From owner-freebsd-pf@FreeBSD.ORG Mon Mar 16 11:07:00 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 583B4106568A for ; Mon, 16 Mar 2009 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2B1178FC2B for ; Mon, 16 Mar 2009 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n2GB70g6043343 for ; Mon, 16 Mar 2009 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n2GB6xd1043339 for freebsd-pf@FreeBSD.org; Mon, 16 Mar 2009 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Mar 2009 11:06:59 GMT Message-Id: <200903161106.n2GB6xd1043339@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2009 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/132176 pf [pf] pf stalls connection when using route-to [regress o kern/130977 pf [netgraph][pf] kernel panic trap 12 on user connect to o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/129060 pf [pf] [tun] pf doesn't forget the old tun IP o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o conf/127511 pf [patch] /usr/sbin/authpf: add authpf folders to BSD.ro o kern/127439 pf [pf] deadlock in pf o kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/82271 pf [pf] cbq scheduler cause bad latency 31 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 09:14:14 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90DA910656BF; Wed, 18 Mar 2009 09:14:14 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 654C68FC18; Wed, 18 Mar 2009 09:14:14 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n2I9EEYf099703; Wed, 18 Mar 2009 09:14:14 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n2I9EEYa099693; Wed, 18 Mar 2009 09:14:14 GMT (envelope-from linimon) Date: Wed, 18 Mar 2009 09:14:14 GMT Message-Id: <200903180914.n2I9EEYa099693@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/132769: [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtentry / ifnet during early boot X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 09:14:16 -0000 Old Synopsis: 2 LOR's with pf task mtx / ifnet and rtentry / ifnet during early boot New Synopsis: [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtentry / ifnet during early boot Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Wed Mar 18 09:13:40 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=132769 From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 13:17:49 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAC361065676 for ; Wed, 18 Mar 2009 13:17:49 +0000 (UTC) (envelope-from pgoggins@cc.edu) Received: from xmail.cc.edu (xmail.cc.edu [140.104.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 8C9638FC1B for ; Wed, 18 Mar 2009 13:17:49 +0000 (UTC) (envelope-from pgoggins@cc.edu) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 Date: Wed, 18 Mar 2009 08:16:48 -0500 Message-ID: In-Reply-To: <49A8FED7.3000603@ngc.net.ua> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: pf rdr not redirecting completely Thread-Index: AcmZj79QZc2QaIDIQQugaRP7qaEdpgALWDSw References: <49A7D547.9040801@ngc.net.ua> <49A811D4.5030900@uffner.com><49A8177B.9010209@ngc.net.ua> <49A85BD4.7050105@uffner.com> <49A8FED7.3000603@ngc.net.ua> From: "Patrick Goggins" To: Subject: pf rdr not redirecting completely X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 13:17:50 -0000 SSdtIHJ1bm5pbmcgaW50byBhIHByb2JsZW0gd2l0aCBhIHRyYW5zcGFyZW50IGJyaWRnZSBhbmQg dGhlIHJkciBmdW5jdGlvbmFsaXR5IHdoZXJlIHdoZW4gYSBkZXZpY2UgaGl0cyB0aGUgcnVsZSB0 aGV5IGFyZSBiZWluZyByZWRpcmVjdCBidXQgYXJlIHVuYWJsZSB0byBmdWxseSBjb25uZWN0IHRv IHRoZSBzZXJ2ZXIuDQoNCg0KUGYgaXMgc2V0IHRvIHNraXAgb24gdGhlIG1hbmFnZW1lbnQsIGV4 dGVybmFsLCBhbmQgYnJpZGdlZCBpbnRlcmZhY2VzOyBmaWx0ZXJpbmcgaXMganVzdCBvbiB0aGUg aW50ZXJuYWwgaW50ZXJmYWNlLg0KDQpFdGgwOiAxNzIuMjAuNS4yNDAgKG1hbmFnZW1lbnQgaW50 ZXJmYWNlLCBhbHNvIHNlcnZpbmcgYXBhY2hlIHBhZ2VzKQ0KRXRoMTogZXh0ZXJuYWwsIG5vbi1h ZGRyZXNzZWQNCkV0aDI6IGludGVybmFsLCBub24tYWRkcmVzc2VkDQpCcmlkZ2UwOiBicmlkZ2Ug YmV0d2VlbiBFdGgxIGFuZCBFdGgyDQpFdGgwIGFuZCBFdGgxIGFyZSBvbiB0aGUgc2FtZSB2bGFu DQoNCltMYW4gd2hlcmUgMTcyLjIwLjUuMjQwIHJlc2lkZXNdLS0tW21hbmFnZWQgc3dpdGNoXS0t LVtleHRlcm5hbCBpbnRlcmZhY2VdLS0tLVticmlkZ2UwXS0tLS0tW2ludGVybmFsIGludGVyZmFj ZV0tLS0tLS1bdW5tYW5hZ2VkIHN3aXRjaF0tLS0tLS1bdGVzdCBzeXN0ZW1dDQoNCkhlcmUncyB0 aGUgcnVsZSBJJ20gdHJ5aW5nIHRvIHJ1bjoNCg0KcmRyIG9uICRpbnRfaWYgcHJvdG8gdGNwIGZy b20gMTcyLjIwLjAuMC8xNiB0byBhbnkgcG9ydCB7ODAsIDQ0M30gLT4gMTcyLjIwLjY4LjMxIHBv cnQgODANCg0KYWRkaXRpb25hbGx5IHRoZSBmb2xsb3dpbmcgcnVsZXMgYXBwbHk6DQoNCnBhc3Mg cXVpY2sgb24gJGludF9pZiBwcm90byB0Y3AgZnJvbSBhbnkgdG8gYW55DQoNCg0KV2hlbiB0ZXN0 aW5nIHRoZSByZHIgcnVsZSBvbiBhbm90aGVyIGlwIDE3Mi4yMC41LjIzOSAoYW5vdGhlciBwaHlz aWNhbCBzZXJ2ZXIpLCB0aGUgcnVsZSB3b3JrcyBjb3JyZWN0bHkuIEknbSB0aGlua2luZyBpdCdz IGhhdmluZyBpc3N1ZXMgZ29pbmcgb3V0IGFuZCB0aGVuIGNvbWluZyBiYWNrIGluIGJlY2F1c2Ug aXQncyBzZWVpbmcgdGhlIHJlcXVlc3QgdHdpY2UgYW5kIGRyb3BwaW5nIGl0Pz8/IA0KDQoNCg0K flBhdHJpY2sNCg== From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 13:21:00 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ECA0E106564A for ; Wed, 18 Mar 2009 13:21:00 +0000 (UTC) (envelope-from pgoggins@cc.edu) Received: from xmail.cc.edu (xmail.cc.edu [140.104.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id BD3188FC2C for ; Wed, 18 Mar 2009 13:21:00 +0000 (UTC) (envelope-from pgoggins@cc.edu) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 Date: Wed, 18 Mar 2009 08:20:01 -0500 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: pf rdr not redirecting completely (Correction) Thread-Index: AcmZj79QZc2QaIDIQQugaRP7qaEdpgALWDSwA4O+knA= References: <49A7D547.9040801@ngc.net.ua><49A811D4.5030900@uffner.com><49A8177B.9010209@ngc.net.ua><49A85BD4.7050105@uffner.com> <49A8FED7.3000603@ngc.net.ua> From: "Patrick Goggins" To: Subject: pf rdr not redirecting completely (Correction) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 13:21:01 -0000 U2xpZ2h0IGNvcnJlY3Rpb246DQoNCldvcmtpbmcgcnVsZQ0KcmRyIG9uICRpbnRfaWYgcHJvdG8g dGNwIGZyb20gMTcyLjIwLjAuMC8xNiB0byBhbnkgcG9ydCB7ODAsIDQ0M30gLT4gMTcyLjIwLjUu MjM5IHBvcnQgODANCg0KcnVsZSBhdHRlbXB0aW5nIGJ1dCBkb2VzIG5vdCB3b3JrDQpyZHIgb24g JGludF9pZiBwcm90byB0Y3AgZnJvbSAxNzIuMjAuMC4wLzE2IHRvIGFueSBwb3J0IHs4MCwgNDQz fSAtPiAxNzIuMjAuNS4yNDAgcG9ydCA4MA0KDQoNCn5QYXRyaWNrDQoNCi0tLS0tT3JpZ2luYWwg TWVzc2FnZS0tLS0tDQpGcm9tOiBvd25lci1mcmVlYnNkLXBmQGZyZWVic2Qub3JnIFttYWlsdG86 b3duZXItZnJlZWJzZC1wZkBmcmVlYnNkLm9yZ10gT24gQmVoYWxmIE9mIFBhdHJpY2sgR29nZ2lu cw0KU2VudDogV2VkbmVzZGF5LCBNYXJjaCAxOCwgMjAwOSA4OjE3IEFNDQpUbzogZnJlZWJzZC1w ZkBmcmVlYnNkLm9yZw0KU3ViamVjdDogcGYgcmRyIG5vdCByZWRpcmVjdGluZyBjb21wbGV0ZWx5 DQoNCkknbSBydW5uaW5nIGludG8gYSBwcm9ibGVtIHdpdGggYSB0cmFuc3BhcmVudCBicmlkZ2Ug YW5kIHRoZSByZHIgZnVuY3Rpb25hbGl0eSB3aGVyZSB3aGVuIGEgZGV2aWNlIGhpdHMgdGhlIHJ1 bGUgdGhleSBhcmUgYmVpbmcgcmVkaXJlY3QgYnV0IGFyZSB1bmFibGUgdG8gZnVsbHkgY29ubmVj dCB0byB0aGUgc2VydmVyLg0KDQoNClBmIGlzIHNldCB0byBza2lwIG9uIHRoZSBtYW5hZ2VtZW50 LCBleHRlcm5hbCwgYW5kIGJyaWRnZWQgaW50ZXJmYWNlczsgZmlsdGVyaW5nIGlzIGp1c3Qgb24g dGhlIGludGVybmFsIGludGVyZmFjZS4NCg0KRXRoMDogMTcyLjIwLjUuMjQwIChtYW5hZ2VtZW50 IGludGVyZmFjZSwgYWxzbyBzZXJ2aW5nIGFwYWNoZSBwYWdlcykNCkV0aDE6IGV4dGVybmFsLCBu