[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Traffic shaping in two directions on bridge

Trevor Talbot said:
> On Saturday, Apr 24, 2004, at 15:12 US/Pacific, Per-Olov Sjöholm wrote:
>> Henning Brauer said:
>>> * Per-Olov Sjöholm <[email protected]> [2004-04-23 23:21]:
>>>> This is fact:
>>>> * Queue on the outgoing interface
>>>> * On a bridge it is according to the FAQ at OpenBSD "STRONGLY"
>>>> recommended to filter on just ONE interface and pass everything on
>>>> the other. (Have not read that much to take a debate on this...)
>>> but there's nor much relation between those two.
>>> you can filter on just one interface and queue on all.
>> Yes I know... I think I could have choosen my words better. The reason
>> for the question in the first place was that I have seen many bridge
>> examples where people have followed the FAQ blindly, and done
>> everything on the same interface (filter and queueing), and just "pass
>> on xxx all" (with NO queueing) on the other. And this even though they
>> queue in both directions.
>> So... The queueing must be done on the outgoing interface, no matter
>> if it's set up as a bridge or not. Right ? This means that over 90% of
>> all bridge examples I have seen on the net where queueing takes place
>> in two directions are wrong. Or did I mess something up here ?
> You missed what Henning said next:
>>> you just classify unsing pf, adding mbuf tags telling the queueing
>>> code (which lives much further down the chain) where to enqueue.
>>> wether you write the tag on the same interface as the queues lives on
>>> or not doesn't matter (except for the packets leave kernel land in
>>> between, aka ftp-proxy etc, obviously).
> The actual queues themselves ("altq on ...") only apply to packets
> going out their interfaces, but pf can direct traffic to them ("pass
> .. queue") from anywhere.
Yes. Packet tagging is nice. But many examples I have seen did not use
"altq on" on both interfaces even though it was totaly clear they wanted
to queue in two directions. They only enabled altq on their primary
filtering inteface on the bridge.
However, I think this discussion cleared out what I already thought was
right. And that queueing on a bridge is the same thing.