From aac8701e3efd87da19bd97f9b20c47882f9963ea Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 7 May 2020 18:07:26 +0200 Subject: [PATCH] Shaper: add status / statistics page and split examples so they can all live in the same main chapter (Traffic shaping) --- source/firewall.rst | 1 - source/manual/how-tos/shaper.rst | 652 +----------------- source/manual/how-tos/shaper_dedicated_bw.rst | 172 +++++ source/manual/how-tos/shaper_guestnet.rst | 123 ++++ .../manual/how-tos/shaper_limit_per_user.rst | 213 ++++++ .../shaper_prioritize_using_queues.rst | 130 ++++ source/manual/how-tos/shaper_share_evenly.rst | 128 ++++ source/manual/shaping.rst | 37 +- 8 files changed, 808 insertions(+), 648 deletions(-) create mode 100644 source/manual/how-tos/shaper_dedicated_bw.rst create mode 100644 source/manual/how-tos/shaper_guestnet.rst create mode 100644 source/manual/how-tos/shaper_limit_per_user.rst create mode 100644 source/manual/how-tos/shaper_prioritize_using_queues.rst create mode 100644 source/manual/how-tos/shaper_share_evenly.rst diff --git a/source/firewall.rst b/source/firewall.rst index ce28472..71ba588 100644 --- a/source/firewall.rst +++ b/source/firewall.rst @@ -24,7 +24,6 @@ These are all combined in the firewall section. manual/firewall_groups manual/firewall_vip manual/firewall_scrub - manual/how-tos/shaper manual/how-tos/carp manual/logging_firewall manual/diagnostics_firewall diff --git a/source/manual/how-tos/shaper.rst b/source/manual/how-tos/shaper.rst index 4724ae3..6d86af2 100644 --- a/source/manual/how-tos/shaper.rst +++ b/source/manual/how-tos/shaper.rst @@ -4,646 +4,12 @@ Setup Traffic Shaping For this how-to we will look into these scenarios: -#. Reserve dedicated bandwidth for a realtime traffic such as (hosted) Voice Over IP (VOIP) server. -#. Share internet bandwidth amongst users evenly -#. Limit maximum internet bandwidth users can consume -#. Prioritize Applications (Weighted) using Queues -#. Multi Interface shaping for a GuestNet - ---------------------------- -Reserve dedicated bandwidth ---------------------------- -In this scenario we will create a pipe dedicated for traffic going to and coming -from our realtime application. For the sample we presume a SIP trunk or hosted -Voice Over IP (VOIP) server. - -For this example we presume a requirement of 4 uncompressed voice channels of 64 kbps, -resulting in a total bandwidth of 256 kbps. The internet connection in this example -has 10 Mbps Download and 1 Mbps Upload. - - - -.. nwdiag:: - :scale: 100% - :caption: Shaping hosted VOIP / SIP trunk sample - - nwdiag { - - span_width = 90; - node_width = 180; - Internet [shape = "cisco.cloud"]; - ip_phone [label="IP Phone",shape="cisco.ip_phone"]; - ip_phone -- switchlan; - - network LAN { - switchlan [label="",shape = "cisco.workgroup_switch"]; - label = "LAN OPNsense"; - address ="192.168.1.x/24"; - fw1 [label="OPNsense",address="192.168.1.1/24"]; - } - - network WAN { - label = ".WAN OPNsense"; - fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; - Internet; - } - - network SIPHOST { - label = ".WAN SIP PROVIDER"; - Internet; - sip_server [label="SIP/VOIP Server",shape="cisco.sip_proxy_werver", address="172.10.2.1/32"]; - } - } - -To start go to :menuselection:`Firewall --> Shaper --> Settings`. - -Step 1 - Create Upload and Download Pipes ------------------------------------------ -On the **Pipes** tab click the **+** button in the lower right corner. -An empty **Edit Pipe** screen will popup. - -Create Pipe For Upload (To our VOIP Server) - -====================== ================ ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 256 *Numeric value of the desired bandwidth* - **bandwidth Metric** Kbit/s *Metric to use with the numeric value* - **mask** (Empty) *Used for auto queueing, empty for our sample* - **description** PipeUp-256kbps *Free field, enter something descriptive* -====================== ================ ================================================ - -Create Pipe For Upload (Other Traffic = 1024 kbps - 256 kbps = 768 kbps) - -====================== ================ ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 768 *Numeric value of the desired bandwidth* - **bandwidth Metric** Kbit/s *Metric to use with the numeric value* - **mask** (Empty) *Used for auto queueing, empty for our sample* - **description** PipeUp-768kbps *Free field, enter something descriptive* -====================== ================ ================================================ - -Create Pipe For Download (From our VOIP Server) - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 256 *Numeric value of the desired bandwidth* - **bandwidth Metric** Kbit/s *Metric to use with the numeric value* - **mask** (Empty) *Used for auto queueing, empty for our sample* - **description** PipeDown-256kbps *Free field, enter something descriptive* -====================== ================== ================================================ - -Create Pipe For Download (Other Traffic = 10240 kbps - 256 kbps = 9984 kbps ) - -====================== =================== ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 9984 *Numeric value of the desired bandwidth* - **bandwidth Metric** Kbit/s *Metric to use with the numeric value* - **mask** (Empty) *Used for auto queueing, empty for our sample* - **description** PipeDown-9984kbps *Free field, enter something descriptive* -====================== =================== ================================================ - -Step 2 - Create Rules ----------------------- -On the **Rules** tab click the **+** button in the lower right corner. -An empty **Edit rule** screen will popup. - -Create a rule for traffic directed towards the VOIP Server (Upload). - -====================== ================= ===================================================== - **sequence** 11 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source IP to shape, leave on any* - **src-port** any *The source port to shape, leave on any* - **destination** 172.10.2.1 *The IP address of our VOIP server* - **dst-port** any *Use any of the destination port if static* - **target** PipeUP-256kbps *Select the Upload 256 kbps Pipe* - **description** ShapeVOIPUpload *Enter a descriptive name* -====================== ================= ===================================================== - - -Create a rule for traffic coming from the VOIP Server (Download). - -====================== ================= ===================================================== - **sequence** 21 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** 172.10.2.1 *The IP address of our VOIP server* - **src-port** any *The source port to shape, leave on any* - **destination** any *The destination IP to shape, leave on any* - **dst-port** any *The destination port to shape, leave on any* - **target** PipeDown256kbps *Select the Download 256 kbps Pipe* - **description** ShapeVOIPDown *Enter a descriptive name* -====================== ================= ===================================================== - -Create a rule for all other internet upload traffic - -====================== ================= ===================================================== - **sequence** 31 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** 192.168.1.0/24 *The source IPs to shape, our LAN network* - **src-port** any *The source port to shape, leave on any* - **destination** any *the destination address, leave in any* - **dst-port** any *Use any of the destination port if static* - **target** PipeUp-768kbps *Select the Upload 768 kbps Pipe* - **description** ShapeUpload *Enter a descriptive name* -====================== ================= ===================================================== - - -Create a rule for all other internet download traffic - -====================== =================== ===================================================== - **sequence** 41 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source IP to shape, leave on any* - **src-port** any *The source port to shape, leave on any* - **destination** 192.168.1.0/24 *The destination IPs to shape, our LAN network* - **dst-port** any *The destination port to shape, leave on any* - **target** PipeDown-9984kbps *Select the Download 256Kbps Pipe* - **description** ShapeDown *Enter a descriptive name* -====================== =================== ===================================================== - -.. Note:: - - Be aware of the sequence! It is important to make sure the right traffic - is passed to the right pipe. - - -Now press |apply| to activate the traffic shaping rules. - -*Screenshot Rules* - -.. image:: images/shaping_rules_s1.png - :width: 100% - -.. |apply| image:: images/applybtn.png - - ----------------------- -Share bandwidth evenly ----------------------- - -For this example we presume an internet connection of 10 Mbps Download and 1 Mbps -Upload that we want to share evenly between all users. - -.. nwdiag:: - :scale: 100% - :caption: Shaping bandwidth evenly sample - - nwdiag { - - span_width = 90; - node_width = 180; - Internet [shape = "cisco.cloud"]; - pc [label="Connected PC's",shape="cisco.pc"]; - pc -- switchlan; - - network LAN { - switchlan [label="",shape = "cisco.workgroup_switch"]; - label = "LAN OPNsense"; - address ="192.168.1.x/24"; - fw1 [label="OPNsense",address="192.168.1.1/24"]; - } - - network WAN { - label = ".WAN OPNsense"; - fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; - Internet; - } - - } - -To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. - -Step 1 - Create Upload and Download Pipes ------------------------------------------ -On the **Pipes** tab click the **+** button in the lower right corner. -An empty **Edit Pipe** screen will popup. - -Create Pipe For Upload - -====================== ================ ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 1 *Numeric value of the desired bandwidth* - **bandwidth Metric** Mbit/s *Metric to use with the numeric value* - **mask** empty *Select destination to share the bandwidth* - **description** PipeUp-1Mbps *Free field, enter something descriptive* -====================== ================ ================================================ - - -Create Pipe For Download - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 10 *Numeric value of the desired bandwidth* - **bandwidth Metric** Mbit/s *Metric to use with the numeric value* - **mask** empty *Select destination to share the bandwidth* - **description** PipeDown-10Mbps *Free field, enter something descriptive* -====================== ================== ================================================ - -Step 2 - Create a Queues ------------------------- -On the **Queues** tab click the **+** button in the lower right corner. -An empty **Edit queue** screen will popup. - -Create Queue for Upload - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **pipe** PipeUp-1Mbps *Select our Pipe* - **weight** 100 *Weight to use with the numeric value* - **mask** source *Every source creates a match* - **description** QueueUp-1Mbps *Free field, enter something descriptive* -====================== ================== ================================================ - -Create Queue for Download - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **pipe** PipeDown-10Mbps *Select our Pipe* - **weight** 100 *Weight to use with the numeric value* - **mask** destination *Every source creates a match* - **description** QueueDown-10Mbps *Free field, enter something descriptive* -====================== ================== ================================================ - - -Step 3 - Create Rules ----------------------- -On the **Rules** tab click the **+** button in the lower right corner. -An empty **Edit rule** screen will popup. - -Create a rule for traffic directed towards the internet (Upload). - -====================== ================= ===================================================== - **sequence** 11 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** 192.168.1.0/24 *The source IP to shape, select the LAN network* - **src-port** any *The source port to shape, leave on any* - **destination** any *The destination to shape, leave on any* - **dst-port** any *Use any of the destination port if static* - **target** QueueUp-1Mbps *Select the Upload 1Mbps Queue* - **description** ShapeUpload *Enter a descriptive name* -====================== ================= ===================================================== - - -Create a rule for traffic coming from the internet (Download). - -====================== ================= ===================================================== - **sequence** 21 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** any *The source port to shape, leave on any* - **destination** 192.168.1.0/24 *The destination IP to shape, select LAN network* - **dst-port** any *The destination port to shape, leave on any* - **target** QueueDown-10Mbps *Select the Download 10 Mbps Queue* - **description** ShapeDownload *Enter a descriptive name* -====================== ================= ===================================================== - -Now press |apply| to activate the traffic shaping rules. - -*Screenshot Rules* - -.. image:: images/shaping_rules_s2.png - :width: 100% - ------------------------- -Limit bandwidth per user ------------------------- - -For this example we will divide the internet Download traffic between the connected -users in such manner that each user will receive up to a maximum of 1 Mbps. - -.. nwdiag:: - :scale: 100% - :caption: Simple network diagram - - nwdiag { - - span_width = 90; - node_width = 180; - Internet [shape = "cisco.cloud"]; - pc [label="Connected PC's",shape="cisco.pc"]; - pc -- switchlan; - - network LAN { - switchlan [label="",shape = "cisco.workgroup_switch"]; - label = "LAN OPNsense"; - address ="192.168.1.x/24"; - fw1 [label="OPNsense",address="192.168.1.1/24"]; - } - - network WAN { - label = ".WAN OPNsense"; - fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; - Internet; - } - - } - -To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. - -Step 1 - Create Upload and Download Pipes ------------------------------------------ -On the **Pipes** tab click