been running a bare metal for a while now and been great no more buffer bloat and ping and packet loss has been minimal but my isp decided to up my speeds from 300/10 to 500/10 (me with no bufferbloat is 240/10 but with the way my network is setup i cannot take advantage of that without making everyone go to a crawl or deadlocked
i could never figure out how or even if u can traffic shape bridged lan ports like an off the shelf router
heres some images of my current setup
https://imgur.com/N7VH4dI
https://imgur.com/PRJjROW
oh and the bridge is the ip pool
You can put the Shaper on any interface you want.
Same as you did to shape the on the WAN, you can Shape on the LAN.
If you already have a Shaper on LAN with BW 240/10. Just increase the BW values on the Pipe that will take advantage of the newly upgraded circuit throughput.
Regards,
S.
Quote from: Seimus on October 29, 2024, 01:51:34 PM
You can put the Shaper on any interface you want.
Same as you did to shape the on the WAN, you can Shape on the LAN.
If you already have a Shaper on LAN with BW 240/10. Just increase the BW values on the Pipe that will take advantage of the newly upgraded circuit throughput.
Regards,
S.
some time ago i tried doing the same steps i did to create the shaper on the WAN to bridge/LAN for each device(https://imgur.com/N7VH4dI) but it wasnt doing anything, wasnt limiting my speed even when i set it to 1mbit/s as if i didnt even create the pipe so i gave up. im gonna try it again later once i update
would it be because all ports are sharing an ip pool?
this is an abit separate issue(https://imgur.com/PRJjROW) but this is what i had to do to get my network stable for gaming since theres 4pc's, 6 hand helds, 2 consoles and phones and if someone's downloading a game update and while im gaming packet loss becomes an issue and the nighthawk's data rate is quite bursty on the upload
It most likely didn't work due to possible wrong configuration of the rules for the Shaper.
In the Rule configuration of the Shaper you can assign 2 interfaces, if you do that, the matching will be based to/from Interface 1 <> to /from Interface 2. But dont use that mostly you just need to specify single interface which will match the traffic hitting on this specific Interface.
Also dont forget there is a relationship between Pipe(scheduler), Queue and Rule:
Rule > Queue > Pipe
You need to have proper rules assigned to proper Queues and proper Queues to proper Pipes. And Rules specified for the Queues needs to be set in proper Direction IN or OUT.
Regards,
S.
Quote from: Seimus on October 29, 2024, 03:05:52 PM
It most likely didn't work due to possible wrong configuration of the rules for the Shaper.
In the Rule configuration of the Shaper you can assign 2 interfaces, if you do that, the matching will be based to/from Interface 1 <> to /from Interface 2. But dont use that mostly you just need to specify single interface which will match the traffic hitting on this specific Interface.
Also dont forget there is a relationship between Pipe(scheduler), Queue and Rule:
Rule > Queue > Pipe
You need to have proper rules assigned to proper Queues and proper Queues to proper Pipes. And Rules specified for the Queues needs to be set in proper Direction IN or OUT.
Regards,
S.
thanks for the info buut this is me atm lol
***GOT REQUEST TO UPGRADE***
Currently running OPNsense 24.1.10_8 at Tue Oct 29 14:37:48 UTC 2024
Fetching packages-24.7-amd64.tar: ...
been about 10 minutes
ok now on the latest version but repeated what i did before i gave up and still not doing a thing
image provided
You are not really trying to shape traffic on the SAME interface, are you? Sure looks like it since you only have OPT3 enabled.
In case I am right, read this (https://forum.opnsense.org/index.php?topic=42985.0), point 1.
Quote from: meyergru on October 29, 2024, 09:58:12 PM
You are not really trying to shape traffic on the SAME interface, are you? Sure looks like it since you only have OPT3 enabled.
