🧭 1. What is Traffic Shaping?
Traffic shaping is the control of network traffic to optimize or ensure performance, reduce latency, and increase usable bandwidth by applying additional delay or restrictions to packet flows.
In OPNsense, traffic shaping is implemented via pipes, queues, and rules. The rules manage flows and assign them to pipes/queues based on criteria like interface, direction, source/destination IP, and port numbers.
⚙️ 2. Architecture & Principle
- Pipes: defined bandwidth ceilings for traffic flows (upload/download).
- Queues: affiliated to pipes, carry weights to influence bandwidth distribution when contention arises.
- Rules: match specific traffic and assign it to the corresponding pipe or queue.
Flow control principle: Matching traffic via rules → directs to a Pipe → inside the Pipe, Queues distribute available bandwidth between flows proportionally to weights. When traffic demands exceed pipe limit, excess is delayed or queued.
🧩 3. Use Cases
- Limit total bandwidth: e.g., limit upload to 2 Mbps and download to 20 Mbps to prevent monopolization.
- Prioritize mission-critical applications: dedicate a pipe to VoIP/SIP traffic with greater weight so latency and quality are preserved.
- Guest network rate-limiting: limit GuestNet to Download 2 Mbps/Upload 1 Mbps, while internal LAN remains unrestricted.
- Combat bufferbloat: shaping large flows helps reduce queue buildup and latency.
🧰 4. How to Configure in OPNsense
Step 1 – Create PipesFirewall → Traffic Shaper → Pipes
Set upload and download bandwidth that reflect your connection.
Step 2 – Create QueuesFirewall → Traffic Shaper → Queues
Link to a pipe, set weight, and optionally mask to distribute fairly.
Step 3 – Create RulesFirewall → Traffic Shaper → Rules
Define interface (e.g., WAN), traffic match (source/destination/port), and target Pipe/Queue.
Step 4 – Apply & Monitor
After applying settings, check Firewall → Traffic Shaper → Status to view active flows and usage.
🔒 5. Best Practices & Considerations
- Set pipe bandwidth slightly below actual line capacity to allow shaping headroom.
- When needing simple overall limit, one pipe-rule pair may suffice.
- Use mask settings (e.g., src-ip, dst-ip) to control per-client fairness.
- Separate traffic shaping by interface/subnet (e.g., GuestNet vs LAN).
- Remember shaping is not a security feature—still rely on firewall rules for security.
- After configuration, monitor status to ensure no unintended bottlenecks.
✅ 6. Summary
Traffic Shaping in OPNsense is a versatile tool that enables bandwidth limitation, fair distribution, and traffic prioritization across flows. By correctly employing pipes, queues, and rules, you can ensure key applications remain responsive, and you prevent individual users or segments from consuming disproportionate bandwidth. In deployment, plan your bandwidth model first, then build your shaping configuration accordingly.