718.0.html for the new thread on this.  Thanks

--Bill

I would really like to see transparent traffic shaping and QOS in pfsense using ALTQ. This would make pfsense extremely popular for voip applications. At the moment m0n0wall is the best traffic shaping bridge that has a nice GUI. In order to achieve better performance than dummynet (with m0n0wall) one has to build a custom openbsd or freebsd firewall and use ALTQ, or buy a commercial application, i.e. Cisco.

This feature would save system admins a lot of time and money.
At the moment I am willing to donate $20. Is anyone else interested in this feature?
I would like to set a goal of $10000 for this feature.


« Last Edit: November 08, 2006, 10:01:36 pm by billm »

Offline wcoolnet

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #1 on: November 06, 2006, 08:12:18 pm »
I changed my mind. I'll donate $200

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: traffic shaping/QOS bridge
« Reply #2 on: November 06, 2006, 08:20:59 pm »
This is a great idea.   Hope some others can find this feature useful and donate.  I know the author of the original shaper is sorta burned out atm so this may get him interested again :)

pfSense will donate 50$ to the project.

Offline billm

  • Administrator
  • Hero Member
  • *****
  • Posts: 731
    • View Profile
    • UCSecurity - Technology discovery and ramblings
Re: traffic shaping/QOS bridge
« Reply #3 on: November 06, 2006, 08:28:27 pm »
BTW, I'm the original author.  I have the test gear for this (if I can figure it out!) and have spent some time thinking about the shaper code recently and have worked on some code that I'm hoping will help us perform layer 7 shaping (a seperate project altogether).  As Scott said, getting the shaper code to the point we're at was kind of time consuming and draining.  If there's serious interest in this, I'm willing to dedicate some time on this.

--Bill
pfSense core developer
blog - http://www.ucsecurity.com/
twitter - billmarquette

Offline sai

  • Sr. Member
  • ****
  • Posts: 383
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #4 on: November 07, 2006, 07:17:17 am »
I've read up on the ALTQ theory and its really mindbendingly  difficult!

Would the new code handle more than one interface? If yes then $100 from me to be added to the bounty.


Offline Numbski

  • Full Member
  • ***
  • Posts: 276
  • FreeBSD/MacOS X nutcase
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #5 on: November 07, 2006, 07:43:12 am »
I'll check around to see if I can rustle up some funding here too.

Offline Christian

  • Newbie
  • *
  • Posts: 19
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #6 on: November 07, 2006, 07:54:56 am »
I'll donate $75, if the new traffic shapper support the following:

- shapping an all interfaces
- shaping traffic inside individual IPSEC tunnels, that is tunnels terminating at the local pfsense box.

I might be able to donate more if it will be somehow possible to route traffic depending on the amount of traffic queueing. What I mean, is something like this:
Route everything through IPSEC tunnel X on Interface 1, prioritise VoIP. If there isn't enough bandwidth available, route everythoing except VoIP through Interface 2 instead of Interface 1.

Christian

Offline wcoolnet

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #7 on: November 07, 2006, 08:20:28 am »
We're at $425  :o

Offline wcoolnet

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #8 on: November 07, 2006, 08:35:12 am »
If interest grows anymore, I think we should have a section on the wiki to keep track of specific features that we want implemented into traffic shaping.

Offline billm

  • Administrator
  • Hero Member
  • *****
  • Posts: 731
    • View Profile
    • UCSecurity - Technology discovery and ramblings
Re: traffic shaping/QOS bridge
« Reply #9 on: November 07, 2006, 10:45:03 am »
I wanted to comment on this one specifically as there are certain limitations.

I'll donate $75, if the new traffic shapper support the following:

- shapping an all interfaces

Consider this on the list.  I'm struggling trying to figure out how to implement this in HEAD with the new bridge infrastructure (you can bridge more than two interfaces...essentially making a firewalling switch)

- shaping traffic inside individual IPSEC tunnels, that is tunnels terminating at the local pfsense box.

This may not be possible.  ALTQ works outbound on the interface.  While we could in theory shape the traffic coming _in_ to your network via the tunnel (assuming you aren't doing tunnel to tunnel routing), the best we could do for outbound is shape the entire tunnel.  The traffic is already encrypted by the time it hits the WAN interface and can't be inspected to see what ports it's on.

I might be able to donate more if it will be somehow possible to route traffic depending on the amount of traffic queueing. What I mean, is something like this:
Route everything through IPSEC tunnel X on Interface 1, prioritise VoIP. If there isn't enough bandwidth available, route everythoing except VoIP through Interface 2 instead of Interface 1.

Hmmm, that digs into kernel space that I don't think I can modify in a satisfactory way.

--Bill
pfSense core developer
blog - http://www.ucsecurity.com/
twitter - billmarquette

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: traffic shaping/QOS bridge
« Reply #10 on: November 07, 2006, 10:55:57 am »
Please, lets keep this thread on track.  I know everyone is excited for new features but this bounty is for a filtering altq bridge only.  We can address the new kitchen sink down the road.

Offline wcoolnet

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #11 on: November 07, 2006, 02:52:07 pm »
To give you an idea of what I need:
T1 line multiple IPs
    |
pfsense (bridge)
    |
router---------------------------------------------------------------
    /                            \                  \                             \
workstation lan ip        mail1        webserv2                  server3(voip)

I need pfsense to manage my bandwidth. Give VOIP the highest priority, mail the lowest, have a fast web browsing experience when the bandwidth is available, etc. So I would need port and ip based shaping.



 

Offline mrt_ok

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #12 on: November 07, 2006, 03:30:49 pm »
hi guys,

I would donate $1000 after my first successful deal with the transparent shaper box.

my requirements are low:
just shaping in bridged mode (two interfaces) to give certain services the QoS they need (e.g. web / citrix / shh etc...)

kind regards,
mrt_ok

Offline wcoolnet

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: traffic shaping/QOS bridge
« Reply #13 on: November 07, 2006, 03:41:38 pm »
Would it be possible to make this work on a larger scale?
For example: OC12 connected to a few hundred servers in a datacenter. PfSense would limit the maximum amount of bandwidth each ip could use...

If this can realistically be done, then the funding options for pfsense would dramatically increase.
This could open the door to companies with lots of money, as they could use pfsense on their own infrastructure.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: traffic shaping/QOS bridge
« Reply #14 on: November 07, 2006, 03:48:29 pm »
hi guys,

I would donate $1000 after my first successful deal with the transparent shaper box.

my requirements are low:
just shaping in bridged mode (two interfaces) to give certain services the QoS they need (e.g. web / citrix / shh etc...)

kind regards,
mrt_ok

Sorry but we need the cash up front.  We have already been fooled into believing this from others and the policy now is half is due up front and half on completion.  With this many people pooling their funds together we will need to gather the money up before starting the project.  Sorry!