Discussion:
[pfSense] Limiters
user49b
2018-02-11 12:26:47 UTC
Permalink
Hi

I currently have some limiters setup on my WiFi interface.
I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700
Kbit/s.

So every IP (device) has 700 Kbit/s.

I want to add a "global" limit on Wifi interface so the total
subnet/network can only have 3000 Kbit/s.
Each IP (device) can only have 700 Kbit/s of the total 3000 Kbit/s limit.

If tried putting a "global" limit for the subnet / network before and/or
after all the IP devices with 700kbit/s under rules.
This does not seem to work.

Is something like this possible, and if possible what am I doing wrong.
Maybe somewhere I can find documentation?

Regards
Chris
user49b
2018-02-15 17:22:14 UTC
Permalink
Hi

I currently have some limiters setup on my WiFi interface.
I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700
Kbit/s.

So every IP (device) has 700 Kbit/s.

I want to add a "global" limit on Wifi interface so the total
subnet/network can only have 3000 Kbit/s.
Each IP (device) can only have 700 Kbit/s of the total 3000 Kbit/s limit.

If tried putting a "global" limit for the subnet / network before and/or
after all the IP devices with 700kbit/s under rules.
This does not seem to work.

Is something like this possible, and if possible what am I doing wrong.
Maybe somewhere I can find documentation?

Regards
Chris
Chris L
2018-02-18 13:13:14 UTC
Permalink
Post by user49b
Hi
I currently have some limiters setup on my WiFi interface.
I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700 Kbit/s.
So every IP (device) has 700 Kbit/s.
I want to add a "global" limit on Wifi interface so the total subnet/network can only have 3000 Kbit/s.
Each IP (device) can only have 700 Kbit/s of the total 3000 Kbit/s limit.
If tried putting a "global" limit for the subnet / network before and/or after all the IP devices with 700kbit/s under rules.
This does not seem to work.
Is something like this possible, and if possible what am I doing wrong. Maybe somewhere I can find documentation?
No, unfortunately you can do one or the other with limiters. You can set a total pipe of 3000Kb/sec then put a child underneath that masked by /32 to create a separate pipe for every host but you cannot additionally limit each of those to 700K. It does a pretty good job of not letting anyone monopolize with the traffic in that case. It might be worth a try. If you do that when not much is going on, the users can use the full 3000K.

Or you can set a top limiter of 700K with a mask of /32 which gives each host a 700K pipe but no top limit.

You might try to combine the latter limiter configuration with a simple altq. You could make a simple PRIQ or perhaps CBQ with a 3000K bandwidth limit with just one child queue marked default (so you don’t have to worry about steering any traffic through it). That would prevent any transmission out that interface (downloads) of more than 3000K while the limiter would limit each host to 700K. You would have to use a different strategy to limit uploads if there was other traffic there you did not want to limit. Pretty sure you would need to use HFSC which can be daunting. Should not be too bad for something simple like that though. Looking though, CBQ is probably worth a look there. You can set separate bandwidth limits of child queues there too and it is much simpler than HFSC.
user49b
2018-02-23 06:21:10 UTC
Permalink
Thanks....
Post by user49b
Hi
I currently have some limiters setup on my WiFi interface.
I limit some IP's (192.168.2.105, 192.168.1.109,...) to only have 700 Kbit/s.
So every IP (device) has 700 Kbit/s.
I want to add a "global" limit on Wifi interface so the total subnet/network can only have 3000 Kbit/s.
Each IP (device) can only have 700 Kbit/s of the total 3000 Kbit/s limit.
If tried putting a "global" limit for the subnet / network before and/or after all the IP devices with 700kbit/s under rules.
This does not seem to work.
Is something like this possible, and if possible what am I doing wrong. Maybe somewhere I can find documentation?
No, unfortunately you can do one or the other with limiters. You can set a total pipe of 3000Kb/sec then put a child underneath that masked by /32 to create a separate pipe for every host but you cannot additionally limit each of those to 700K. It does a pretty good job of not letting anyone monopolize with the traffic in that case. It might be worth a try. If you do that when not much is going on, the users can use the full 3000K.

Or you can set a top limiter of 700K with a mask of /32 which gives each host a 700K pipe but no top limit.

You might try to combine the latter limiter configuration with a simple altq. You could make a simple PRIQ or perhaps CBQ with a 3000K bandwidth limit with just one child queue marked default (so you don’t have to worry about steering any traffic through it). That would prevent any transmission out that interface (downloads) of more than 3000K while the limiter would limit each host to 700K. You would have to use a different strategy to limit uploads if there was other traffic there you did not want to limit. Pretty sure you would need to use HFSC which can be daunting. Should not be too bad for something simple like that though. Looking though, CBQ is probably worth a look there. You can set separate bandwidth limits of child queues there too and it is much simpler than HFSC.

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Continue reading on narkive:
Loading...