[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Source Tracking in PF



On Mon, 15 Dec 2003 00:23:58 +0000
Ryan McBride <[email protected]> wrote:
:I just committed code which adds support to track stateful connections
:by source IP address. This allows a user to:
:- Ensure that clients get a consistent IP mapping with load-balanced
:  translation/routing rules
:- Limit the number of simultaneous connections a client can make
:- Limit the number of clients which can connect through a rule
:
:As always, the more people who test this and provide feedback, the
:happier I am. Read below for details.
:
:-Ryan
:
:
:
[snip kick ass syntax]
I was wondering if there was a way to use similar rules with ALTQ.  E.G. 
Evenly split a queue for each source-ip on a /24.  Allow each to use unused
bandwidth, but guarantee each gets a "fair" percentage (in this example,
each ip gets 6k/sec, and can borrow). Something like:
...
altq on $ext_if bandwidth 2Mb cbq { emp, serv, dflt }
queue server bandwidth 15%
queue emp bandwidth 80%
queue dflt bandwidth 5% cbq(default)
pass out on $ext_if from 192.169.1.0/24 to any keep state queue emp (
source-split)
....
(source-split doesn't exist, but I made it up, to be a semi-reasonable
place for the syntax)
Thanks for the great work!
-- 
Job Placement, n.:
	Telling your boss what he can do with your job.