b24tYWRkcmVzc2VkDQpFdGgyOiBpbnRlcm5hbCwgbm9uLWFkZHJlc3NlZA0KQnJpZGdlMDogYnJp ZGdlIGJldHdlZW4gRXRoMSBhbmQgRXRoMg0KRXRoMCBhbmQgRXRoMSBhcmUgb24gdGhlIHNhbWUg dmxhbg0KDQpbTGFuIHdoZXJlIDE3Mi4yMC41LjI0MCByZXNpZGVzXS0tLVttYW5hZ2VkIHN3aXRj aF0tLS1bZXh0ZXJuYWwgaW50ZXJmYWNlXS0tLS1bYnJpZGdlMF0tLS0tLVtpbnRlcm5hbCBpbnRl cmZhY2VdLS0tLS0tW3VubWFuYWdlZCBzd2l0Y2hdLS0tLS0tW3Rlc3Qgc3lzdGVtXQ0KDQpIZXJl J3MgdGhlIHJ1bGUgSSdtIHRyeWluZyB0byBydW46DQoNCnJkciBvbiAkaW50X2lmIHByb3RvIHRj cCBmcm9tIDE3Mi4yMC4wLjAvMTYgdG8gYW55IHBvcnQgezgwLCA0NDN9IC0+IDE3Mi4yMC42OC4z MSBwb3J0IDgwDQoNCmFkZGl0aW9uYWxseSB0aGUgZm9sbG93aW5nIHJ1bGVzIGFwcGx5Og0KDQpw YXNzIHF1aWNrIG9uICRpbnRfaWYgcHJvdG8gdGNwIGZyb20gYW55IHRvIGFueQ0KDQoNCldoZW4g dGVzdGluZyB0aGUgcmRyIHJ1bGUgb24gYW5vdGhlciBpcCAxNzIuMjAuNS4yMzkgKGFub3RoZXIg cGh5c2ljYWwgc2VydmVyKSwgdGhlIHJ1bGUgd29ya3MgY29ycmVjdGx5LiBJJ20gdGhpbmtpbmcg aXQncyBoYXZpbmcgaXNzdWVzIGdvaW5nIG91dCBhbmQgdGhlbiBjb21pbmcgYmFjayBpbiBiZWNh dXNlIGl0J3Mgc2VlaW5nIHRoZSByZXF1ZXN0IHR3aWNlIGFuZCBkcm9wcGluZyBpdD8/PyANCg0K DQoNCn5QYXRyaWNrDQo= From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 19:46:10 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C689410656BC for ; Wed, 18 Mar 2009 19:46:10 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id 4A5F88FC0A for ; Wed, 18 Mar 2009 19:46:10 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 36927 invoked from network); 18 Mar 2009 19:19:28 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 18 Mar 2009 19:19:28 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Wed, 18 Mar 2009 13:19:28 -0600 (MDT) Message-ID: <60287.216.241.167.212.1237403968.squirrel@webmail.pknet.net> Date: Wed, 18 Mar 2009 13:19:28 -0600 (MDT) From: "Peter" To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 19:46:11 -0000 iH, Can't figure this out - seems as if others are having the same issue searching online: The queues will not borrow from parent. pf.conf [cut and snipped] altq on fxp0 cbq bandwidth 100Mb qlimit 500 queue {intranet, extranet} queue extranet bandwidth 876Kb { poshta,abakan,usrx11,imvas } queue poshta bandwidth 34% priority 7 cbq(borrow) queue abakan bandwidth 22% priority 2 cbq(borrow) queue usrx11 bandwidth 22% priority 1 cbq(borrow) queue imvas bandwidth 22% priority 1 cbq(borrow) queue intranet bandwidth 90Mb cbq(default) pass in quick proto tcp from any to $poshta_ip port {http} keep state queue poshta pass in quick proto tcp from 172.20.1.13/24 to $poshta_intranet_ip keep state queue intranet On fxp0 I have both internal address and several external addresses. Doing an http get on a large file internally = fast Although all other IPs are not in use, doing the same http get via external address, max transfer rate I get is ~37KB If I change that line from 'queue poshta' to 'queue intranet' the same http get goes at ~100KB - So I'm sure it's that one line causing the slowness. So, it seems that the queue is not borrowing from the parent. I've changed all other queues from 22% to 12% [leaving poshta at 34%], my http is still not going faster than ~37KB. Does cbq(borrow) work as advertised? borrow - the queue can borrow bandwidth from its parent. This can only be specified when using the cbq scheduler. With only one NIC, I'm trying to always guarantee the intranet high speed, and the external IPs prioritized - With no ability to nest with priq, can't use that. Whats a good way to dynamically prioritize/queue traffic based on IP? Anyone done this successfully with pf, altq, cbq(borrow)? ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 20:49:26 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B232106567B for ; Wed, 18 Mar 2009 20:49:26 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id 41EEE8FC12 for ; Wed, 18 Mar 2009 20:49:26 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy3.bredband.net (7.3.139) id 49C0B9D700052CED for freebsd-pf@freebsd.org; Wed, 18 Mar 2009 21:28:59 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvM8AKf2wElV4jp1PGdsb2JhbACBT4dKg2WHUoEZAQEBATW9fIN8Bg X-IronPort-AV: E=Sophos;i="4.38,386,1233529200"; d="scan'208";a="497247010" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 18 Mar 2009 21:28:59 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2IKSuJ5013331 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 18 Mar 2009 21:28:58 +0100 (CET) (envelope-from pp@pp.dyndns.biz) Message-ID: <49C15988.6070007@pp.dyndns.biz> Date: Wed, 18 Mar 2009 21:28:56 +0100 From: Pojken Purken User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <60287.216.241.167.212.1237403968.squirrel@webmail.pknet.net> In-Reply-To: <60287.216.241.167.212.1237403968.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 20:49:27 -0000 Peter wrote: > iH, > Can't figure this out - seems as if others are having the same issue > searching online: > The queues will not borrow from parent. > > pf.conf [cut and snipped] > > altq on fxp0 cbq bandwidth 100Mb qlimit 500 queue {intranet, extranet} > queue extranet bandwidth 876Kb { poshta,abakan,usrx11,imvas } > queue poshta bandwidth 34% priority 7 cbq(borrow) > queue abakan bandwidth 22% priority 2 cbq(borrow) > queue usrx11 bandwidth 22% priority 1 cbq(borrow) > queue imvas bandwidth 22% priority 1 cbq(borrow) > queue intranet bandwidth 90Mb cbq(default) > You need to add "borrow" to your default queue. That's where the spare bandwidth is, not the root queue. As it is defined now, your child queues below extranet can only borrow bandwidth from each other. If you add borrow to your default queue, extranet can borrow from intranet and share that to its child queues. /Morgan From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 20:56:27 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FB71106566B for ; Wed, 18 Mar 2009 20:56:27 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from proxy2.bredband.net (proxy2.bredband.net [195.54.101.72]) by mx1.freebsd.org (Postfix) with ESMTP id 26B6A8FC19 for ; Wed, 18 Mar 2009 20:56:27 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy2.bredband.net (7.3.139) id 49C0BA2100057CAF for freebsd-pf@freebsd.org; Wed, 18 Mar 2009 21:35:41 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvM8ANP3wElV4jp1PGdsb2JhbACBT4dKg2WHUoEZAQEBATW+BoN8Bg X-IronPort-AV: E=Sophos;i="4.38,386,1233529200"; d="scan'208";a="497248334" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 18 Mar 2009 21:35:41 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2IKZeAa013499 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 18 Mar 2009 21:35:41 +0100 (CET) (envelope-from pp@pp.dyndns.biz) Message-ID: <49C15B1C.9030303@pp.dyndns.biz> Date: Wed, 18 Mar 2009 21:35:40 +0100 From: Pojken Purken User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <60287.216.241.167.212.1237403968.squirrel@webmail.pknet.net> In-Reply-To: <60287.216.241.167.212.1237403968.