OPNsense Forum

Hello,

I am a total noob with this, I recently started playing with OPNsense for upgrading my home network.

I got the basic's working and now am trying to get the main reason I got OPNsense in the first place to work,
We have a very slow internet connection (100Mbps down, 40Mbps up VDSL) and want to get the most out of it.

I got one Vlan for our chromecasts with a higher priority and thats working very good, so one problem already fixed,

What I want to do now ;

Give all my different Vlan's a MINIMUM bandwith they "can" use, but always distribute all remaining bandwith to the other VLAN's so nothing gets wasted.

So for instance ;

VLAN 100 gets a minimum of 10Mbps/4Mbps (if it needs it)

VLAN 200 gets a minimum of 5Mbps/2Mbps (if it needs it)

VLAN 300 gets a minimum of 30Mbps/5Mbps (if it needs it)

VLAN 400 gets a minimum of 30Mbps/5Mbps (if it needs it)

All remaining available bandwith can always be used by whatever VLAN requests more (but never so that other VLAN's who need bandwith and are NOT at there minimum yet do not get that.)

I found guides to distribute bandwith evenly on OPNsense,
I found guides to limit bandwith,
but I do not find guides to combine that ??

I do find other posts with the same requests/problems and not really a fix I get to work :(

https://forum.opnsense.org/index.php?topic=22776.msg108503#msg108503 (https://forum.opnsense.org/index.php?topic=22776.msg108503#msg108503)
https://forum.opnsense.org/index.php?topic=16181.0 (https://forum.opnsense.org/index.php?topic=16181.0)
https://forum.opnsense.org/index.php?topic=22776.0 (https://forum.opnsense.org/index.php?topic=22776.0)
https://forum.opnsense.org/index.php?topic=2068.0 (https://forum.opnsense.org/index.php?topic=2068.0)

I also found PFsense forum posts where they give a fix for it in 2018 ? (but the naming is to different on OPNsense for me to try that :( )
https://forum.netgate.com/topic/128268/guaranteed-bandwith-to-a-vlan (https://forum.netgate.com/topic/128268/guaranteed-bandwith-to-a-vlan)

I am afread I need a real noobs step by step guide to explain to me how exactly to do this,

My hardware config ;
- dedicated hardware with intel N200 and 4 intel 2.5Ghz nics 16GB RAM and Samsung m.2 1TB SSD
- TP-Link Layer 2 smart switch with VLAN support
- TP-link Omada wifi access point with VLAN support
- VDSL modem connected to one port on the router set as WAN
- one LAN connection to the smart switch

- VLAN for the chromecasts with higher VLAN priority
- VLAN for wife's laptop and smartphone
- VLAN for my desktop and smartphone (gamer)
- VLAN for my son's desktop and smartphone (gamer)
- VLAN for my other son's desktop and smartphone (gamer)
- some other VLAN's for IoT and other stuff, but no need to take those in account now, ill work that out later.


I am currently NOT using any protection firewall stuff and rules and blocking yet, I want to get this bandwith thing sorted first, later I will migrate my Ad guard home (now on other server) to the router, start using zenarmour on the OPNsense , get all my arduino's and pi's on there own seperated vlan, get guest wifi,  ..... I am defenatly seeing the potential here, but its currently bit over my head :)


Any help would be greatly appreciated.

I have been looking for something like this but haven't been able to find it. I want all VLAN's to have full capacity when its possible, but assign a guaranteed minimum when the available bandwith is limited.

Yes, and I gues it should be possible, apperantly is was possible in some way on Pfsense in 2018 ?
and those other posts have people saying its possible, but im kinda to dumb to replicate the way they do it (and also some things have changed or have been re-named since those posts)


I hope someone knows exactly how to do it and can explain it to me/us :)

Anyone that got something like this working that can point me in the right direction ?


any help is much appreciated,


thank you,


Hans

Anyone got anymore pointers or tips for me ??


Currently I made one pipe of 100Mbps and than added our 3 gamer VLAN's to it with all 3 a weight of 30 ,
this "kinda" helps a bit, since now than all 3 gamers got about the same priority of data, but still if one goes full out update download , the others still suffer (not as much as without the pipe with the weights)

I am still looking for a way to give different VLAN's a MINIMUM bandwith IF they request it, but the ability to use ALL Bandwith if no other VLAN is using/requesting any bandwith.


