[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interrogation regarding pf + ALTQ

Benjamin Constant wrote:
Hello list,

Hi Benjamin,

		  ...............int_if(in)         ext_if(ou)---------------
   [station_a]		               [bsd_box]		        [station_b]
                  ---------------int_if(ou)        ext_if(in)................

Dotted lines represent incoming traffic that can't be assigned to the
queues defined on the interface (you can't shape incoming traffic).
Dashed lines represent outgoing traffic that can be shaped trough the
queues defined on the interface (outgoing traffic).


Shape the traffic according to the maximum bandwidth available for
both incoming and outgoing traffic on the leased line.

It's unnecessary to shape the incoming traffic; let those bits flow as fast as possible. The only thing I would recommend is prioritizing certain traffic as needed (i.e., interactive traffic, voice, etc). Shaping the outbound is a good idea, however. You want to avoid the ISP dropping packets that exceed the 2Mbps limit on the line.

What I understand:

As I can't shape the traffic coming from station_b to station_a on the
ext_if, the only way for me to rate limit incoming traffic is to
define a queue with a maximum bandwidth of 2Mbits on the int_if but

That's correct, but again, it's not necessary.

what about the outgoing traffic on the external interface ? Is it
enough to define a queue with a maximum bandwidth of 2Mbits on the
ext_if ?


When a packet is matching a state, is it still at least evaluated for queueing ?


Are there documents that clearly describes the flow of packets
crossing a bsd box running pf + ALTQ ?


altq on $ext_if cbq bandwidth $bwdth queue { internet, vpn, sla, dbg }

# Main children queues
# We have decided to split the traffic into 3 main queues as follow:
# - Internet queue is dedicated to internet traffic
# - Vpn queue is used for traffic between sites (trough vpn).
# - Sla queue is used as a quality of service queue for specific hosts
or services.

# Internet queue
queue internet bandwidth 512Kb priority 1 cbq { i_default, i_high }
queue i_default priority 5 cbq(borrow)
queue i_high priority 6 cbq(borrow)

# Default and vpn queue
queue vpn bandwidth 1Mb priority 2 cbq(default, borrow) { v_low,
v_mon, v_normal, v_high, v_critical, v_default }
queue v_low priority 4 cbq(borrow)
queue v_mon bandwidth 128Kb priority 4 cbq(ecn)
queue v_normal priority 5 cbq(borrow)
queue v_high priority 6 cbq(borrow)
queue v_critical priority 7 cbq(borrow)
queue v_default priority 5 cbq(borrow)

# Sla queue
queue sla bandwidth 512Kb priority 2 cbq(borrow)

# Debugging queue
queue dbg priority 2 { d_in, d_out }
queue d_in priority 5 cbq(borrow)
queue d_out priority 5 cbq(borrow)

Every CBQ queue MUST specify 'bandwidth'; this is enforced in OpenBSD 3.7. Also, look at enabling RED on your queues that contain TCP traffic.