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 20:56:28 -0000 Peter wrote: > iH, > Can't figure this out - seems as if others are having the same issue > searching online: > The queues will not borrow from parent. > > pf.conf [cut and snipped] > > altq on fxp0 cbq bandwidth 100Mb qlimit 500 queue {intranet, extranet} > queue extranet bandwidth 876Kb { poshta,abakan,usrx11,imvas } > queue poshta bandwidth 34% priority 7 cbq(borrow) > queue abakan bandwidth 22% priority 2 cbq(borrow) > queue usrx11 bandwidth 22% priority 1 cbq(borrow) > queue imvas bandwidth 22% priority 1 cbq(borrow) > queue intranet bandwidth 90Mb cbq(default) > Sorry, brain is not working tonight. I reversed extranet and intranet in my previous response. Add "borrow" to your extranet queue. You might as well add it to the intranet queue too if you want it to be able to use those 876Kb if they're available. Sorry again for the noise. And yes, the description of borrowing from the parent queue is ofc correct too... Ireally should stop answering these questions at this time of night... ;-) /Morgan From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 21:30:02 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0853B106566C for ; Wed, 18 Mar 2009 21:30:02 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id 80BC38FC16 for ; Wed, 18 Mar 2009 21:30:01 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 71414 invoked from network); 18 Mar 2009 21:30:00 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 18 Mar 2009 21:30:00 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Wed, 18 Mar 2009 15:30:00 -0600 (MDT) Message-ID: <60015.216.241.167.212.1237411800.squirrel@webmail.pknet.net> Date: Wed, 18 Mar 2009 15:30:00 -0600 (MDT) From: "Peter" To: "Pojken Purken" User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 21:30:02 -0000 > Peter wrote: >> iH, >> Can't figure this out - seems as if others are having the same issue >> searching online: >> The queues will not borrow from parent. >> >> pf.conf [cut and snipped] >> >> altq on fxp0 cbq bandwidth 100Mb qlimit 500 queue {intranet, extranet} >> queue extranet bandwidth 876Kb { poshta,abakan,usrx11,imvas } >> queue poshta bandwidth 34% priority 7 cbq(borrow) >> queue abakan bandwidth 22% priority 2 cbq(borrow) >> queue usrx11 bandwidth 22% priority 1 cbq(borrow) >> queue imvas bandwidth 22% priority 1 cbq(borrow) >> queue intranet bandwidth 90Mb cbq(default) >> > > You need to add "borrow" to your default queue. That's where the spare > bandwidth is, not the root queue. As it is defined now, your child > queues below extranet can only borrow bandwidth from each other. If you > add borrow to your default queue, extranet can borrow from intranet and > share that to its child queues. > /Morgan That's the thing - My uplink upload is maxed out at ~896Kb - even if I send traffic faster, still physically limited by uplink - That is all the bandwidth I want to allocate to my public IPs - I want the children to borrow bandwidth from each other, and prioritize the traffic.. They are not borrowing from each other - From my tests, the 'poshta' queue is never going over 34%. ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Wed Mar 18 22:14:26 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8ED9010656D3 for ; Wed, 18 Mar 2009 22:14:26 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id 44BDC8FC15 for ; Wed, 18 Mar 2009 22:14:26 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy3.bredband.net (7.3.139) id 49C0B9D70005810F for freebsd-pf@freebsd.org; Wed, 18 Mar 2009 22:53:31 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvM8AJQKwUlV4jp1PGdsb2JhbACBT4dKg2WHUoEZAQEBATW+GoI5gUMG X-IronPort-AV: E=Sophos;i="4.38,386,1233529200"; d="scan'208";a="497262820" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 18 Mar 2009 22:53:31 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2ILrUjG014838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 18 Mar 2009 22:53:30 +0100 (CET) (envelope-from freebsd-pf@pp.dyndns.biz) Message-ID: <49C16D5A.5060601@pp.dyndns.biz> Date: Wed, 18 Mar 2009 22:53:30 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <60015.216.241.167.212.1237411800.squirrel@webmail.pknet.net> In-Reply-To: <60015.216.241.167.212.1237411800.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 22:14:27 -0000 Peter wrote: >> Peter wrote: >>> iH, >>> Can't figure this out - seems as if others are having the same issue >>> searching online: >>> The queues will not borrow from parent. >>> >>> pf.conf [cut and snipped] >>> >>> altq on fxp0 cbq bandwidth 100Mb qlimit 500 queue {intranet, extranet} >>> queue extranet bandwidth 876Kb { poshta,abakan,usrx11,imvas } >>> queue poshta bandwidth 34% priority 7 cbq(borrow) >>> queue abakan bandwidth 22% priority 2 cbq(borrow) >>> queue usrx11 bandwidth 22% priority 1 cbq(borrow) >>> queue imvas bandwidth 22% priority 1 cbq(borrow) >>> queue intranet bandwidth 90Mb cbq(default) >>> >> You need to add "borrow" to your default queue. That's where the spare ;-) >> /Morgan > > > That's the thing - My uplink upload is maxed out at ~896Kb - even if I > send traffic faster, still physically limited by uplink - That is all the > bandwidth I want to allocate to my public IPs - I want the children to > borrow bandwidth from each other, and prioritize the traffic.. They are > not borrowing from each other - From my tests, the 'poshta' queue is never > going over 34%. > If your fxp0 is connected to some broadband service where the max upload is 876Kb, then that's what you should define in the root queue - not the link speed of the interface. pf will get its bandwidth calculations completely messed up by the numbers you have entered. You can never define more bandwidth in your queue definitions than you have avaliable on your Internet connection, regardless of link speed to your modem. /Morgan From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 07:27:43 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E804F1065670 for ; Thu, 19 Mar 2009 07:27:43 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from mail.minselhoz.samara.ru (mail.minselhoz.samara.ru [195.128.135.231]) by mx1.freebsd.org (Postfix) with ESMTP id 9CC358FC0C for ; Thu, 19 Mar 2009 07:27:43 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from [94.180.71.150] (helo=[192.168.0.15]) by mail.minselhoz.samara.ru with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LkCMt-000DBm-52 for freebsd-pf@freebsd.org; Thu, 19 Mar 2009 11:08:43 +0400 Message-ID: <49C1EF75.3010204@minselhoz.samara.ru> Date: Thu, 19 Mar 2009 11:08:37 +0400 From: Yuriy Grishin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: synproxy on tuns X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 07:27:44 -0000 Hello, I have some problems connecting to my gateway from elsewhere. A rule 1) pass in on tun0 inet proto tcp from any to 94.180.71.150 port = ssh flags S/SA *modulate* state queue(qssh, qack) allow to connect to the host neatly. If I try to protect sshd with synproxy this way : 2) pass in on tun0 inet proto tcp from any to 94.180.71.150 port = ssh flags S/SA *synproxy* state queue(qssh, qack) a connection stucks. Status "connecting...." never changes (it can take a minute or 10 and even more!) I suppose that some packets of the TCP handshake are approved and some not. Why does it happen? Is encapsulation the roots of problem? Now there is second rule activated and anybody can reproduce the situation. -- Yuriy Grishin From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 14:16:53 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AD40106564A for ; Thu, 19 Mar 2009 14:16:53 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id 0004B8FC08 for ; Thu, 19 Mar 2009 14:16:52 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 33417 invoked from network); 19 Mar 2009 14:16:52 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 19 Mar 2009 14:16:52 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Thu, 19 Mar 2009 08:16:52 -0600 (MDT) Message-ID: <60673.216.241.167.212.1237472212.squirrel@webmail.pknet.net> Date: Thu, 19 Mar 2009 08:16:52 -0600 (MDT) From: "Peter" To: Morgan =?iso-8859-1?Q?Wesstr=F6m?