OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: STk on April 04, 2017, 09:38:32 am

Title: Traffic-Shaper: Help and docs are wrong, if I am right. Am I?
Post by: STk on April 04, 2017, 09:38:32 am

I am not sure, but there seems to be a mistake in the traffic shaping help (in ui) and documentation (https://docs.opnsense.org/manual/how-tos/shaper.html).

You can use source- and destination-masks in pipes.
Help and howto use "source" for limit bandwith per client and "destination" to share bandwith.
If I am right about that, that is not generally correct.

Again, if I am right:
A pipe has a fixed (e.g. maximum) bandwith.
It is possbile to share this bandwith with dynamic buckets generated by source or destitination address.
Each source or destination address gets an own bucket, which are served all evenly in a pipe.
In both variants (source mask or destination mask) the pipes bandwidth will be shared.
There is no possibility to create buckets which gains maximum bandwith of the pipe each - like a new pipe (limiter) for every bucket.

For example relating to howto "Share bandwidth evenly":
Howto says to use destination mask for upload-pipe for sharing upload bandwidth evenly.
The upload pipe (used with WAN-interface) then creates a buckets for destination-adresses.
So upload-bandwith is shared based on the destination-adresses, e.g. the online-server-addresses.
Accordingly this pipe shares traffic for internet servers: Every internet-ip gets an own bucket.
This pipe (describes in howto) does not share traffice on a lan-user-base.
To do that, upload-pipe should configured with a source-mask.

Please correct me, if I am wrong.
Thank You in advance!

Btw. I am new to opnSense, migrated from pfSense last week.
Title: Re: Traffic-Shaper: Help and docs are wrong, if I am right. Am I?
Post by: oisteink on April 06, 2017, 12:35:13 pm
I'm in the same boat as you :)

Here's what the most recent paper I found on dummynet states:
In some situations it is useful to aggregate traffic into flows, and pass each flow through a separate pipe. This is achieved with a feature called “dynamic pipes”: “mask” parameters can be specified in the configuration of a pipe, which indicate the bits in the 5-tuple of a packet (protocol, addresses and ports) that should be used to group packets into flows. For each pattern resulting after masking, a new pipe will be created, and matching traffic will be directed to it. As an example, the rule:
Code: [Select]
ipfw pipe 4 config mask src-ip 0x000000ff bw 1Mbit/swill group packets with the same value of the least significant 8 bits in the source address, and direct each flow to a new instance of pipe 4. The bandwidth of each instance is 1 Mbit/s.

Reference: http://info.iet.unipi.it/~luigi/papers/20100304-ccr.pdf (http://info.iet.unipi.it/~luigi/papers/20100304-ccr.pdf)

Setting mask on a pipe to destination gives: mask:  0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
While setting mask to source gives: mask:  0x00 0xffffffff/0x0000 -> 0x00000000/0x0000

I will stay away from dynamic pipes until I can fully understand how they work.
Title: Re: Traffic-Shaper: Help and docs are wrong, if I am right. Am I?
Post by: STk on May 07, 2017, 01:20:58 pm
Anyone some info to that?
Title: Re: Traffic-Shaper: Help and docs are wrong, if I am right. Am I?
Post by: franco on May 08, 2017, 06:43:35 am
Hi guys,

I'll forward this to Jos for feedback. Sorry for the delay.

Title: Re: Traffic-Shaper: Help and docs are wrong, if I am right. Am I?
Post by: jschellevis on May 15, 2017, 10:06:23 am
Sorry for my late reply and I can see why this is confusion.

The upload example shares the bandwidth per destination, so if we have a pipe of 10Mb with mask set to destination then (assuming we have a rule matching the LAN net):

+ Each connection gets 1Mb for every different external ip
+ If the demand is higher than 10Mb each connection gets is even share
+ When sharing this way it is not shared evenly per internal user but per service (external ip)

So in case we have 10 LAN users (ips) connecting to 10 different services and all asking more than 1Mb they all get 1Mb, but if these 10 users would all connect to the same ip then this would not work as there is nothing to share evenly (for this you can enable Codel in the pipe to minimise bufferbloat). Also when 1 users has 10 connections and the other have 1 connection each then we have 19 connections in total so in case of sharing the first one will get 10*1/19 of the available bandwidth for each of its connections and the rest only 1 * 1/19.

So if you would like to divide the bandwidth evenly per user you will need to use the source mask instead.
The idea of the example is to show the sharing in both directions, but looking at it again that may not be very clear and needs an update.

I'll look into that shortly.