[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf+altq



----- Original Message -----
From: "Henning Brauer" <henning@openbsd.org>
To: <pf@benzedrine.cx>
Sent: Friday, April 04, 2003 2:13 PM
Subject: Re: pf+altq
> On Thu, Apr 03, 2003 at 06:12:23PM -0800, Trevor Talbot wrote:
> > On Thursday, Apr 3, 2003, at 14:56 US/Pacific, Henning Brauer wrote:
> >
> > >On Thu, Apr 03, 2003 at 11:14:43PM +0300, Nikolay Denev wrote:
> >
> > >>When i'am assigning packets to a queue with a "keep state" rule like
> > >>this :
> > >>"pass out quick on $ext_if inet proto tcp all flags S/SA keep state
> > >>queue
> > >>tcp-queue"
> > >>will the packets coming to me via the "keep state" created states
> > >>will be
> > >>assigned to the queue too?
> > >
> > >yes.
> >
> > Since the documentation on ALTQ says it only queues outbound packets,
> > wouldn't this be "no"?  If I misunderstood, how would one handle
> > asymmetric queueing?
>
> well, with something like
>
> pass in to port 80 keep state queue http
>
> the _outgoing_ packets matching this rule would be queued.
> additionally, in the usual setup, packets that are inbound on $ext_if are
> outgoing on $int_if ... and the classifying doies not need to happen on
the
> same interface as the actual queueing later ;-)
>
> --
> Henning Brauer, BS Web Services, http://bsws.de
> hb@bsws.de - henning@openbsd.org
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)
>
One or Two more questions? ;-)
First is it possible (somewhere in the future) to have support for example
for "priq" sheduler on a cbq child queue(and it's childs)
And second, i have here the following problem,
i want to bandwidth limit some services, and at the same time i want to use
the ack-pri trick. But there is one complication, my cable provider (as
almost all
the providers here), provide me with different bandwidth for local sites and
inernet sites.
(By local i mean, sites in the same country).
And i came up with the following solution, which work ok for
shaping the http access, both international and local, but the ack-pri stuff
doesn't work...
Most probably i'm doind something very wrong here... so please help :)
The provider shapes me at 512/128Kb local and 64/16Kb internetional traffic.
pf.conf fragment:
--------------
# this file contains the local networks dumped from BGP
table <bgpeer> persist file "/etc/bgpeer.txt"
altq on $ext_if cbq bandwidth 10Mb queue { def, http-inet, http-bgpeer,
prio-inet, prio-bgpeer }
 queue def bandwidth 100% cbq(default)
 queue http-inet bandwidth 8Kb cbq(ecn)
 queue http-bgpeer bandwidth 50Kb cbq(ecn)
 queue prio-inet bandwidth 16Kb cbq { prio-inet-def, prio-inet-pri }
  queue prio-inet-def priority 0
  queue prio-inet-pri priority 7
 queue prio-bgpeer bandwidth 128Kb cbq { prio-bgpeer-def, prio-bgpeer-pri }
  queue prio-bgpeer-def priority 0
  queue prio-bgpeer-pri priority 7
# local-http
pass in quick on $ext_if inet proto tcp from <bgpeer> to $server \
 port 80 flags S/SA keep state queue http-bgpeer
# internetional-http
pass in quick on $ext_if inet proto tcp from any to $server \
 port 80 flags S/SA keep state queue http-inet
# local
pass out quick on $ext_if inet proto tcp from any to <bgpeer> \
 flags S/SA modulate state queue (prio-bgpeer-def,prio-bgpeer-pri)
pass out quick on $ext_if inet proto icmp from any to <bgpeer> \
 icmp-type 8 code 0 keep state queue (prio-bgpeer-def,prio-bgpeer-pri)
pass out quick on $ext_if inet proto udp from any to <bgpeer> \
 keep state queue (prio-bgpeer-def,prio-bgpeer-pri)
# internetional
pass out quick on $ext_if inet proto tcp all \
 flags S/SA modulate state queue (prio-inet-def,prio-inet-pri)
pass out quick on $ext_if inet proto icmp all \
 icmp-type 8 code 0 keep state queue (prio-inet-def,prio-inet-pri)
pass out quick on $ext_if inet proto udp all \
 keep state queue (prio-inet-def,prio-inet-pri)
-----
--
Cheers,
Niki