= User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 14:16:53 -0000 > Peter wrote: >>> Peter wrote: >>>> iH, >>>> Can't figure this out - seems as if others are having the same >>>> issue >>>> searching online: >>>> The queues will not borrow from parent. >>>> >>>> pf.conf [cut and snipped] >>>> >>>> altq on fxp0 cbq bandwidth 100Mb qlimit 500 queue {intranet, extranet} >>>> queue extranet bandwidth 876Kb { poshta,abakan,usrx11,imvas } >>>> queue poshta bandwidth 34% priority 7 cbq(borrow) >>>> queue abakan bandwidth 22% priority 2 cbq(borrow) >>>> queue usrx11 bandwidth 22% priority 1 cbq(borrow) >>>> queue imvas bandwidth 22% priority 1 cbq(borrow) >>>> queue intranet bandwidth 90Mb cbq(default) >>>> >>> You need to add "borrow" to your default queue. That's where the spare > > ;-) > >>> /Morgan >> >> >> That's the thing - My uplink upload is maxed out at ~896Kb - even if I >> send traffic faster, still physically limited by uplink - That is all >> the >> bandwidth I want to allocate to my public IPs - I want the children to >> borrow bandwidth from each other, and prioritize the traffic.. They are >> not borrowing from each other - From my tests, the 'poshta' queue is >> never >> going over 34%. >> > > If your fxp0 is connected to some broadband service where the max upload > is 876Kb, then that's what you should define in the root queue - not the > link speed of the interface. pf will get its bandwidth calculations > completely messed up by the numbers you have entered. You can never > define more bandwidth in your queue definitions than you have avaliable > on your Internet connection, regardless of link speed to your modem. > /Morgan fxp0 is connected to broadband ISP _and_ local LAN which is going at 100Mbps - So I have 90Mbps queue defined for 'intranet' 876Kb for 'extranet' - Shouldn't the children of 'extranet' still 'borrow' everything up to 876Kb? - Since I was defining root at 100Mb, I would assume my queues would use up more, instead they are using _exactly_ what is defined for them and refusing to borrow [hence going at 37KB instead of the uplink max of ~100KB]. As soon as I 'up' the 34% to 60%, I get higher dl speeds, although not using/borrowing above the 60%. Changed the 100MB to 896Kb, and set the extranet to 886Kb, the rest for intranet - Still no performance gain. ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 14:50:05 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B778106566C for ; Thu, 19 Mar 2009 14:50:05 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id 210188FC0C for ; Thu, 19 Mar 2009 14:50:04 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy3.bredband.net (7.3.139) id 49C0B9D70009C65B for freebsd-pf@freebsd.org; Thu, 19 Mar 2009 15:50:03 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhI2ALP4wUlV4jp1PGdsb2JhbACBT4suh1OBGQEBAQEeFwu9EYN8Bg X-IronPort-AV: E=Sophos;i="4.38,389,1233529200"; d="scan'208";a="497435451" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 19 Mar 2009 15:50:02 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2JEo03X002311 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 19 Mar 2009 15:50:01 +0100 (CET) (envelope-from freebsd-pf@pp.dyndns.biz) Message-ID: <49C25B98.7070605@pp.dyndns.biz> Date: Thu, 19 Mar 2009 15:50:00 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <60673.216.241.167.212.1237472212.squirrel@webmail.pknet.net> In-Reply-To: <60673.216.241.167.212.1237472212.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 14:50:06 -0000 > fxp0 is connected to broadband ISP _and_ local LAN which is going at I think you have to explain in more detail the physical layout of your setup. > 100Mbps - So I have 90Mbps queue defined for 'intranet' 876Kb for > 'extranet' - Shouldn't the children of 'extranet' still 'borrow' > everything up to 876Kb? - Since I was defining root at 100Mb, I would > assume my queues would use up more, instead they are using _exactly_ what > is defined for them and refusing to borrow [hence going at 37KB instead of > the uplink max of ~100KB]. As soon as I 'up' the 34% to 60%, I get higher > dl speeds, although not using/borrowing above the 60%. I'm slightly confused here. You're talking about download speeds but pf queues only affect upload bandwidth. Assuming it's upload you are referring to and if you want those four child queues to use free bandwidth from "intranet", then you have to add "borrow" to your "extranet" queue. Child queues can only borrow from their parent queue and if you don't have "borrow" on "extranet", that queue will only have 876Kb to share among its child queues. /Morgan From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 16:06:10 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AEAE4106566C for ; Thu, 19 Mar 2009 16:06:10 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id 685098FC1C for ; Thu, 19 Mar 2009 16:06:10 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 62652 invoked from network); 19 Mar 2009 16:06:09 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 19 Mar 2009 16:06:09 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Thu, 19 Mar 2009 10:06:09 -0600 (MDT) Message-ID: <56661.216.241.167.212.1237478769.squirrel@webmail.pknet.net> Date: Thu, 19 Mar 2009 10:06:09 -0600 (MDT) From: "Peter" To: Morgan =?iso-8859-1?Q?Wesstr=F6m?