the **+** button in the lower right corner. -An empty **Edit Pipe** screen will popup. - -Create Pipe For Download - -====================== ================ ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 1 *Numeric value of the desired bandwidth* - **bandwidth Metric** Mbit/s *Metric to use with the numeric value* - **mask** destination *Select source to limit bandwidth per client* - **description** PipeDown-1Mbps *Free field, enter something descriptive* -====================== ================ ================================================ - - -Step 2 - Create Rules ----------------------- -On the **Rules** tab click the **+** button in the lower right corner. -An empty **Edit rule** screen will popup. - - -Create a rule for traffic coming from the internet (Download). - -====================== ================= ===================================================== - **sequence** 21 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** any *The source port to shape, leave on any* - **destination** 192.168.1.0/24 *The destination IP to shape, select LAN network* - **dst-port** any *The destination port to shape, leave on any* - **target** PipeDown-1Mbps *Select the Download 1 Mbps Pipe* - **description** ShapeDownload *Enter a descriptive name* -====================== ================= ===================================================== - -.. Note:: - - If you want to limit traffic for a single IP then just enter the IP address - in the destination field instead of the full LAN network range. - -Now press |apply| to activate the traffic shaping rules. - -*Screenshot Rules* - -.. image:: images/shaping_rules_s3.png - :width: 100% - ------------------------ -Prioritize using Queues ------------------------ -By utilizing queues we can influence the bandwidth within a pipe and give certain -applications more bandwidth than others based on a weighted algorithm. - -The idea is simple: -Let presume we have a pipe of 10 Mbps and 2 applications for instance smtp (email) -and http(s). The http(s) traffic will get a weight of 1 and the smtp traffic a -weight of 9, then when all capacity of our pipe is in use the email traffic will -get 9x more bandwidth than our http(s) traffic, resulting in 1 Mbps for http(s) -and 9 Mbps for smtp. - -For our example we only look at download traffic, but the exact same can be done -for the upload traffic. - -+----------------+--------+-------------------+ -| Application | Weight | Minimum Bandwidth | -+================+========+===================+ -| SMTP (port 25) | 9 | 9 Mbps | -+----------------+--------+-------------------+ -| HTTP (80) | | | -+----------------+ 1 | 1 Mbps | -| HTTPS (443) | | | -+----------------+--------+-------------------+ - -To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. - -Step 1 - Create Download Pipe ------------------------------- -On the **Pipes** tab click the **+** button in the lower right corner. -An empty **Edit Pipe** screen will popup. - - -Create Pipe For Download (10 Mbps) - -====================== ================= =============================================== - **enabled** Checked *Check to enable the pipe* - **bandwidth** 10 *Numeric value of the desired bandwidth* - **bandwidth Metric** Mbit/s *Metric to use with the numeric value* - **mask** (empty) *Leave empty* - **description** PipeDown-10Mbps *Free field, enter something descriptive* -====================== ================= =============================================== - - -Step 2 - Create Queues ----------------------- -On the **Queues** tab click the **+** button in the lower right corner. -An empty **Edit queue** screen will popup. - -Create Queue for SMTP - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **pipe** PipeDown-10Mbps *Select our Pipe* - **weight** 9 *Weight to use with the numeric value* - **mask** (empty) *Leave empty* - **description** Queue-SMTP *Free field, enter something descriptive* -====================== ================== ================================================ - - -Create Queue for HTTP - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **pipe** PipeDown-10Mbps *Select our Pipe* - **weight** 1 *Weight to use with the numeric value* - **mask** (empty) *Leave empty* - **description** Queue-HTTP *Free field, enter something descriptive* -====================== ================== ================================================ - -Step 3 - Create Rules ----------------------- -On the **Rules** tab click the **+** button in the lower right corner. -An empty **Edit rule** screen will popup. - - -Create a rule for smtp download traffic (email) - -====================== =================== ===================================================== - **sequence** 11 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** smtp *The source port to shape, smtp or 25* - **destination** any *The destination IP to shape, leave on any* - **dst-port** any *The destination port to shape, leave on any* - **target** Queue-SMTP *Select the SMTP queue* - **description** ShapeSMTPDownload *Enter a descriptive name* -====================== =================== ===================================================== - - -Create a rule for HTTP download traffic - -====================== =================== ===================================================== - **sequence** 21 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** http *The source port to shape, http or 80* - **destination** any *The destination IP to shape, leave on any* - **dst-port** any *The destination port to shape, leave on any* - **target** Queue-HTTP *Select the HTTP queue* - **description** ShapeHTTPDownload *Enter a descriptive name* -====================== =================== ===================================================== - - -Adding an extra rule for HTTPS traffic is simple as we can use the same HTTP queue if we like: - -====================== ==================== ===================================================== - **sequence** 31 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** https *The source port to shape, https or 443* - **destination** any *The destination IP to shape, leave on any* - **dst-port** any *The destination port to shape, leave on any* - **target** Queue-HTTP *Select the HTTP queue* - **description** ShapeHTTPSDownload *Enter a descriptive name* -====================== ==================== ===================================================== - -This way HTTP and HTTPS traffic will be treated the same (total max of 1 Mbps). - -Now press |apply| to activate the traffic shaping rules. - -*Screenshot Rules* - -.. image:: images/shaping_rules_s4.png - :width: 100% - --------------------------------------- -Multi Interface shaping for a GuestNet --------------------------------------- - -One of the options with OPNsense's traffic shaper is its ability to add shaping -rules based upon two interfaces. This option allows you to shape traffic -differently based on the direction the traffic is moving between interfaces. - -For this example we will use this functionality to share a symmetric 10 