The pfSense Store

Author Topic: Traffic shaper changes [90% completed, please send money to complete bounty]  (Read 267271 times)

0 Members and 1 Guest are viewing this topic.

Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +85/-5
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #360 on: December 02, 2008, 04:29:41 pm »
Can you try a snapshot of 2.0 and use the limiter?
Actually it is dummynet just used with pf.
You might want just a simple layer of dummynet, 2 limiters(pipe) or queues(childs) in dummynet with appropriate src/dst mask which will share the bandiwdth according to online users and you can use ALTQ to prioritize types of traffic like HTTP ACKs better than normal HTTP traffic etc....

We are getting there on protocols shaping(l7 detection) but not finished.

If it is satisfies you in 2.0 i can merge it back on the 1.2.1 build, based on your contribution, i will make available after the 1.2.1 release of pfSense.

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #361 on: December 02, 2008, 05:34:21 pm »
I did not notice it was possible to download a 2.0. I will try to install it, since its not a full release I must first check to see if the network is functional with it for a little while, I really can't afford alot of downtime. I will take a look at it and if it seems to help then I can contribute to get help configuring it properly since I'm not that much of an expert

But just to be sure, you are confident the type of network I have can be handled by this? If so this piece of software is worth alot of money to us and will be rewarded accordingly.. I mean they sell machines that do this for like 3k. This is sort of ip-based traffic shaping right?

I'll post back after I upgrade to 2.0 snapshot

thank you for your reply so quickly

Marc

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #362 on: December 02, 2008, 05:47:17 pm »
Sorry, my first post might have seemed out of context, I now read the entire thread, realized it spanned over a year and understood that you are pretty much done with this and it's included in pfsense2. however, pfsense2 is described as not recommended, I really REALLY want to try it but my 250 users might not like it if it fails, is it stable enough? or am i gonna have to go over there at 2 am next sunday because it crashes?

Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +85/-5
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #363 on: December 03, 2008, 12:45:51 am »
If you want to use it just for shaping and basic firewalling it should be safe to try.

Can you post your requirments so i can give you a suggestion on how-to?
« Last Edit: December 03, 2008, 01:11:27 am by ermal »

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #364 on: December 03, 2008, 10:02:04 am »
Like I said in my first post, it is a very simple network. I am not good with diagrams but I will try my best


Internet          ---> Fiber-to-Ethernet Box ----> pfsense server --------> multiple unmanaged 10/100 switches -----> 250 end users
Point-to-point             10mbit/10mbit                P4 computer                     some with gigabit uplinks                       wireless APs will most         
Fixed Ip                                                         eth0 wan                       most of the network is wired                    likely be added next
to Telco                                                        eth1 lan                          (80%) for 10mbit, rest is 5e                    summer

About the server:

Right now it is doing everything

DHCP, DNS, NAT, Firewall, Traffic Shaper
Should these functions be divided in two computers to have the stable release sharing the internet, and another one shaping the traffic so that there is added redundancy or it is sufficient?

Server is 10.0.10.1 subnet is 10.0.10.xxx to 10.0.11.254

Objective is to offer fast reliable service for basic internet features for students : web, mail, IM, games, web phones/cams. and restrict p2p and other traffic that is clogging the network to a crawl

Recently the wiring was redone, so each floor (1 to 5) has a feeder coming from the first switch to its switch room, then two additionnal switches are connected to each other per floor.

I'm trying to include as much information but I think thats pretty much it

On a side note, the last pfsense I installed was from the "live cd" release. I noticed the 2.0 snapshots only say "alpha alpha". Is the install procedure still similar? Just to know what to expect.

Thank you in advance. Again if this is successful I'd be more than willing to pay you for your trouble and research if you supply me with a "custom" build and some support for setting it up (which is pretty much what you are doing now)

Thank you so much for everything so far!! I feel, and hope this might be the solution of many of my troubles of the past few months

Marc

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #365 on: December 04, 2008, 12:14:22 am »
Tomorrow morning I will go and install 2.0 over there

if you can post a few tips about the installation and configuration of the new features

i.e "limiter", and "http ack queue"

thanks ermal

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #366 on: December 04, 2008, 03:07:35 pm »
i installed 2.0 snapshot today, seems to be working well. However I would like help to configure the shaper and limiter for my needs if you dont mind

thanks in advance

Offline sporkme

  • Jr. Member
  • **
  • Posts: 86
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #367 on: December 06, 2008, 12:37:00 pm »
Howdy,

It's been some time since I've played with pfsense, but right now I've got a hard drive with the "click of death" so I have to reinstall.  For now, I'm trying 1.2.1-RC2, but since I'm now somewhere with a 30/5 and a 6.0/768 connection, I'd really like to try the new filter.  I have not received any updates from Ermal regarding new builds for quite some time.  Is there anything new forthcoming?  Would a basic config from 1.2.1-RC2 work with the older snapshot?

Thanks

Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +85/-5
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #368 on: December 07, 2008, 08:06:41 am »
@sporkme
it is coming as i always said after 1.2.1 is released.

@matermblay
Run a traffic shaper wizard with pfSense for your needs that will take care of the prioritizing of ACK and protocols.
You may look at the rules generated to see if it actually what you expected.
For the limiter you need to decide if you want to divide equally the traffic to each user or youwant to assign more weight to http traffic and than less weight to other traffic.
Give me more details about what policy you need and i will recommend what changes you need to do to filter rules generated by the wizard to integrate the limiter in there.

As i said per protocol shaping/filtering is coming real soon but you can start with this one.

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #369 on: December 07, 2008, 11:00:50 am »
@ermal

thank you for your reply, I ran the shaping wizard but it stopped all traffic, then I saw another post that said it was looking at the "queue status" page that did this, so i will try running it again without looking at the queues monday, which wizard do you suggest i run based on my setup?

also in previous posts you told me i could increase http performance by making a http ack queue, could you teach me how please?

As for the limiter i tried setting the pipes but it did not do anything i must be doing it wrong. I would like to prioritize http but if it doesnt work i will split bandwidth to everyone equally.. something alongthe lines of 800kbitdownload/400kbit upload for all

thank you for your help

Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +85/-5
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #370 on: December 08, 2008, 08:06:46 am »
The ACK queue is created by the wizard and you can take a look at the rules generated the use that queue.
It will become clear when you see it configured.

For the limiter yes you created it but you have to apply it in the rules on the 'In/Out' section.
Depending on the needs.

Offline matremblay

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #371 on: December 08, 2008, 11:20:45 am »
sorry i dont know if i am stupid or something but i really dont get the limiter. where is this in/out section?

I added the queues, checked the "enable" box, saved, and clicked apply settings
nothing, i can still download at 1000KB


Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +85/-5
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #372 on: December 08, 2008, 02:43:35 pm »
In the rules! Firewall->Rules

Offline kapara

  • Hero Member
  • *****
  • Posts: 934
  • Karma: +15/-0
    • View Profile
Re: Traffic shaper changes [90% completed, please send money to complete bounty]
« Reply #373 on: December 10, 2008, 12:58:58 am »
@ermal

Never got the PM about the traffic shaper to try out.   ???

Thanks
Skype ID:  Marinhd

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
This bounty is completed, for support, head to the 2.0 board.