= User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 16:06:13 -0000 >> fxp0 is connected to broadband ISP _and_ local LAN which is going at > I think you have to explain in more detail the physical layout of your > setup. > >> 100Mbps - So I have 90Mbps queue defined for 'intranet' 876Kb for >> 'extranet' - Shouldn't the children of 'extranet' still 'borrow' >> everything up to 876Kb? - Since I was defining root at 100Mb, I would >> assume my queues would use up more, instead they are using _exactly_ >> what >> is defined for them and refusing to borrow [hence going at 37KB instead >> of >> the uplink max of ~100KB]. As soon as I 'up' the 34% to 60%, I get >> higher >> dl speeds, although not using/borrowing above the 60%. > I'm slightly confused here. You're talking about download speeds but pf > queues only affect upload bandwidth. Assuming it's upload you are > referring to and if you want those four child queues to use free > bandwidth from "intranet", then you have to add "borrow" to your > "extranet" queue. Child queues can only borrow from their parent queue > and if you don't have "borrow" on "extranet", that queue will only have > 876Kb to share among its child queues. > > /Morgan Sorry, by dl I mean downloading large file from server to remote desktop - The server is uploading to desktop. I want the children to use all the available bandwidth within the 'extranet' queue - The child 'poshta' queue NEVER goes above using 34%, even though all other queues have no services running on them and 'poshta' is set to borrow. If I leave 'poshta' queue at 34% and set all others to 1%, the 'poshta' queue is still never pushing out more than 34% / 37KB. If I set it to '90%' it pushes out at ~90KB - wondering why it's not borrowing when parent has unused bandwidth. ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 18:50:13 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4861010656BB for ; Thu, 19 Mar 2009 18:50:13 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id F21898FC22 for ; Thu, 19 Mar 2009 18:50:12 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 5933 invoked from network); 19 Mar 2009 18:50:12 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 19 Mar 2009 18:50:12 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Thu, 19 Mar 2009 12:50:12 -0600 (MDT) Message-ID: <62464.216.241.167.212.1237488612.squirrel@webmail.pknet.net> Date: Thu, 19 Mar 2009 12:50:12 -0600 (MDT) From: "Peter" To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: more tests - pf + altq + cbq(borrow) not borrowing from parent X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 18:50:13 -0000 Did more testing: Downloading on workstation from server / Server uploading. I'm dealing only with fxp0, and only one IP and only ssh/sftp running. 7.1-STABLE #0: Sun Feb 8 01:15:45 MST 2009 uploads +/- several KB as they vary during the 1 minute test [100MB tgz file] upload at 100KB: altq on fxp0 cbq bandwidth 896Kb queue {extranet} queue extranet bandwidth 186Kb cbq(default,borrow) upload at 20KB: altq on fxp0 cbq bandwidth 896Kb queue {extranet} queue extranet bandwidth 186Kb cbq(default) upload at 20KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 186Kb cbq(default) upload at 100KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 186Kb cbq(default,borrow) upload at 100KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb cbq(default) upload at 100KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet,intranet} queue extranet bandwidth 186Kb cbq(default,borrow) queue intranet bandwidth 90Mb upload at 40KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet,intranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 34% cbq(borrow,default) queue intranet bandwidth 90Mb upload at 40KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 34% cbq(borrow,default) upload at 20KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 186Kb cbq(borrow,default) In theory and example as seen on http://www.openbsd.org/faq/pf/queueing.html - Example #2: Company Network The poshta queue should borrow fully from the parent queue [extranet], but borrowing seems to _only_ work from the root queue/first level down. Am I missing something here? ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 20:40:47 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7062B106568B for ; Thu, 19 Mar 2009 20:40:47 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from proxy1.bredband.net (proxy1.bredband.net [195.54.101.71]) by mx1.freebsd.org (Postfix) with ESMTP id 25B058FC14 for ; Thu, 19 Mar 2009 20:40:46 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy1.bredband.net (7.3.139) id 49B6DBF7000E4664 for freebsd-pf@freebsd.org; Thu, 19 Mar 2009 21:40:45 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AuxKALtKwklV4jp1PGdsb2JhbAAwgR+LLodJgRgBAQEBHhcLvhGCOIFEBg X-IronPort-AV: E=Sophos;i="4.38,391,1233529200"; d="scan'208";a="497509898" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 19 Mar 2009 21:40:45 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2JKehMD008393 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 19 Mar 2009 21:40:44 +0100 (CET) (envelope-from freebsd-pf@pp.dyndns.biz) Message-ID: <49C2ADCB.7050604@pp.dyndns.biz> Date: Thu, 19 Mar 2009 21:40:43 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <56661.216.241.167.212.1237478769.squirrel@webmail.pknet.net> In-Reply-To: <56661.216.241.167.212.1237478769.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 20:40:47 -0000 > Sorry, by dl I mean downloading large file from server to remote desktop - > The server is uploading to desktop. > I want the children to use all the available bandwidth within the > 'extranet' queue - The child 'poshta' queue NEVER goes above using 34%, > even though all other queues have no services running on them and 'poshta' > is set to borrow. If I leave 'poshta' queue at 34% and set all others to > 1%, the 'poshta' queue is still never pushing out more than 34% / 37KB. > > If I set it to '90%' it pushes out at ~90KB - wondering why it's not > borrowing when parent has unused bandwidth. > > ]Peter[ > I'm pretty much out of ideas then. I'm running an almost identical setup (2 queues below root and 4 child queues in one of them) and it works for me. The only differences are that I borrow between ALL queues and root queue only has 1800Kb bandwidth. Don't know if my config can give you any new insights. altq on em1 cbq bandwidth 1800Kb queue {q_def, q_pri} queue q_def bandwidth 10% qlimit 200 cbq( borrow default ) queue q_pri bandwidth 90% cbq( borrow ) {q_hv, q_p2p, q_p1, q_p2} queue q_hv bandwidth 10% priority 4 qlimit 200 cbq( borrow ) queue q_p2p bandwidth 10% priority 5 qlimit 200 cbq( borrow ) queue q_p1 bandwidth 20% priority 6 cbq( borrow ) queue q_p2 bandwidth 60% priority 7 cbq( borrow ) Evidence of it working perfectly can be seen on second graph here: http://pp.dyndns.biz/pfstat/pfstat.html /M From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 20:46:25 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A3F7106568B for ; Thu, 19 Mar 2009 20:46:25 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from proxy2.bredband.net (proxy2.bredband.net [195.54.101.72]) by mx1.freebsd.org (Postfix) with ESMTP id D3F7D8FC0C for ; Thu, 19 Mar 2009 20:46:24 +0000 (UTC) (envelope-from pp@pp.dyndns.biz) Received: from ironport2.bredband.com (195.54.101.122) by proxy2.bredband.net (7.3.139) id 49C0BA21000BE3A1 for freebsd-pf@freebsd.org; Thu, 19 Mar 2009 21:46:23 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap83ACNMwklV4jp1PGdsb2JhbACBT5QPAQEBAR4XC74Sg3wG X-IronPort-AV: E=Sophos;i="4.38,391,1233529200"; d="scan'208";a="465193200" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport2.bredband.com with ESMTP; 19 Mar 2009 21:46:23 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2JKkK0W008501 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 19 Mar 2009 21:46:22 +0100 (CET) (envelope-from pp@pp.dyndns.biz) Message-ID: <49C2AF1C.3030501@pp.dyndns.biz> Date: Thu, 19 Mar 2009 21:46:20 +0100 From: Pojken Purken User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 To: Peter References: <62464.216.241.167.212.1237488612.squirrel@webmail.pknet.net> In-Reply-To: <62464.216.241.167.212.1237488612.