[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Traffic shaping in two directions on bridge
jared r r spiegel said:
> On Thu, Apr 22, 2004 at 09:21:51AM +0200, Per-Olov Sjöholm wrote:
>> If you have a std firewall not set up as a bridge everything is clear
>> (shape on the outgoing interface).
>> But if you want to shape traffic on both directions on a bridge ?
> so you're asking two questions at once it seems?
> yeah, std firewall and you wanna queue your upload, shape on ISP-facing
> interface. if you want to shape traffic on both directions, you can
> approach that by shaping your upload on ISP-facing iface and shaping
> download on LAN-facing iface.
> as far as shaping both on a bridge:
>> Let say fxp1 is on the outside and fxp0 on the inside.
>> Will you then pass everything in both directions on fxp0 and do ALL
>> and shaping on fxp1 no matter of direction?
>> Will the shaping work in the bridge case for traffice coming IN to fxp1
>> Is there any guidelines for bridge setups with PF ?
>> What is the wise way in this setup ?
> i really don't know if the scenario is any different for a bridge, but
> i do queueing on both packets from my LAN to the world ( upload )
> and also on the LAN-facing (internal) interface, queueing on packets
> which are either between the firewall and a LAN host as one set of
> queues ( for 100Mb ), and for packets which are from the world and
> going back to a LAN host ( for my ADSL download ).
> for things like ftp proxy, that would normally match firewall<->LAN
> rules, so i make a special rule for 'from firewall to lanhost user
> which queues it to the "external/download" queue on the internal iface.
> [ openbsd 3.5 GENERIC ( mar 26 ) // i386 ]
Thanks for the answer.
I am "quite" familliar with PF and with the great altq shaping feature.
But I am not that familliar with queuing on bridges !
This is fact:
* Queue on the outgoing interface
* On a bridge it is according to the FAQ at OpenBSD "STRONGLY" recommended
to filter on just ONE interface and pass everything on the other. (Have
not read that much to take a debate on this...)
So... Do I need to break the recommendation to filter on just one
interface and filter on both (my brain say so) because I want to shape in
both directions ?
As said, I am not sure how the bridge behaves with queuing. Maybe the key
is to understand why the recommendation is to filter on just one
interface... Maybe somebody could explain why ? Why can't I filter as if
it's not a bridge ?
It would be much appreciated if somebody could come up with info regarding
queueing on bridges, espacially if you want to do it in both directions.