Any help is very much appreciated,

I still have not found a way to do this :(
(kinda the number one reason I switched to OPNsense :) )

Anyone have any tips to point me in the right direction ?

Hm,

I am not sure here if you did as was advised in documentation but.

1. Create a 1 Pipe with the BW you have avaiable
2. Create queues for the dedicated Host/Subnets you want to give the BW, set proper Weights
3. Create rules that will tell which Host/Subnets fall under the specific queue

Important:
A. Dont use FQ_CODEL in those pipes nor queues, as FQ_CODEL ignores weights

or

Use FQ_Codel and let it handle all, but there is no minimum guarantee cause FQ_Codel tries to share resources equally.

https://forum.opnsense.org/index.php?topic=39651.msg194464#msg194464

Regards,
S.

Thank you for the repley and the links,

I think im doing it this way, but still not working the way I like it to,
I dont have Codel or anything enabled.

I have a theoretical WAN speed of 100Mbps, I get realy about 95Mbps

I created one download pipe of 95Mbps

than I created a Que with mask set as destination and a weight of 30 on that pipe (not sure about those yet, I suppose it means it will guarantied get 30% of the bandwith if it needs it ?)

than I created rules on all 3 of my vlans setting source and destination to any and using that que with the weight of 30

the way I understand it this should mean that if for instance all 3 vlans are downloading and requesting ALL bandwith, all 3 get 30% + some leftovers of the last available 10% ??

And if only one is downloading, the others should not have affected internet speed (using a little bit just watching youtube for instance) and all remaining bandwith goes to the vlan thats downloading.


However, this is not happening,
With this setup it "is" better as without it, but still if I go full out downloading on my vlan without limits , than my son's youtube stream drops to lowest quality and if he's playing a game he instantly gets the "low bandwith, packet loss crap,...)

I just cant get it to work the way I want and I dont know what im doing wrong :(


I actualy think I might be doing something wrong with the "mask" types ???
Can anyone explain this to me in "dummy" words :)

If I understand it correctly,

You created 1 Pipe for 95M and only one Queue weight of 30 in which are all VLANs/Devices?

Regards,
S.

Quote from: Seimus on May 23, 2024, 10:47:33 AM
If I understand it correctly,

You created 1 Pipe for 95M and only one Queue weight of 30 in which are all VLANs/Devices?

Regards,
S.

oh, no I actualy created 3 que's in that pipe for all 3 vlan's ,

So I gues this might  be my fault !!!!

Thanks alot, I will be trying this out and I will let you know.

You should have,

1 Pipe and a separated queue with a weight for each individual host/VLAN you want to allocate BW

This setup can not use CODEL or FQ_Codel AQM. Otherwise weights will not be honored.

https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html

Regards,
S.

Quote from: Seimus on May 27, 2024, 03:39:26 PM
You should have,

1 Pipe and a separated queue with a weight for each individual host/VLAN you want to allocate BW

This setup can not use CODEL or FQ_Codel AQM. Otherwise weights will not be honored.

https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html

Regards,
S.

Ah, that is what I had I think,

I have one pipe of 95Mbps

1 que's with a weight of 30

3 Rules for each VLAN that uses that Que of a weight of 30
No CODEL or anything enabled.

but its not working like that :( :(

Yea well you need to separate the specific host/subnets into specific "unique queues" that are binded to the same Pipe.

You have 3 separate host lets say. And you want to give those hosts different BW and guarantees so you need to:

1. Create 1 Pipe
2. Create 3 queues, each host will get 1 of these queues with specific weight
3. Rules that will direct a specific host to a specific queue

Did you try to read thru the documentation? Its pretty good explained there.

P.S. try set the "MASK" per queue not per Pipe, or not at all. Per documentation if you want to use weight based queues prioritization the MASK should be not set
https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html#prioritize-using-queues

Regards,
S.