Mbps internet -connection between a primary LAN network and a Guest Network. - -The LAN network will not be limited, traffic from users on our Guest Network will -be limited to a total of 2 Mbps Download and 1 Mbps Upload. - -.. nwdiag:: - :scale: 100% - :caption: Simple network diagram - - nwdiag { - - span_width = 90; - node_width = 180; - Internet [shape = "cisco.cloud"]; - Internet -- switchwan; - - network WAN { - switchwan [label="",shape = "cisco.workgroup_switch"]; - label = "WAN Interface em1"; - fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; - } - - network LAN { - switchlan [label="",shape = "cisco.workgroup_switch"]; - label = "LAN Interface em0"; - address ="192.168.1.x/24"; - fw1 [label="OPNsense",address="192.168.1.1/24"]; - } - - pc [label="LAN PC",shape="cisco.pc"]; - pc -- switchlan; - - network GuestNet { - switchguestnet [label="",shape = "cisco.workgroup_switch"]; - label = "GuestNet Interface em2"; - address ="192.168.2.x/24"; - fw1 [label="OPNsense",address="192.168.2.1/24"]; - } - - laptop [label="Guest Laptop", shape="cisco.laptop"] - laptop -- switchguestnet; - - } - -Step 1 - Create Upload and Download Pipes ------------------------------------------ - -On the **Pipes** tab click the **+** button in the lower right corner. -An empty **Edit Pipe** screen will popup. - -Create Pipe For Upload (GuestNet - em2) - -====================== ================ ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 1 *Numeric value of the desired bandwidth* - **bandwidth Metric** Mbit/s *Metric to use with the numeric value* - **mask** (Empty) *Leave empty* - **description** PipeUp-1Mbps *Free field, enter something descriptive* -====================== ================ ================================================ - - -Create Pipe For Download (GuestNet - em2) - -====================== ================== ================================================ - **enabled** Checked *Check to enable the pipe* - **bandwidth** 2 *Numeric value of the desired bandwidth* - **bandwidth Metric** Mbit/s *Metric to use with the numeric value* - **mask** (Empty) *Leave empty* - **description** PipeDown-2Mbps *Free field, enter something descriptive* -====================== ================== ================================================ - -Step 2 - Create Rules ----------------------- - -On the **Rules** tab click the **+** button in the lower right corner. -An empty **Edit rule** screen will popup. - -Important - Before you continue! - First change the mode to advanced, see the toggle in the left top corner of the - popup dialog. One click should shift it from red (disabled) to green (enabled). - -Create a rule for the download traffic - -====================== =================== ===================================================== - **sequence** 11 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface connected to the internet* - **interface2** GuestNet *Select the interface that matches your GuestNet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** any *The source port to shape, leave on any* - **destination** any *The destination IP to shape, leave on any* - **dst-port** any *The destination port to shape, leave on any* - **direction** in *Match incoming packages (download)* - **target** PipeDown-2Mbps *Select the Download pipe* - **description** GuestNetDownload *Enter a descriptive name* -====================== =================== ===================================================== - -Create a rule for the upload traffic - -====================== =================== ===================================================== - **sequence** 21 *Auto generated number, overwrite only when needed* - **interface** WAN *Select the interface that matches your GuestNet* - **interface2** GuestNet *Select the interface connected to the internet* - **proto** ip *Select the protocol, IP in our example* - **source** any *The source address, leave on any* - **src-port** any *The source port to shape, leave on any* - **destination** any *The destination IP to shape, leave on any* - **dst-port** any *The destination port to shape, leave on any* - **direction** out *Match outgoing packages (upload)* - **target** PipeUp-1Mbps *Select the Upload pipe* - **description** GuestNetUpload *Enter a descriptive name* -====================== =================== ===================================================== - -Now press |apply| to activate the traffic shaping rules. +.. toctree:: + :maxdepth: 2 + :titlesonly: + + shaper_dedicated_bw + shaper_share_evenly + shaper_limit_per_user + shaper_prioritize_using_queues + shaper_guestnet diff --git a/source/manual/how-tos/shaper_dedicated_bw.rst b/source/manual/how-tos/shaper_dedicated_bw.rst new file mode 100644 index 0000000..6776f2b --- /dev/null +++ b/source/manual/how-tos/shaper_dedicated_bw.rst @@ -0,0 +1,172 @@ +============================== +Reserve dedicated bandwidth +============================== + +**Reserve dedicated bandwidth for a realtime traffic such as (hosted) Voice Over IP (VOIP) server.** + +In this scenario we will create a pipe dedicated for traffic going to and coming +from our realtime application. For the sample we presume a SIP trunk or hosted +Voice Over IP (VOIP) server. + +For this example we presume a requirement of 4 uncompressed voice channels of 64 kbps, +resulting in a total bandwidth of 256 kbps. The internet connection in this example +has 10 Mbps Download and 1 Mbps Upload. + + + +.. nwdiag:: + :scale: 100% + :caption: Shaping hosted VOIP / SIP trunk sample + + nwdiag { + + span_width = 90; + node_width = 180; + Internet [shape = "cisco.cloud"]; + ip_phone [label="IP Phone",shape="cisco.ip_phone"]; + ip_phone -- switchlan; + + network LAN { + switchlan [label="",shape = "cisco.workgroup_switch"]; + label = "LAN OPNsense"; + address ="192.168.1.x/24"; + fw1 [label="OPNsense",address="192.168.1.1/24"]; + } + + network WAN { + label = ".WAN OPNsense"; + fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; + Internet; + } + + network SIPHOST { + label = ".WAN SIP PROVIDER"; + Internet; + sip_server [label="SIP/VOIP Server",shape="cisco.sip_proxy_werver", address="172.10.2.1/32"]; + } + } + +To start go to :menuselection:`Firewall --> Shaper --> Settings`. + +Step 1 - Create Upload and Download Pipes +----------------------------------------- +On the **Pipes** tab click the **+** button in the lower right corner. +An empty **Edit Pipe** screen will popup. + +Create Pipe For Upload (To our VOIP Server) + +====================== ================ ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 256 *Numeric value of the desired bandwidth* + **bandwidth Metric** Kbit/s *Metric to use with the numeric value* + **mask** (Empty) *Used for auto queueing, empty for our sample* + **description** PipeUp-256kbps *Free field, enter something descriptive* +====================== ================ ================================================ + +Create Pipe For Upload (Other Traffic = 1024 kbps - 256 kbps = 768 kbps) + +====================== ================ ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 