Trafic shaper - different pipes for multiple VLANs.

Started by Martinezio, June 18, 2015, 04:09:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 18, 2015, 04:09:16 PM
Hi.

Can someone help me to achieve this solution in OPNSense?

Facts:
- OPNSense as main router/firewall installed on VMWare server with two network interfaces: one interface connected to WAN, second to switch as trunk (all vlans allowed);
- one WAN connection (let assume 10Mb, syncro);
- many clients connected via different VLANs (for each vlan is created OPT interface, for example I will use OPT1).
- all devices are connected to switch
- client pays for specified speed of his uplink (ie. 1Mb, synchro).

Goal:
- cut the speed of uplink to this payed by client.

Currently I've done this on m0n0wall using pipes:
- 1 pipe for download, and 1 for upload, both without mask - just set the bandwidth,
- rules are applied by interface - one rule for incomming and one for outgoing - and it works good.

I tried the same solution on OPNSense, but without luck - speed is not limited to pipe, but is using full speed of WAN.

What I'm doing wrong and how can I achieve the same behaviour as in m0n0?

Please, find attached screens with my setup in OPNSense.

Thanks in advance!
June 18, 2015, 04:35:51 PM #1
Hi,

Do you have Captive Portal enabled? If so, try disabling it first. There seem to be issues with the combination of these two.

I would also try a single rule;
- IF1: WAN
- IF2: LAN
- Pipe: 1Mbit (target: src)

And try if it limits to 1Mbit.

Good luck - it also took me a while to figure out directions and things like that.

Remon
June 18, 2015, 04:55:19 PM #2 Last Edit: June 18, 2015, 05:20:27 PM by Martinezio
Thx remonboonstra for Your hints...

I give it a try...

I admit, I tried to enable captive portal, but I had some issues with enabling it (and with deleting profiles - got some errors)... I try to remove all settings and start over (this is my testing environment, so I can destroy it ;)).

BTW: is it possible to install VMWare Tools on OPNSense? ;) Perl is already installed, but system is lack of "compat6x_amd64" package from FreeBSD ports.


EDIT:
- deleted all captive portal profiles,
- created single rule with direction set to "both"
- edited pipes to set mask for "destination" and "source"
But still not working... I think there is something broken in pipes implementation :(
June 18, 2015, 05:19:02 PM #3
From the console:

# pkg install open-vm-tools-nox11
June 18, 2015, 05:22:48 PM #4
Franco: thx a lot! This is what I need ;)

Now I can focus on pipes...
June 18, 2015, 05:26:55 PM #5
You are welcome. I just sneaked through the documents, the available packages can be viewed via:

# pkg rquery "%n: %c"
June 22, 2015, 05:18:38 PM #6
Anyone have an idea, how to solve my problem? Still no luck :( Pipes simply doesn't works for me :(
June 22, 2015, 05:35:01 PM #7
Martinezio, we are currently working on the traffic shaper as there are some issues with it.
However, waht you can do is the following:

create 2 rules for up and download as following:

upload
interface: LAN (or your TEST interface)
direction: in
target: your upload pipe

download
interface: LAN (or your TEST interface)
direction: out
target: your download pipe

This way you wil shape the traffic on the LAN side.
Only downside of this is that all traffic on this interface is shaped, however in your case that should be fine.

Let me know if this works for you.
Shaping on the wan side currently does not work  for outbound traffic due to pf/ipfw combination issues, this will probably be solved in 15.7.



June 22, 2015, 05:50:57 PM #8
and another update on this issue..
Ad just compiled a new kernel you can try, this solves the known issue.

install in the cli:
Code Select
opnsense-update -kr 15.1.12_dummynet

with this kernel you can also shape on the wan side

Let me know how this works out for you.
June 25, 2015, 10:24:24 AM #9
Nope - still the same :(
June 25, 2015, 10:26:21 AM #10
That is strange, did you reboot after installing?

I am pretty sure it does work as I have it on my test system as well and doen a lot of test with it...
June 25, 2015, 10:32:37 AM #11
Yes, of course. I have no ide, why :( Such same configuration I'm using in m0n0wall and it works pretty well.
June 25, 2015, 10:36:41 AM #12
I can take another look.
you are looking for this, correct?

- one WAN connection (let assume 10Mb, syncro);
- many clients connected via different VLANs (for each vlan is created OPT interface, for example I will use OPT1).
- all devices are connected to switch
- client pays for specified speed of his uplink (ie. 1Mb, synchro).

Goal:
- cut the speed of uplink to this payed by client.

Currently I've done this on m0n0wall using pipes:
- 1 pipe for download, and 1 for upload, both without mask - just set the bandwidth,
- rules are applied by interface - one rule for incomming and one for outgoing - and it works good.

June 25, 2015, 02:19:27 PM #13
Ok. After extensive work on configuration and sorting out problems we have come to point, that there is an issue with traffic shaper, when You use vmxnet3 drivers in virtual environment of vmWare ESXi server.

After changing NIC to E1000 - router seems to be working as planned.
Print
Go Up Pages1
User actions