pfSense Gold Subscription

Author Topic: Limiter with Burst or similar solution needed  (Read 14604 times)

0 Members and 1 Guest are viewing this topic.

Offline caust

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Limiter with Burst or similar solution needed
« on: May 18, 2013, 11:48:03 am »


Greetings,


I'd like to configure traffic shaping where, on a given LAN interface, each Source IP's new connections get a burst of up to 100% of a WAN connections bandwidth for 20 seconds. Then the connection's bandwidth is reduced to a hard limit of 100Kbit/s for the remainder of the connection. 

Can I achieve this affect from configs in the pfSense GUI, or shell on a pfSense 2.0.2 appliance? I can upgrade to 2.0.3 if needed. If not, does anyone have ideas on how closest I can come to satisfying the following use case?

The use case is that we have a Satellite Broadband ISP with the infamous "Fair Access Policy" (FAP). The WAN connection supports resort customers. My goal is to reduce the frequency that the WAN connection is throttled under penalty of breaking FAP thresholds. I hope to achieve this while providing the fastest experience for users who simply browse web pages.

On an unrelated note: Thank you all for the great info in this forum. I've been able to push the limits of pfsense thanks to all the technical info provided within this forum.

caust



Offline caust

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #1 on: May 18, 2013, 04:04:56 pm »



I guess I'm heading down the same path as many before me.

I attempted to use the
Code: [Select]
ipfw pipe config command to add additional masks and the burst setting and I learned two things in the process:

1) For some reason the burst settings are not being honored, or there are other configurations that are negating the burst setting. A number of posts throughout the web indicate the same finding. I was really bummed because this seems to be an ideal solution. We could give each client IP a bw volume quota. Once used, they would have significantly degraded access. I need burst to make that work though.

2) I can see why pfSense only allows one mask type (either src-ip or dst-ip) because as soon as you start pairing masks, dynamic pipes generate like crazy. There is surely a performance cost at scale.

Does anyone know how to get the burst option working with the Limiters? Are there options for generating dynamic queues based on IP when going the "By Interface" and "By Queue" routes for traffic shaper? I noticed the "Queue" options under packet shaper don't appear to make use of the same ipfw queues but are configured elsewhere.

Any suggestions would be appreciated.



Offline SeventhSon

  • Full Member
  • ***
  • Posts: 287
  • Karma: +0/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #2 on: May 20, 2013, 12:26:29 pm »
I think you can actually do this with the HFSC scheduler, you can do things like burst 100% for 20 seconds, after on 10% or something similar.

with these values:

m1:  The amount of bandwidth to allocate to the class for "d" number of milliseconds.
d:  Millisecond time setting described above.
m2:  The max limit for this curve for this class.

Offline caust

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #3 on: May 20, 2013, 10:06:17 pm »
Thanks for replying.

I like that feature of altq. I'm not exactly sure how it behaves in practice then. If many hosts are going through the queue, is it only the first to the queue that experience the burst and then the queue remains at the m2 slope until the queue is momentarily emptied and the m1 slope begins again?

I'd really like the queues to generate dynamically for each source ip. I don't want to penalize normal internet browsing from an ip at all but only penalize a source ip when they begin large downloads... etc.

Offline SeventhSon

  • Full Member
  • ***
  • Posts: 287
  • Karma: +0/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #4 on: May 21, 2013, 10:29:36 am »
you're right, this will be for everything, not per source IP, sorry.

The limiter option doesn't have a burst option in the GUI, I haven't looked into that further.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #5 on: May 22, 2013, 10:02:33 am »
We don't have a GUI knob for it, but Limiters are based on ipfw/dummynet pipes, and those do support a burst parameter:

From ipfw(8):
Quote
    burst size
             If the data to be sent exceeds the pipe's bandwidth limit (and
             the pipe was previously idle), up to size bytes of data are
             allowed to bypass the dummynet scheduler, and will be sent as
             fast as the physical link allows.  Any additional data will be
             transmitted at the rate specified by the pipe bandwidth.  The
             burst size depends on how long the pipe has been idle; the effec-
             tive burst size is calculated as follows: MAX( size , bw *
             pipe_idle_time).

If someone wanted to hack together a patch, it may be possible to leverage that.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline SeventhSon

  • Full Member
  • ***
  • Posts: 287
  • Karma: +0/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #6 on: May 22, 2013, 11:32:48 am »
So you could do this, just not in GUI, I don't know enough about doing this is CLI (well, mostly, how to do it properly to make it stick across reboots/reloads of the firewall). Maybe someone else can help with that.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #7 on: May 22, 2013, 11:35:48 am »
It might actually be easier for someone to add a field to the limiter config to do that than it would to hack it in manually.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline foxale08

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +64/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #8 on: June 16, 2013, 02:39:32 am »
Got tired of waiting so I did it myself. I make no promises it works completely right. It can be cleaned up a bit and put into 2.1 if desired.

Offline ermal

  • Hero Member
  • *****
  • Posts: 3832
  • Karma: +85/-5
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #9 on: June 17, 2013, 08:26:32 am »
Seems correct implementation so i committed in snapshots.
Just test it with new coming snapshots or gitsync

Offline xbipin

  • Hero Member
  • *****
  • Posts: 1631
  • Karma: +6/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #10 on: June 18, 2013, 10:20:34 am »
problem with the patch is it doesnt upgrade the config, meaning if the old snapshot didnt have a burst value and u upgraded then u get errors in the system log untill u goto the limiter page and feed in a burst value and hit save

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
« Last Edit: June 18, 2013, 11:02:37 am by jimp »
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline xbipin

  • Hero Member
  • *****
  • Posts: 1631
  • Karma: +6/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #12 on: June 18, 2013, 11:12:29 am »
i quiet dont understand how this burst thing works, firstly, after the patch can we set a burst as zero or blank and secondly if burst is set to 1mb and the pipe also to 1mb and the link supports 2mb then how would it actually work?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #13 on: June 18, 2013, 11:18:16 am »
Burst is an amount of data, it is not a rate

Setting a burst of blank/0 is OK and what most people will do to not allow bursting.

If you have a 1Mbit/s *limit* and a 1MB *burst*, then the user will get 1MB of data at full speed, then be limited to 1Mbit/s.

In this example, with no burst set, the user will be limited to 1Mbit/s at all times.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline xbipin

  • Hero Member
  • *****
  • Posts: 1631
  • Karma: +6/-0
    • View Profile
Re: Limiter with Burst or similar solution needed
« Reply #14 on: June 18, 2013, 11:23:45 am »
so wouldnt it be better to put some description on that page saying burst is actual data and not rate and secondly the rules.limiter file shows me this

Code: [Select]
pipe 1 config  bw 480Kb burst 480Kb
 

pipe 3 config  bw 400Kb burst 400Kb

isnt the burst supposed to be KB and not Kb and also the interface doesnt allow to specify the unit separately for rate and burst