In case I am right, read this (https://forum.opnsense.org/index.php?topic=42985.0), point 1.
doing it this way so i dont mess with the rest of the house confirming before deploying
out of all my search's this step was not among them
"Select the tunable net.link.bridge.pfil_bridge and set the value to 1 & restart"
is it possible to live change the speed during a download or do i need to reset something or restart to apply
Quote from: clutchmaster on October 29, 2024, 11:16:14 PM
Quote from: meyergru on October 29, 2024, 09:58:12 PM
You are not really trying to shape traffic on the SAME interface, are you? Sure looks like it since you only have OPT3 enabled.
In case I am right, read this (https://forum.opnsense.org/index.php?topic=42985.0), point 1.
doing it this way so i dont mess with the rest of the house confirming before deploying
out of all my search's this step was not among them
"Select the tunable net.link.bridge.pfil_bridge and set the value to 1 & restart"
is it possible to live change the speed during a download or do i need to reset something or restart to apply
ya i still cant figure this out what am i doing wrong
essentially what im trying to do is when someone starts an uncapped steam download i want to see it get dynammically throttle when others on the network are watching youtube and or playing multi player games making sure theres no packet loss do to resends or clogging
is this even possible with bridged lan port am i gonna have to seperate all ports into there own dhcp pool???
Just follow the instructions from the documentation (https://docs.opnsense.org/manual/how-tos/shaper_share_evenly.html).
Use the "WAN" interface and your LAN subnet as parameters. Keep the limits a little below your actual limits. Make sure you use the correct values for the up/down pipe/queues and rules like depicted in the instructions.
Quote from: meyergru on October 30, 2024, 12:24:10 PM
Just follow the instructions from the documentation (https://docs.opnsense.org/manual/how-tos/shaper_share_evenly.html).
Use the "WAN" interface and your LAN subnet as parameters. Keep the limits a little below your actual limits. Make sure you use the correct values for the up/down pipe/queues and rules like depicted in the instructions.
ok from the looks of it i cant just set the rule for the interface but have ot use the ip of my device???
ya folowed that gues what still blowing right past the set limit
Those two rules 3 and 4 attached on OPT3, what direction you have them set?
Regards,
S.
Quote from: Seimus on October 30, 2024, 12:59:07 PM
Those two rules 3 and 4 attached on OPT3, what direction you have them set?
Regards,
S.
would i have to invert que i cloned them for my global limit to save time
Quote from: Seimus on October 30, 2024, 12:59:07 PM
Those two rules 3 and 4 attached on OPT3, what direction you have them set?
Regards,
S.
heres an image of the current config
( https://imgur.com/ndvIAxd )
Are you trying to limit speed between devices that are connected to the same switch?
Quote from: wiggleroom on October 30, 2024, 02:48:18 PM
Are you trying to limit speed between devices that are connected to the same switch?
im not trying to limit speed between devices on the switch... essentailly trying to load balance and prioritize gaming and video traffic for example if opt4 is playing a game while also has a youtube video going then opt3 starts downloading a steam game i dont want his download to hog all bandwidth resulting in ping issues & packet loss or kicked from server and video buffering but if the network is rather quiet sure let him hit the limit
1. I assume OPT3 is your WAN, right? I have not checked all your directions and source/destinations, either.
2. How are you testing? If you use speedtest.net, you MUST set the little "connections" knob below the "Go" button to "single" instead of "multi".
That being said, here are my settings that work by defining rules between WAN and LAN, not via subnets. I just checked that when I limit my downstream pipe to a smaller value, this works (with single connection).
thanks guys for time realy appreciate it
heres how i have the ports configured
That correlates only slightly with your topology image. If all the LAN ports share the same subnet and are bridged, you should use the bridge ports for all firewall rules and set up the mandatory bridging tuneables.
There should be no rules set for the bridge member interfaces.
Quote from: meyergru on October 30, 2024, 04:35:00 PM
That correlates only slightly with your topology image. If all the LAN ports share the same subnet and are bridged, you should use the bridge ports for all firewall rules and set up the mandatory bridging tuneables.