768 *Numeric value of the desired bandwidth* + **bandwidth Metric** Kbit/s *Metric to use with the numeric value* + **mask** (Empty) *Used for auto queueing, empty for our sample* + **description** PipeUp-768kbps *Free field, enter something descriptive* +====================== ================ ================================================ + +Create Pipe For Download (From our VOIP Server) + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 256 *Numeric value of the desired bandwidth* + **bandwidth Metric** Kbit/s *Metric to use with the numeric value* + **mask** (Empty) *Used for auto queueing, empty for our sample* + **description** PipeDown-256kbps *Free field, enter something descriptive* +====================== ================== ================================================ + +Create Pipe For Download (Other Traffic = 10240 kbps - 256 kbps = 9984 kbps ) + +====================== =================== ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 9984 *Numeric value of the desired bandwidth* + **bandwidth Metric** Kbit/s *Metric to use with the numeric value* + **mask** (Empty) *Used for auto queueing, empty for our sample* + **description** PipeDown-9984kbps *Free field, enter something descriptive* +====================== =================== ================================================ + +Step 2 - Create Rules +---------------------- +On the **Rules** tab click the **+** button in the lower right corner. +An empty **Edit rule** screen will popup. + +Create a rule for traffic directed towards the VOIP Server (Upload). + +====================== ================= ===================================================== + **sequence** 11 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source IP to shape, leave on any* + **src-port** any *The source port to shape, leave on any* + **destination** 172.10.2.1 *The IP address of our VOIP server* + **dst-port** any *Use any of the destination port if static* + **target** PipeUP-256kbps *Select the Upload 256 kbps Pipe* + **description** ShapeVOIPUpload *Enter a descriptive name* +====================== ================= ===================================================== + + +Create a rule for traffic coming from the VOIP Server (Download). + +====================== ================= ===================================================== + **sequence** 21 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** 172.10.2.1 *The IP address of our VOIP server* + **src-port** any *The source port to shape, leave on any* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** PipeDown256kbps *Select the Download 256 kbps Pipe* + **description** ShapeVOIPDown *Enter a descriptive name* +====================== ================= ===================================================== + +Create a rule for all other internet upload traffic + +====================== ================= ===================================================== + **sequence** 31 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** 192.168.1.0/24 *The source IPs to shape, our LAN network* + **src-port** any *The source port to shape, leave on any* + **destination** any *the destination address, leave in any* + **dst-port** any *Use any of the destination port if static* + **target** PipeUp-768kbps *Select the Upload 768 kbps Pipe* + **description** ShapeUpload *Enter a descriptive name* +====================== ================= ===================================================== + + +Create a rule for all other internet download traffic + +====================== =================== ===================================================== + **sequence** 41 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source IP to shape, leave on any* + **src-port** any *The source port to shape, leave on any* + **destination** 192.168.1.0/24 *The destination IPs to shape, our LAN network* + **dst-port** any *The destination port to shape, leave on any* + **target** PipeDown-9984kbps *Select the Download 256Kbps Pipe* + **description** ShapeDown *Enter a descriptive name* +====================== =================== ===================================================== + +.. Note:: + + Be aware of the sequence! It is important to make sure the right traffic + is passed to the right pipe. + + +Now press |apply| to activate the traffic shaping rules. + +*Screenshot Rules* + +.. image:: images/shaping_rules_s1.png + :width: 100% + +.. |apply| image:: images/applybtn.png diff --git a/source/manual/how-tos/shaper_guestnet.rst b/source/manual/how-tos/shaper_guestnet.rst new file mode 100644 index 0000000..8e8514e --- /dev/null +++ b/source/manual/how-tos/shaper_guestnet.rst @@ -0,0 +1,123 @@ +========================================= +Multi Interface shaping for a GuestNet +========================================= + +One of the options with OPNsense's traffic shaper is its ability to add shaping +rules based upon two interfaces. This option allows you to shape traffic +differently based on the direction the traffic is moving between interfaces. + +For this example we will use this functionality to share a symmetric 10 Mbps internet +connection between a primary LAN network and a Guest Network. + +The LAN network will not be limited, traffic from users on our Guest Network will +be limited to a total of 2 Mbps Download and 1 Mbps Upload. + +.. nwdiag:: + :scale: 100% + :caption: Simple network diagram + + nwdiag { + + span_width = 90; + node_width = 180; + Internet [shape = "cisco.cloud"]; + Internet -- switchwan; + + network WAN { + switchwan [label="",shape = "cisco.workgroup_switch"]; + label = "WAN Interface em1"; + fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; + } + + network LAN { + switchlan [label="",shape = "cisco.workgroup_switch"]; + label = "LAN Interface em0"; + address ="192.168.1.x/24"; + fw1 [label="OPNsense",address="192.168.1.1/24"]; + } + + pc [label="LAN PC",shape="cisco.pc"]; + pc -- switchlan; + + network GuestNet { + switchguestnet [label="",shape = "cisco.workgroup_switch"]; + label = "GuestNet Interface em2"; + address ="192.168.2.x/24"; + fw1 [label="OPNsense",address="192.168.2.1/24"]; + } + + laptop [label="Guest Laptop", shape="cisco.laptop"] + laptop -- switchguestnet; + + } + +Step 1 - Create Upload and Download Pipes +----------------------------------------- + +On the **Pipes** tab click the **+** button in the lower right corner. +An empty **Edit Pipe** screen will popup. + +Create Pipe For Upload (GuestNet - em2) + +====================== ================ ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 1 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** (Empty) *Leave empty* + **description** PipeUp-1Mbps *Free field, enter something descriptive* +====================== ================ ================================================ + + +Create Pipe For Download (GuestNet - em2) + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 2 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** (Empty) *Leave empty* + **description** PipeDown-2Mbps *Free field, enter something