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 20:46:25 -0000 > In theory and example as seen on > http://www.openbsd.org/faq/pf/queueing.html - Example #2: Company Network > > The poshta queue should borrow fully from the parent queue [extranet], > but borrowing seems to _only_ work from the root queue/first level down. > > Am I missing something here? > > ]Peter[ > I think Max has to answer this if he sees this post. In any case I guess you have to be clear about what your available upload bandwidth is on fxp0, it can't be both 100Mb and 876Kb, can it? /M From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 20:56:03 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD6001065674 for ; Thu, 19 Mar 2009 20:56:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id 6087D8FC21 for ; Thu, 19 Mar 2009 20:56:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-045-044.pools.arcor-ip.net [88.66.45.44]) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis) id 0ML21M-1LkPHV3N4n-0007vU; Thu, 19 Mar 2009 21:56:01 +0100 Received: (qmail 45501 invoked from network); 19 Mar 2009 20:56:01 -0000 Received: from fbsd8.laiers.local (192.168.4.200) by laiers.local with SMTP; 19 Mar 2009 20:56:01 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Thu, 19 Mar 2009 21:56:00 +0100 User-Agent: KMail/1.11.0 (FreeBSD/8.0-CURRENT; KDE/4.2.1; i386; ; ) References: <62464.216.241.167.212.1237488612.squirrel@webmail.pknet.net> <49C2AF1C.3030501@pp.dyndns.biz> In-Reply-To: <49C2AF1C.3030501@pp.dyndns.biz> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200903192156.01081.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18ZVNjLPxenfaPBDDU4f64pNz99RLq6mg7fbGj EMwREHluTzf3ltf6H2rnD1xyzEZ6krY/kfb8DNR0861ABV37Xf S/b8vhnHGIc+rU/5JAuaA== Cc: Pojken Purken Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 20:56:04 -0000 On Thursday 19 March 2009 21:46:20 Pojken Purken wrote: > > In theory and example as seen on > > http://www.openbsd.org/faq/pf/queueing.html - Example #2: Company Network > > > > The poshta queue should borrow fully from the parent queue [extranet], > > but borrowing seems to _only_ work from the root queue/first level down. > > > > Am I missing something here? > > > > ]Peter[ > > I think Max has to answer this if he sees this post. In any case I guess > you have to be clear about what your available upload bandwidth is on > fxp0, it can't be both 100Mb and 876Kb, can it? I still don't understand the OP's setup. Peter can you please provide a clear picture of what you are trying to achieve? I have a feeling that you are trying to use ALTQ for shaping incoming traffic - which is a no-go. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 21:08:44 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 020D5106564A for ; Thu, 19 Mar 2009 21:08:44 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id BD3098FC19 for ; Thu, 19 Mar 2009 21:08:43 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 41837 invoked from network); 19 Mar 2009 21:08:42 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 19 Mar 2009 21:08:42 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Thu, 19 Mar 2009 15:08:42 -0600 (MDT) Message-ID: <60058.216.241.167.212.1237496922.squirrel@webmail.pknet.net> Date: Thu, 19 Mar 2009 15:08:42 -0600 (MDT) From: "Peter" To: Morgan =?iso-8859-1?Q?Wesstr=F6m?= User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: pf + altq + cbq(borrow) not borrowing from parent... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 21:08:44 -0000 > >> Sorry, by dl I mean downloading large file from server to remote desktop >> - >> The server is uploading to desktop. >> I want the children to use all the available bandwidth within the >> 'extranet' queue - The child 'poshta' queue NEVER goes above using 34%, >> even though all other queues have no services running on them and >> 'poshta' >> is set to borrow. If I leave 'poshta' queue at 34% and set all others >> to >> 1%, the 'poshta' queue is still never pushing out more than 34% / 37KB. >> >> If I set it to '90%' it pushes out at ~90KB - wondering why it's not >> borrowing when parent has unused bandwidth. >> >> ]Peter[ >> > > I'm pretty much out of ideas then. I'm running an almost identical setup > (2 queues below root and 4 child queues in one of them) and it works for > me. The only differences are that I borrow between ALL queues and root > queue only has 1800Kb bandwidth. Don't know if my config can give you > any new insights. > > altq on em1 cbq bandwidth 1800Kb queue {q_def, q_pri} > queue q_def bandwidth 10% qlimit 200 cbq( borrow default ) > queue q_pri bandwidth 90% cbq( borrow ) {q_hv, q_p2p, q_p1, q_p2} > queue q_hv bandwidth 10% priority 4 qlimit 200 cbq( borrow ) > queue q_p2p bandwidth 10% priority 5 qlimit 200 cbq( borrow ) > queue q_p1 bandwidth 20% priority 6 cbq( borrow ) > queue q_p2 bandwidth 60% priority 7 cbq( borrow ) > > Evidence of it working perfectly can be seen on second graph here: > http://pp.dyndns.biz/pfstat/pfstat.html > upload at 20KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 186Kb cbq(borrow,default) upload at 100KB: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb cbq(borrow) {poshta} queue poshta bandwidth 186Kb cbq(borrow,default) This works, but defeats the purpose of having a queue for the DSL link that is only 896Kb up as the queuing is no longer done at FreeBSD level. I can set to root queue to 896 and all works as needed, but I should be able to do several groups of queuing according to pf faq. I've ran lots of tests in previous email to this list [ http://docs.freebsd.org/cgi/getmsg.cgi?fetch=49104+0+current/freebsd-pf ] The problem is that I want 'poshta' to borrow from parent [extranet], but it doesn't, but for some weird reason when extranet is able to borrow, poshta is able to borrow from extranet - Those are the only lines I have for altq... The parent queue shouldn't need borrow according to pf faq [might be due to new version..?]: ------------------------------------------------ A queue can be configured to borrow bandwidth from its parent if the parent has excess bandwidth available due to it not being used by the other child queues. Consider a queueing setup like this: Root Queue (2Mbps) UserA (1Mbps) ssh (100Kbps) ftp (900Kbps, borrow) UserB (1Mbps) If traffic in the ftp queue exceeds 900Kbps and traffic in the UserA queue is less than 1Mbps (because the ssh queue is using less than its assigned 