There should be no rules set for the bridge member interfaces.
thanks for the help! when i started out on this everything i found didnt directly touched on this.. i was quite confused on how that was used
now its working, i take it now all i gotta do to isolate which port its happening on would be to change "any" to the specific ip address... than duplicate for each port or is that unnecessary for what im tryin to do
Again: Your LAN is LAN - you should not apply any rules, configurations a.s.o. on bridge member ports.
Think of them as ports on a switch. If you want to differentiate between things that are on your LAN, use their IPs or MACs on rules, not the bridge ports.
To not get confused, it would probably be best to not list those low-level member interfaces at all by removing their uppercase names (like OPT3) from the assignments. The bridge itself is defined on the physical devices names.
This is point 2 here (https://forum.opnsense.org/index.php?topic=42985), for a reason.
Quote from: meyergru on October 30, 2024, 05:30:49 PM
Again: Your LAN is LAN - you should not apply any rules, configurations a.s.o. on bridge member ports.
Think of them as ports on a switch. If you want to differentiate between things that are on your LAN, use their IPs or MACs on rules, not the bridge ports.
To not get confused, it would probably be best to not list those low-level member interfaces at all by removing their uppercase names (like OPT3) from the assignments. The bridge itself is defined on the physical devices names.
This is point 2 here (https://forum.opnsense.org/index.php?topic=42985), for a reason.
i dont see anything in relation to adding the second interface in the rules section
but bit a weird behavior now i run a buffer bloat test i get 20mbits/s while my steam download is getting 20mbytes/s
i have the pipe set for 20mbits and yes i have steam set to display bytes instead of bits
The bridge is one single interface. Like a switch in a consumer router.
Quote from: clutchmaster on October 30, 2024, 07:03:23 PM
i dont see anything in relation to adding the second interface in the rules section
You
did configure OPT3 in your shaper.
Quote from: clutchmaster on October 30, 2024, 07:03:23 PM
but bit a weird behavior now i run a buffer bloat test i get 20mbits/s while my steam download is getting 20mbytes/s
i have the pipe set for 20mbits and yes i have steam set to display bytes instead of bits
As I said: the shaper handles one stream only. If applications choose to use several of them, you are out of luck. When I limit my downstream to, say, 100 Mbit/s and try testing with Speedtest and multiple connections, I still get >300 MBit/s downstream. That is at least my experience.
What
my shaper settings are good for, is handling bufferbloat. IDK about "fairness". The docs give multiple different configurations for specific purposes, but since you did not succeed with that (now we know that was probably for a different reason), I showed you my config aimed at reducing bufferbloat.
Quote from: meyergru on October 30, 2024, 08:01:40 PM
Quote from: clutchmaster on October 30, 2024, 07:03:23 PM
i dont see anything in relation to adding the second interface in the rules section
You did configure OPT3 in your shaper.
Quote from: clutchmaster on October 30, 2024, 07:03:23 PM
but bit a weird behavior now i run a buffer bloat test i get 20mbits/s while my steam download is getting 20mbytes/s
i have the pipe set for 20mbits and yes i have steam set to display bytes instead of bits
As I said: the shaper handles one stream only. If applications choose to use several of them, you are out of luck. When I limit my downstream to, say, 100 Mbit/s and try testing with Speedtest and multiple connections, I still get >300 MBit/s downstream. That is at least my experience.
What my shaper settings are good for, is handling bufferbloat. IDK about "fairness". The docs give multiple different configurations for specific purposes, but since you did not succeed with that (now we know that was probably for a different reason), I showed you my config aimed at reducing bufferbloat.
in other words im at square one, what im trying to do is fairness and deprioritize high speed downloads then i discover after reading this
( https://www.reddit.com/r/PFSENSE/comments/y833jl/i_want_to_limit_steam_to_50_mbps/ )
apparently steam just blows past whatever you set since it treats the term "megabit" as "megabyte"