descriptive* +====================== ================== ================================================ + +Step 2 - Create Rules +---------------------- + +On the **Rules** tab click the **+** button in the lower right corner. +An empty **Edit rule** screen will popup. + +Important - Before you continue! + First change the mode to advanced, see the toggle in the left top corner of the + popup dialog. One click should shift it from red (disabled) to green (enabled). + +Create a rule for the download traffic + +====================== =================== ===================================================== + **sequence** 11 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **interface2** GuestNet *Select the interface that matches your GuestNet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** any *The source port to shape, leave on any* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **direction** in *Match incoming packages (download)* + **target** PipeDown-2Mbps *Select the Download pipe* + **description** GuestNetDownload *Enter a descriptive name* +====================== =================== ===================================================== + +Create a rule for the upload traffic + +====================== =================== ===================================================== + **sequence** 21 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface that matches your GuestNet* + **interface2** GuestNet *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** any *The source port to shape, leave on any* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **direction** out *Match outgoing packages (upload)* + **target** PipeUp-1Mbps *Select the Upload pipe* + **description** GuestNetUpload *Enter a descriptive name* +====================== =================== ===================================================== + +Now press |apply| to activate the traffic shaping rules. diff --git a/source/manual/how-tos/shaper_limit_per_user.rst b/source/manual/how-tos/shaper_limit_per_user.rst new file mode 100644 index 0000000..e52307f --- /dev/null +++ b/source/manual/how-tos/shaper_limit_per_user.rst @@ -0,0 +1,213 @@ +==================================================== +Limit maximum internet bandwidth users can consume +==================================================== + +For this example we will divide the internet Download traffic between the connected +users in such manner that each user will receive up to a maximum of 1 Mbps. + +.. nwdiag:: + :scale: 100% + :caption: Simple network diagram + + nwdiag { + + span_width = 90; + node_width = 180; + Internet [shape = "cisco.cloud"]; + pc [label="Connected PC's",shape="cisco.pc"]; + pc -- switchlan; + + network LAN { + switchlan [label="",shape = "cisco.workgroup_switch"]; + label = "LAN OPNsense"; + address ="192.168.1.x/24"; + fw1 [label="OPNsense",address="192.168.1.1/24"]; + } + + network WAN { + label = ".WAN OPNsense"; + fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; + Internet; + } + + } + +To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. + +Step 1 - Create Upload and Download Pipes +----------------------------------------- +On the **Pipes** tab click the **+** button in the lower right corner. +An empty **Edit Pipe** screen will popup. + +Create Pipe For Download + +====================== ================ ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 1 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** destination *Select source to limit bandwidth per client* + **description** PipeDown-1Mbps *Free field, enter something descriptive* +====================== ================ ================================================ + + +Step 2 - Create Rules +---------------------- +On the **Rules** tab click the **+** button in the lower right corner. +An empty **Edit rule** screen will popup. + + +Create a rule for traffic coming from the internet (Download). + +====================== ================= ===================================================== + **sequence** 21 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** any *The source port to shape, leave on any* + **destination** 192.168.1.0/24 *The destination IP to shape, select LAN network* + **dst-port** any *The destination port to shape, leave on any* + **target** PipeDown-1Mbps *Select the Download 1 Mbps Pipe* + **description** ShapeDownload *Enter a descriptive name* +====================== ================= ===================================================== + +.. Note:: + + If you want to limit traffic for a single IP then just enter the IP address + in the destination field instead of the full LAN network range. + +Now press |apply| to activate the traffic shaping rules. + +*Screenshot Rules* + +.. image:: images/shaping_rules_s3.png + :width: 100% + +----------------------- +Prioritize using Queues +----------------------- +By utilizing queues we can influence the bandwidth within a pipe and give certain +applications more bandwidth than others based on a weighted algorithm. + +The idea is simple: +Let presume we have a pipe of 10 Mbps and 2 applications for instance smtp (email) +and http(s). The http(s) traffic will get a weight of 1 and the smtp traffic a +weight of 9, then when all capacity of our pipe is in use the email traffic will +get 9x more bandwidth than our http(s) traffic, resulting in 1 Mbps for http(s) +and 9 Mbps for smtp. + +For our example we only look at download traffic, but the exact same can be done +for the upload traffic. + ++----------------+--------+-------------------+ +| Application | Weight | Minimum Bandwidth | ++================+========+===================+ +| SMTP (port 25) | 9 | 9 Mbps | ++----------------+--------+-------------------+ +| HTTP (80) | | | ++----------------+ 1 | 1 Mbps | +| HTTPS (443) | | | ++----------------+--------+-------------------+ + +To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. + +Step 1 - Create Download Pipe +------------------------------ +On the **Pipes** tab click the **+** button in the lower right corner. +An empty **Edit Pipe** screen will popup. + + +Create Pipe For Download (10 Mbps) + +====================== ================= =============================================== + **enabled** Checked *Check to enable the pipe* + **bandwidth** 10 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** (empty) *Leave empty* + **description** PipeDown-10Mbps *Free field, enter something descriptive* +====================== ================= =============================================== + + +Step 2 - Create Queues +---------------------- +On the **Queues** tab click the **+** button in the lower right corner. +An empty **Edit queue** screen will popup. + +Create Queue for SMTP + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **pipe** PipeDown-10Mbps *Select our Pipe* + **weight** 9 *Weight to use with the numeric value* + **mask** (empty) *Leave empty* + **description** Queue-SMTP *Free field, enter something descriptive* +====================== ================== ================================================ + + +Create Queue for HTTP + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **pipe** PipeDown-10Mbps *Select our Pipe* + **weight** 1 *Weight to use with the numeric value* + **mask** (empty) *Leave empty* + **description** Queue-HTTP *Free field, enter something descriptive* +====================== ================== ================================================ + +Step 3 - Create Rules +---------------------- +On the **Rules** tab click the **+** button in the lower right corner. +An empty **Edit rule** screen will popup. + + +Create a rule for smtp download traffic (email) + +====================== =================== ===================================================== + **sequence** 11 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** smtp *The source port to shape, smtp or 25* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** Queue-SMTP *Select the SMTP queue* + **description** ShapeSMTPDownload *Enter a descriptive name* +====================== =================== ===================================================== + + +Create a rule for HTTP download traffic + +====================== =================== ===================================================== + **sequence** 21 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** http *The source port to shape, http or 80* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** Queue-HTTP *Select the HTTP queue* + **description** ShapeHTTPDownload *Enter a descriptive name* +====================== =================== ===================================================== + + +Adding an extra rule for HTTPS traffic is simple as we can use the same HTTP queue if we like: + +====================== ==================== ===================================================== + **sequence** 31 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** https *The source port to shape, https or 443* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** Queue-HTTP *Select the HTTP queue* + **description** ShapeHTTPSDownload *Enter a descriptive name* +====================== ==================== ===================================================== + +This way HTTP and HTTPS traffic will be treated the same (total max of 1 Mbps). + +Now press |apply| to activate the traffic shaping rules. + +*Screenshot Rules* + +.. image:: images/shaping_rules_s4.png + :width: 100% diff --git a/source/manual/how-tos/shaper_prioritize_using_queues.rst b/source/manual/how-tos/shaper_prioritize_using_queues.rst new file mode 100644 index 0000000..1892617 --- /dev/null +++ b/source/manual/how-tos/shaper_prioritize_using_queues.rst @@ -0,0 +1,130 @@ +================================================== +Prioritize Applications (Weighted) using Queues +================================================== + +By utilizing queues we can influence the bandwidth within a pipe and give certain +applications more bandwidth than others based on a weighted algorithm. + +The idea is simple: +Let presume we have a pipe of 10 Mbps and 2 applications for instance smtp (email) +and http(s). The http(s) traffic will get a weight of 1 and the smtp traffic a +weight of 9, then when all capacity of our pipe is in use the email traffic will +get 9x more bandwidth than our http(s) traffic, resulting in 1 Mbps for http(s) +and 9 Mbps for smtp. + +For our example we only look at download traffic, but the exact same can be done +for the upload traffic. + ++----------------+--------+-------------------+ +| Application | Weight | Minimum Bandwidth | ++================+========+===================+ +| SMTP (port 25) | 9 | 9 Mbps | ++----------------+--------+-------------------+ +| HTTP (80) | | | ++----------------+ 1 | 1 Mbps | +| HTTPS (443) | | | ++----------------+--------+-------------------+ + +To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. + +Step 1 - Create Download Pipe +------------------------------ +On the **Pipes** tab click the **+** button in the lower right corner. +An empty **Edit Pipe** screen will popup. + + +Create Pipe For Download (10 Mbps) + +====================== ================= =============================================== + **enabled** Checked *Check to enable the pipe* + **bandwidth** 10 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** (empty) *Leave empty* + **description** PipeDown-10Mbps *Free field, enter something descriptive* +====================== ================= =============================================== + + +Step 2 - Create Queues +---------------------- +On the **Queues** tab click the **+** button in the lower right corner. +An empty **Edit queue** screen will popup. + +Create Queue for SMTP + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **pipe** PipeDown-10Mbps *Select our Pipe* + **weight** 9 *Weight to use with the numeric value* + **mask** (empty) *Leave empty* + **description** Queue-SMTP *Free field, enter something descriptive* +====================== ================== ================================================ + + +Create Queue for HTTP + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **pipe** PipeDown-10Mbps *Select our Pipe* + **weight** 1 *Weight to use with the numeric value* + **mask** (empty) *Leave empty* + **description** Queue-HTTP *Free field, enter something descriptive* +====================== ================== ================================================ + +Step 3 - Create Rules +---------------------- +On the **Rules** tab click the **+** button in the lower right corner. +An empty **Edit rule** screen will popup. + + +Create a rule for smtp download traffic (email) + +====================== =================== ===================================================== + **sequence** 11 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** smtp *The source port to shape, smtp or 25* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** Queue-SMTP *Select the SMTP queue* + **description** ShapeSMTPDownload *Enter a descriptive name* +====================== =================== ===================================================== + + +Create a rule for HTTP download traffic + +====================== =================== ===================================================== + **sequence** 21 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** http *The source port to shape, http or 80* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** Queue-HTTP *Select the HTTP queue* + **description** ShapeHTTPDownload *Enter a descriptive name* +====================== =================== ===================================================== + + +Adding an extra rule for HTTPS traffic is simple as we can use the same HTTP queue if we like: + +====================== ==================== ===================================================== + **sequence** 31 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** https *The source port to shape, https or 443* + **destination** any *The destination IP to shape, leave on any* + **dst-port** any *The destination port to shape, leave on any* + **target** Queue-HTTP *Select the HTTP queue* + **description** ShapeHTTPSDownload *Enter a descriptive name* +====================== ==================== ===================================================== + +This way HTTP and HTTPS traffic will be treated the same (total max of 1 Mbps). + +Now press |apply| to activate the traffic shaping rules. + +*Screenshot Rules* + +.. image:: images/shaping_rules_s4.png + :width: 100% diff --git a/source/manual/how-tos/shaper_share_evenly.rst b/source/manual/how-tos/shaper_share_evenly.rst new file mode 100644 index 0000000..c9340b4 --- /dev/null +++ b/source/manual/how-tos/shaper_share_evenly.rst @@ -0,0 +1,128 @@ +=================================================== +Share internet bandwidth amongst users evenly +=================================================== + +For this example we presume an internet connection of 10 Mbps Download and 1 Mbps +Upload that we want to share evenly between all users. + +.. nwdiag:: + :scale: 100% + :caption: Shaping bandwidth evenly sample + + nwdiag { + + span_width = 90; + node_width = 180; + Internet [shape = "cisco.cloud"]; + pc [label="Connected PC's",shape="cisco.pc"]; + pc -- switchlan; + + network LAN { + switchlan [label="",shape = "cisco.workgroup_switch"]; + label = "LAN OPNsense"; + address ="192.168.1.x/24"; + fw1 [label="OPNsense",address="192.168.1.1/24"]; + } + + network WAN { + label = ".WAN OPNsense"; + fw1 [label="OPNsense", shape = "cisco.firewall", address="172.10.1.1/32"]; + Internet; + } + + } + +To start go to :menuselection:`Firewall --> Traffic Shaper --> Settings`. + +Step 1 - Create Upload and Download Pipes +----------------------------------------- +On the **Pipes** tab click the **+** button in the lower right corner. +An empty **Edit Pipe** screen will popup. + +Create Pipe For Upload + +====================== ================ ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 1 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** empty *Select destination to share the bandwidth* + **description** PipeUp-1Mbps *Free field, enter something descriptive* +====================== ================ ================================================ + + +Create Pipe For Download + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **bandwidth** 10 *Numeric value of the desired bandwidth* + **bandwidth Metric** Mbit/s *Metric to use with the numeric value* + **mask** empty *Select destination to share the bandwidth* + **description** PipeDown-10Mbps *Free field, enter something descriptive* +====================== ================== ================================================ + +Step 2 - Create a Queues +------------------------ +On the **Queues** tab click the **+** button in the lower right corner. +An empty **Edit queue** screen will popup. + +Create Queue for Upload + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **pipe** PipeUp-1Mbps *Select our Pipe* + **weight** 100 *Weight to use with the numeric value* + **mask** source *Every source creates a match* + **description** QueueUp-1Mbps *Free field, enter something descriptive* +====================== ================== ================================================ + +Create Queue for Download + +====================== ================== ================================================ + **enabled** Checked *Check to enable the pipe* + **pipe** PipeDown-10Mbps *Select our Pipe* + **weight** 100 *Weight to use with the numeric value* + **mask** destination *Every source creates a match* + **description** QueueDown-10Mbps *Free field, enter something descriptive* +====================== ================== ================================================ + + +Step 3 - Create Rules +---------------------- +On the **Rules** tab click the **+** button in the lower right corner. +An empty **Edit rule** screen will popup. + +Create a rule for traffic directed towards the internet (Upload). + +====================== ================= ===================================================== + **sequence** 11 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** 192.168.1.0/24 *The source IP to shape, select the LAN network* + **src-port** any *The source port to shape, leave on any* + **destination** any *The destination to shape, leave on any* + **dst-port** any *Use any of the destination port if static* + **target** QueueUp-1Mbps *Select the Upload 1Mbps Queue* + **description** ShapeUpload *Enter a descriptive name* +====================== ================= ===================================================== + + +Create a rule for traffic coming from the internet (Download). + +====================== ================= ===================================================== + **sequence** 21 *Auto generated number, overwrite only when needed* + **interface** WAN *Select the interface connected to the internet* + **proto** ip *Select the protocol, IP in our example* + **source** any *The source address, leave on any* + **src-port** any *The source port to shape, leave on any* + **destination** 192.168.1.0/24 *The destination IP to shape, select LAN network* + **dst-port** any *The destination port to shape, leave on any* + **target** QueueDown-10Mbps *Select the Download 10 Mbps Queue* + **description** ShapeDownload *Enter a descriptive name* +====================== ================= ===================================================== + +Now press |apply| to activate the traffic shaping rules. + +*Screenshot Rules* + +.. image:: images/shaping_rules_s2.png + :width: 100% diff --git a/source/manual/shaping.rst b/source/manual/shaping.rst index 343f457..7783916 100644 --- a/source/manual/shaping.rst +++ b/source/manual/shaping.rst @@ -73,8 +73,37 @@ share the available bandwidth. The shaping rules can be defined in the rules section of the traffic shaper. -------------- -Configuration -------------- -Read the how to, here: :doc:`how-tos/shaper` +----------------------- +Status / statistics +----------------------- + +To check if your shaper is acting like intended, you can use the status page (:menuselection:`Firewall -> Shaper -> Status`). + +This component will show a breakdown of configured pipes, queues and rules showing the amount of traffic passed through it +since the last restart of the service including the timestamp when that happened. + +If flows are active, you can show their details using the "Show active flows" checkbox, do remember to refresh your view after +changing these settings. + +The rules are not shown by default, you can use the "Show rules" checkbox to enabled those, +this option can help you identifying misconfigurations more easily, +since the underlaying technology (:code:`ipfw`) keeps track of data on a per rule basis. + +.. Tip:: + + Make sure to use easy to find descriptions, these will ease debugging when traffic isn't being handled as expected. + +--------------------------- +Configuration / How-tos +--------------------------- + +.. toctree:: + :maxdepth: 2 + :titlesonly: + + how-tos/shaper_dedicated_bw + how-tos/shaper_share_evenly + how-tos/shaper_limit_per_user + how-tos/shaper_prioritize_using_queues + how-tos/shaper_guestnet