[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf+altq

> Nikolay Denev wrote:
> The provider shapes me at 512/128Kb local and 64/16Kb internetional traffic.
  this might totally be a stupid nonsense idea, but a good half of my
  ideas are stupid nonsense but also crazy enough to work.
  what if you created two vlans, each using your external interface
  as the parent.  set up altq on them like:
altq on vlan0 cbq bandwidth 128Kb queue { def0, http-bgpeer, \
	prio-bgpeer }
queue def0 	  bandwidth 30% cbq( default )
queue http-bgpeer bandwidth 30% cbq( ecn )
queue prio-bgpeer bandwidth 40% cbq { prio-bgpeer-def, prio-bgpeer-pri }
   queue prio-bgpeer-def bandwidth 80% priority 0 cbq
   queue prio-bgpeer-pri bandwidth 20% priority 7 cbq
altq on vlan1 cbq bandwidth 16Kb queue { def1, http-inet, prio-inet }
queue def1	  bandwidth 30% cbq( default )
queue http-inet   bandwidth 30% cbq( ecn )
queue prio-inet	  bandwidth 40% cbq { prio-inet-def, prio-inet-pri }
   queue prio-inet-def bandwidth 80% priority 0 cbq
   queue prio-inet-pri bandwidth 20% priority 7 cbq
  admittedly, it might complain that the bandwidth partitions are
  too low ( i remember pfctl not liking things with less than 5Kb or
  6Kb bandwidth when i was messing with cbq'ing everything )...
  and then above that, put in :
rdr on $int_if from any to ! <bgpeer> -> (vlan0)
rdr on $int_if from any to   <bgpeer> -> (vlan1)
rdr on $int_if from any to $ext_if -> $ext_if
  essentially taking traffic destined for the hosts ( using roughly
  the same logic as you were queueing them out with before, but
  just applying it differently ), first throwing it into an 
  imaginary interface for the purposes of bandwidthing it, and
  then letting it spit out of that interface over to the $ext_if.
  i might be missing some vital routing table setting here, but 
  then again, since the vlan has the external interface as its 
  parent-interface, the routing might be automatically taken
  care of for you.  also, i don't know if the last rdr is 
  needed, and i don't know if you would need to rewrite your 
  current nat rule at all, making it like:
nat on $ext_if from { $int_if, vlan0, vlan1 ) to any -> $ext_if
  then just augment your pass/block rules to use the appropriate
  vlan interface rather than $ext_if.
  also, i sorta forgot about the whole '$server' thing you had
  in there until just now, so that would have to be accounted
  perhaps like:
rdr on $ext_if from ! <bgpeer> to $server -> vlan0
rdr on $ext_if from   <bgpeer> to $server -> vlan1
  ... or is this a worthless idea?
  it is right off the top of my head, so might need revising, but
  in principle it might be possible to get something like that to