100Kbps), the ftp queue will borrow the excess bandwidth from UserA. In this way the ftp queue is able to use more than its assigned bandwidth when it faces overload. When the ssh queue increases its load, the borrowed bandwidth will be returned. ------------------------------------------------ That is exactly what I want to do, but its not working as I think/man pf.conf/FAQ says it should... If you remove the borrow from 'q_pri' - do any of the children borrow from each other? Almost seems as if the children are trying to borrow from the root queue, but not the parent/each other. ]Peter[ out of curiosity rebuilding world to -STABLE of today, and perhaps gonna try -CURRENT. From owner-freebsd-pf@FreeBSD.ORG Thu Mar 19 21:17:10 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F352106568E for ; Thu, 19 Mar 2009 21:17:10 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id 27D3D8FC1D for ; Thu, 19 Mar 2009 21:17:10 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 44147 invoked from network); 19 Mar 2009 21:17:09 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 19 Mar 2009 21:17:09 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Thu, 19 Mar 2009 15:17:09 -0600 (MDT) Message-ID: <59450.216.241.167.212.1237497429.squirrel@webmail.pknet.net> Date: Thu, 19 Mar 2009 15:17:09 -0600 (MDT) From: "Peter" To: "Max Laier" User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: Pojken Purken , freebsd-pf@freebsd.org Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 21:17:10 -0000 > On Thursday 19 March 2009 21:46:20 Pojken Purken wrote: >> > In theory and example as seen on >> > http://www.openbsd.org/faq/pf/queueing.html - Example #2: Company >> Network >> > >> > The poshta queue should borrow fully from the parent queue >> [extranet], >> > but borrowing seems to _only_ work from the root queue/first level >> down. >> > >> > Am I missing something here? >> > >> > ]Peter[ >> >> I think Max has to answer this if he sees this post. In any case I guess >> you have to be clear about what your available upload bandwidth is on >> fxp0, it can't be both 100Mb and 876Kb, can it? > > I still don't understand the OP's setup. Peter can you please provide a > clear > picture of what you are trying to achieve? I have a feeling that you are > trying to use ALTQ for shaping incoming traffic - which is a no-go. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 I'm trying to queue outgoing traffic from server. In all tests only pulling data from server via sftp server -> 100MB tgz -> desktop I know the queue rules are working because if I change things around, the speed in the sftp pull of this file changes dramatically. These changes are on the server, nothing is touched/changed on desktop: pf+altq are on the server. altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 186Kb cbq(borrow,default) With this setup, I can download FROM this server to desktop at 20KB If I change to this setup: altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 856Kb cbq(borrow,default) I can download FROM this server to desktop at 100KB the 'poshta' queue does not seem to borrow from it's parent as I understand it should. From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 04:07:32 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AABF106566B for ; Fri, 20 Mar 2009 04:07:32 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id F351F8FC14 for ; Fri, 20 Mar 2009 04:07:31 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 49217 invoked from network); 20 Mar 2009 04:07:31 -0000 Received: from poshta.pknet.net (HELO webmail.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 20 Mar 2009 04:07:31 -0000 Received: from 216.241.167.208 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Thu, 19 Mar 2009 22:07:31 -0600 (MDT) Message-ID: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> Date: Thu, 19 Mar 2009 22:07:31 -0600 (MDT) From: "Peter" To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 04:07:32 -0000 The server was just updated to 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Thu Mar 19 20:00:29 MDT 2009 another test: server <-> 100Mb switch <-> desktop 172.20.1.1 <-switch-> 172.20.1.2 ALL traffic stays on local lan. altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 156Kb cbq(borrow,default) I sftp from desktop to server, and do 'get blob.tgz' download to desktop from server goes at ~20KB vi /etc/pf.conf altq on fxp0 cbq bandwidth 100Mb queue {extranet} queue extranet bandwidth 886Kb {poshta} queue poshta bandwidth 856Kb cbq(borrow,default) /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf I sftp from desktop to server, and do 'get blob.tgz' download to desktop from server goes at ~100KB this is all local file system from /tmp/blob.tgz to /tmp/blob.tgz Going to try this tomorrow with 'server' being -CURRENT/latest snapshot. ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 08:21:34 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F67910656D2 for ; Fri, 20 Mar 2009 08:21:34 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from proxy1.bredband.net (proxy1.bredband.net [195.54.101.71]) by mx1.freebsd.org (Postfix) with ESMTP id B9D4D8FC1C for ; Fri, 20 Mar 2009 08:21:33 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from ironport2.bredband.com (195.54.101.122) by proxy1.bredband.net (7.3.139) id 49B6DBF700104A61 for freebsd-pf@freebsd.org; Fri, 20 Mar 2009 09:21:32 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkdAAArvwklV4jp1PGdsb2JhbACBT4swh0SBGAEBAQEeFwu9X4N9BmE X-IronPort-AV: E=Sophos;i="4.38,394,1233529200"; d="scan'208";a="465263983" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport2.bredband.com with ESMTP; 20 Mar 2009 09:21:32 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2K8LU9G021533 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 20 Mar 2009 09:21:31 +0100 (CET) (envelope-from freebsd-pf@pp.dyndns.biz) Message-ID: <49C3520A.9050500@pp.dyndns.biz> Date: Fri, 20 Mar 2009 09:21:30 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> In-Reply-To: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 08:21:34 -0000 Peter wrote: > The server was just updated to > 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Thu Mar 19 20:00:29 MDT 2009 > > another test: > server <-> 100Mb switch <-> desktop > 172.20.1.1 <-switch-> 172.20.1.2 > ALL traffic stays on local lan. > > altq on fxp0 cbq bandwidth 100Mb queue {extranet} > queue extranet bandwidth 886Kb {poshta} > queue poshta bandwidth 156Kb cbq(borrow,default) > > I sftp from desktop to server, and do 'get blob.tgz' > download to desktop from server goes at ~20KB > > vi /etc/pf.conf > > altq on fxp0 cbq bandwidth 100Mb queue {extranet} > queue extranet bandwidth 886Kb {poshta} > queue poshta bandwidth 856Kb cbq(borrow,default) > > /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf > > I sftp from desktop to server, and do 'get blob.tgz' > download to desktop from server goes at ~100KB > > this is all local file system from /tmp/blob.tgz