Re: Prioritizing empty TCP ACKs with pf and ALTQ with exemptions?

On Wednesday, Apr 9, 2003, at 12:27 US/Pacific, Erik Paulsen Skålerud wrote:

One other option would be to add a third interface to the
OpenBSD box, and bridge it with $ext_if.  That would allow
you to put the 2 servers on the new interface, and gain
control of their traffic patterns to the internet.

Great idea. I dont have an extra NIC at the moment, but I'm going to try to
get one.
Do I have to specify altq rules for the bridge interface then? Or is it just
sufficient to use $ext_if?

Just $ext_if.

You haven't mentioned whether their traffic patterns are an
issue, but it may help.

Not sure what you're talking about, but I'll take a guess;

I meant in regard to TCP ACK prioritization. That works fine for the inside machines, but as soon as those servers start sending traffic out from where they are now, they'll stomp on the ACKs anyway. If your servers don't do much, it's not really an issue.

I have clients behind the OpenBSD on a 100mbit switch, and they often
transfer files to the external servers (web, ftp etc). It kind of sucks to
have 20kB/s to servers when you can get 10mbit by physical layers :(

The last rule set you posted looked fine; does it not work as intended?