[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Packet queueing; Not borrowing from parent queue



Hi,
 
For the past couple of days I've been trying to setup packet queueing on
OpenBSD 3.4 but have been unsuccessful getting the queues to borrow excess
bandwidth from other queues. I'd really appreciate it if someone could take
a look and possibly give me some pointers as to what I'm doing wrong.
To illustrate the problem and to lessen the likelihood that I'm doing some-
thing terribly wrong, I decided to setup a small environment that resembles
one of the examples outlined in the PF FAQ because the same problem is evi-
dent here as well. (http://www.openbsd.org/faq/pf/queueing.html#example2)
[ IT ]---[ SWITCH ]------fxp2 [ FIREWALL ] fxp0------ [ INTERNET ]
              |                   fxp1
              |                    |              |                    |          [ BOSS ]              [ DMZ ]
Here's the corresponding pf.conf:
ext_if          ="fxp0"
dmz_if          ="fxp1"
int_if          ="fxp2"
it_net          = "192.168.0.2"
int_nets        = "192.168.0.0/24"
dmz_net         = "192.168.1.0/24"
boss            = "192.168.0.3"
wwwserv         = "192.168.1.2"
altq on $ext_if cbq bandwidth 1.5Mb queue { std_ext, www_ext, boss_ext }
queue std_ext        cbq(default)
queue www_ext        bandwidth 500Kb { www_ext_http, www_ext_misc }
  queue www_ext_http priority 3 cbq(red)
  queue www_ext_misc priority 1
queue boss_ext       priority 3
altq on $int_if cbq bandwidth 100% queue { net_int, www_int }
queue net_int    bandwidth 1.0Mb { std_int, it_int, boss_int }
  queue std_int  cbq(default)
  queue it_int   bandwidth 500Kb cbq(borrow)
  queue boss_int priority 3
queue www_int    cbq(red)
altq on $dmz_if cbq bandwidth 100% queue { internal_dmz, net_dmz }
queue internal_dmz
queue net_dmz        bandwidth 500Kb { net_dmz_http, net_dmz_misc }
  queue net_dmz_http priority 3 cbq(red)
  queue net_dmz_misc priority 1 cbq(default)
# default deny
block on { $ext_if, $dmz_if, $int_if } all
# filter rules for external interface inbound
pass in  on $ext_if proto tcp from any to $wwwserv port { 21, \
        > 49151 } flags S/SA keep state queue www_ext_misc
pass in  on $ext_if proto tcp from any to $wwwserv port 80 \
        flags S/SA keep state queue www_ext_http
# filter rules for external interface outbound
pass out on $ext_if from $int_nets to any keep state
pass out on $ext_if from $boss to any keep state queue boss_ext
# filter rules for internal interface inbound
pass in  on $int_if from $int_nets to any keep state
pass in  on $int_if from $it_net to any queue it_int keep state
pass in  on $int_if from $boss to any queue boss_int keep state
pass in  on $int_if proto tcp from $int_nets to $wwwserv port { 21, 80, \
        > 49151 } flags S/SA keep state queue www_int
# filter rules for internal interface outbound
pass out on $int_if from $int_if to $int_nets
# filter rules for dmz interface inbound
pass in  on $dmz_if proto { tcp, udp } from $wwwserv to any port 53 \
        keep state
# filter rules for dmz interface outbound
pass out on $dmz_if proto tcp from any to $wwwserv port { 21, \
        > 49151 } flags S/SA keep state queue net_dmz_misc
pass out on $dmz_if proto tcp from any to $wwwserv port 80 \
        flags S/SA keep state queue net_dmz_http
pass out on $dmz_if proto tcp from $int_nets to $wwwserv port { 80, \
        21, > 49151 } flags S/SA keep state queue internal_dmz
The queue directives and filter rules were copied from the FAQ. I removed
most of the comments for brevity's sake, replaced the interface names with
macros and added 'keep state' statement to the end of lines 48 and 49 but
left the rest of the configuration intact.
According to the FAQ, the IT department's network should be able to utilize
more than the reserved 500Kbps when downloading from the Internet, if extra
bandwidth is available. However, when I test this in my environment the
download rate never exceeds 500Kbps. From the 'pfctl -sq -vv' output I
(perhaps incorrectly) understand that the it_int queue fills up but doesn't
borrow bandwidth from the net_int (the parent) queue.
queue root_fxp2 bandwidth 100Mb priority 0 cbq( wrr root ) {net_int, www_int}
  [ pkts:       4288  bytes:    6217280  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:    41.7 packets/s, 492.74Kb/s ]
queue  net_int bandwidth 1Mb {std_int, it_int, boss_int}
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   std_int bandwidth 1Mb cbq( default )
  [ pkts:          1  bytes:         42  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   it_int bandwidth 500Kb cbq( borrow )
  [ pkts:       4287  bytes:    6217238  dropped pkts:      0 bytes:     0 ]
  [ qlength:  12/ 50  borrows:   2573  suspends:    820 ]
  [ measured:    41.7 packets/s, 492.74Kb/s ]
queue   boss_int bandwidth 1Mb priority 3
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue  www_int bandwidth 100Mb cbq( red )
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
Another thing I've noticed is that when the boss's computer and the IT dept
download from the Internet simultaneously the total bandwidth exceeds the 1
Mbps limit that has been imposed on the net_int queue.
queue root_fxp2 bandwidth 100Mb priority 0 cbq( wrr root ) {net_int, www_int}
  [ pkts:       7527  bytes:   11205187  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:   124.6 packets/s, 1.50Mb/s ]
queue  net_int bandwidth 1Mb {std_int, it_int, boss_int}
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   std_int bandwidth 1Mb cbq( default )
  [ pkts:          2  bytes:        102  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   it_int bandwidth 500Kb cbq( borrow )
  [ pkts:       2621  bytes:    3814188  dropped pkts:      0 bytes:     0 ]
  [ qlength:  13/ 50  borrows:     15  suspends:   1279 ]
  [ measured:    42.6 packets/s, 505.58Kb/s ]
queue   boss_int bandwidth 1Mb priority 3
  [ pkts:       4904  bytes:    7390897  dropped pkts:      0 bytes:     0 ]
  [ qlength:  11/ 50  borrows:      0  suspends:   1628 ]
  [ measured:    82.0 packets/s, 992.55Kb/s ]
queue  www_int bandwidth 100Mb cbq( red )
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
I've tried to solve the problem on my own (Read the pf.conf man page, FAQ
and numerous example configurations I found on the Internet) but have been
unable to solve this problem thus far. Any clues, pointers, etc. are
greatly appreciated.
Best regards,
-- 
Egbert Krook
System/Network Engineer
Amarin Printing and Publishing Public Co., Ltd.