Thanks for your continued help with this noob,

I found one error, I only had 1 que and used it for all 3 rules,

I have now 1 pipe with the full available bandwith, (without MASK set)
3 queues with 30 weight (without MASK set)
3 rules , one for each VLAN and each using a different Que

When I download full speed on one VLAN, it looked ok, when I than start a download also on a second VLAN that son's VLAN was also still ok, but my 3th VLAN for the other son got hammered :( (noticed by the screams that he was "going to die" :) :) )

So still dont know what is wrong,

I read the documentation again tho, and the problem is, in that documentation I do NOT find what I actualy need.
All I find there is to set a MAX bandwith per VLAN , I also find the option to set a MINIMUM bandwith per VLAN, but nowhere there I find the ability to set a MINIMUM bandwith per VLAN but also give any VLAN the MAX bandwith if the other VLAN's are NOT using there minimum bandwith :(

and online I only ever found guides to do this specific thing for PFsense and its from years ago and the terminology is not the same on OPNsense today :(

I am stumped, especialy since exactly this is what I wanted to do with OPNsense and is the biggest reason for starting it :) (loving all the other features also afcourse)

any more tips or stuff to try is appreciated.

So basically,

now you got into the point where 2 of the 3 VLANs work as expected. But when 3rd VLAN tries to eat its pie it will not get any?

also give any VLAN the MAX bandwidth if the other VLAN's are NOT using there minimum bandwidth

This you don't set, you set weights you say how much each of them eats if all eat. If there is BW to spare it should be divided automatically.

Regards,
S.

Quote from: Seimus on June 03, 2024, 11:04:16 PM
So basically,

now you got into the point where 2 of the 3 VLANs work as expected. But when 3rd VLAN tries to eat its pie it will not get any?

No, I tought it dit , but its not, its still just not working :(

Quote from: Seimus on June 03, 2024, 11:04:16 PM

Code Select Expand

also give any VLAN the MAX bandwidth if the other VLAN's are NOT using there minimum bandwidth

This you don't set, you set weights you say how much each of them eats if all eat. If there is BW to spare it should be divided automatically.

Regards,
S.

ok,

but I still need to get the first part to work :(
I will be trying some more and see if I got any improvements :(

If still you cant get it, share your config, of pipes, queues and rules for shaper.

Regards,
S.

Thanks for beeing patient with me, If it should work, im sure im doing something stupid wrong :(

I have one pipe for my full bandwith (I tried both with 95Mbps what I realy have, I tried with less and I tried with 100Mbps what the theoretical max is)

Mask set to none and everything else left alone.
(in advanced the scheduler type is "weighted Fair Queueing" I think that is correct ?, it was the standard.)

Picture of the Pipe included

I than made 3 Queues , one for each VLAN, set to use the 100Mbps Pipe and a weight of 30 , no Mask selected.

Picture of one of the Que's included (they are the same just different VLAN)

Than I have 3 Rules, one for each VLAN, and Each VLAN's Rule has a target of its own Que.
So I have 3 of these

Picture of a Rule included, all 3 are the same, just for each VLAN and each one points to its own Que



Let me know if you see anything that stands out as wrong or something I should change to try.


Thank you,


Hans

You took a bit of liberty from what is in the documentation.

Lets try this:

Pipe
- let is for now as it is

Queue
- let is for now as it is

Rule
- Here I see several problems, you combine Directions with Interfaces.
- You have 1st Interface VLAN and 2nd Interface WAN, with direction OUT, which I think shapes Upload not download if you have such combination
- Either switch the Interfaces in rules, or use only 1 Interface WAN and direction IN for DOWNLOAD and specify Destination the IP of the host or the Subnet.

NOTE: If you use only 1 interface (WAN) in RULES, download Direction is always IN, upload OUT

NOTE: Always create separate pipes for download and upload limiting to avoid undefined behavior when mixing bidirectional traffic in a single pipe.

NOTE: secondary interface, matches packets traveling to/from interface (1) to/from interface (2). can be combined with direction.


Also read the docs again ;)
https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html



Regards,
S.

Thanks again, I will try this soon,

Yes when I started the first time (after reading the docs :) ) I had a seperate upload and download pipe, but since it dident work I fingured ill try to get the download working first and than move on from there,

Possibly that I have my directions screwed up there, so ill be reading docs again and taking your tips and will try again and will let you know,

I aint the brightest cookie in the box, but I do try to be a nice cookie tho :) so thanks for sticking with me :)

Hmm,

for a moment I tought I had it working, but when I also added the upload pipes now again all VLAN's are only getting max about 1/3th of the bandwith even when the other vlan's are NOT downloading anything,

ill keep tinkering on this, but if anyone else has some obvious "AHA" tips for me to try, its all welcome,


thank you,

Did you manage to do it eventually?