to /tmp/blob.tgz > > Going to try this tomorrow with 'server' being -CURRENT/latest snapshot. > > ]Peter[ > You are missing "cbq" in your extranet queue definition... don't know how that would affect the behaviour though. Check with pfctl -sq if pf's interpretation of the queue definitions is what you intended. The default queue makes me curious too. Although the man page doesn't give any restrictons to it (other than that there can only be one), I have never seen any example where one of the child queues are used as default queue. Might work perfectly... :-) On a sidenote - although this is an internal LAN with 100Mb you probably can't get that speed during full utilization. Depending on your NIC a more reasonable value would be 80-90% of the linkspeed. This is probably not related to your problem and would only be a potential problem when your trying to use your full bandwidth. Max: Would I be correct in assuming that the bandwidth value for a 100Mb NIC should reflect its real throughput in the root queue definition and not its linkspeed? Regards Morgan From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 08:27:57 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78DAC1065695 for ; Fri, 20 Mar 2009 08:27:57 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from proxy3.bredband.net (proxy3.bredband.net [195.54.101.73]) by mx1.freebsd.org (Postfix) with ESMTP id 2EC0B8FC3B for ; Fri, 20 Mar 2009 08:27:57 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from ironport2.bredband.com (195.54.101.122) by proxy3.bredband.net (7.3.139) id 49C0B9D7000D722A for freebsd-pf@freebsd.org; Fri, 20 Mar 2009 09:27:55 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkdAAD/wwklV4jp1PGdsb2JhbACBT4swh0SBGAEBAQEeFwu9TYN9Bg X-IronPort-AV: E=Sophos;i="4.38,394,1233529200"; d="scan'208";a="465265450" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport2.bredband.com with ESMTP; 20 Mar 2009 09:27:55 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2K8RtAY021654 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 20 Mar 2009 09:27:55 +0100 (CET) (envelope-from freebsd-pf@pp.dyndns.biz) Message-ID: <49C3538A.2090909@pp.dyndns.biz> Date: Fri, 20 Mar 2009 09:27:54 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> In-Reply-To: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 08:27:58 -0000 > queue poshta bandwidth 156Kb cbq(borrow,default) One more thing I notice but don't know if it is related. You have a comma separationg your scheduler options. Examples in man page does not use comma only white space. Once again use pfctl -sq to see how this is actually interpreted. /Morgan From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 08:31:22 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46EA8106564A for ; Fri, 20 Mar 2009 08:31:22 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from mail.minselhoz.samara.ru (mail.minselhoz.samara.ru [195.128.135.231]) by mx1.freebsd.org (Postfix) with ESMTP id E5C0F8FC3F for ; Fri, 20 Mar 2009 08:31:21 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from [94.180.71.150] (helo=[192.168.0.15]) by mail.minselhoz.samara.ru with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Lka8P-000O2a-J9; Fri, 20 Mar 2009 12:31:22 +0400 Message-ID: <49C35446.309@minselhoz.samara.ru> Date: Fri, 20 Mar 2009 12:31:02 +0400 From: Yuriy Grishin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= References: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> <49C3538A.2090909@pp.dyndns.biz> In-Reply-To: <49C3538A.2090909@pp.dyndns.biz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 08:31:23 -0000 Morgan Wesström wrote: >> queue poshta bandwidth 156Kb cbq(borrow,default) >> > > One more thing I notice but don't know if it is related. You have a > comma separationg your scheduler options. Examples in man page does not > use comma only white space. Once again use pfctl -sq to see how this is > actually interpreted. > /Morgan > Both ways are acceptable. -- Yuriy Grishin From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 08:45:34 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8ECA21065674 for ; Fri, 20 Mar 2009 08:45:34 +0000 (UTC) (envelope-from rafal.pajewski@k2.pl) Received: from poczta.k2.pl (poczta.k2.pl [193.200.66.241]) by mx1.freebsd.org (Postfix) with ESMTP id 1B9058FC17 for ; Fri, 20 Mar 2009 08:45:33 +0000 (UTC) (envelope-from rafal.pajewski@k2.pl) Received: (qmail 18441 invoked by uid 1009); 20 Mar 2009 08:58:51 -0000 Received: from 10.1.0.220 by smtp-gw (envelope-from , uid 1002) (clamdscan: 0.94-exp/666. spamassassin: 3.2.5. perlscan: 2.01st. Clear:RC:1(10.1.0.220):. Processed in 0.015668 secs); 20 Mar 2009 08:58:51 -0000 Received: from unknown (HELO [10.1.0.220]) (rafal@[10.1.0.220]) (envelope-sender ) by poczta.k2.pl (K2 email gateway) with AES256-SHA encrypted SMTP for ; 20 Mar 2009 08:58:51 -0000 Message-ID: <49C3516C.1010104@k2.pl> Date: Fri, 20 Mar 2009 09:18:52 +0100 From: Pajewski Rafal User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 8bit Subject: (bez tematu) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 08:45:34 -0000 -- _____________ Pozdrawiam Pajewski Rafa³ Administrator -- K2. Dla nas to mozliwe. K2 Internet S.A. tel. +48 22 448 70 00 faks +48 22 448 71 01 00-145 Warszawa al. Solidarnosci 74 A e-mail: biuro@k2.pl http://www.k2.pl KRS 0000059690 NIP 951-19-83-801 Regon 016378720 Wysokosc kapitalu zakladowego 2.030.000,00 PLN (wplacony w calosci) From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 13:53:40 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 048661065672 for ; Fri, 20 Mar 2009 13:53:38 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with SMTP id AABA18FC20 for ; Fri, 20 Mar 2009 13:53:38 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: (qmail 1261 invoked from network); 20 Mar 2009 13:53:37 -0000 Received: from poshta.pknet.net (HELO pop.pknet.net) (216.241.167.213) by poshta.pknet.net with SMTP; 20 Mar 2009 13:53:37 -0000 Received: from 216.241.167.212 (SquirrelMail authenticated user fbsdq@peterk.org) by webmail.pknet.net with HTTP; Fri, 20 Mar 2009 07:53:37 -0600 (MDT) Message-ID: <65306.216.241.167.212.1237557217.squirrel@webmail.pknet.net> Date: Fri, 20 Mar 2009 07:53:37 -0600 (MDT) From: "Peter" To: Morgan =?iso-8859-1?Q?Wesstr=F6m?= User-Agent: SquirrelMail/1.4.11 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 13:53:40 -0000 > Peter wrote: >> The server was just updated to >> 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Thu Mar 19 20:00:29 MDT 2009 >> >> another test: >> server <-> 100Mb switch <-> desktop >> 172.20.1.1 <-switch-> 172.20.1.2 >> ALL traffic stays on local lan. >> >> altq on fxp0 cbq bandwidth 100Mb queue {extranet} >> queue extranet bandwidth 886Kb {poshta} >> queue poshta bandwidth 156Kb cbq(borrow,default) >> >> I sftp from desktop to server, and do 'get blob.tgz' >> download to desktop from server goes at ~20KB >> >> vi /etc/pf.conf >> >> altq on fxp0 cbq bandwidth 100Mb queue {extranet} >> queue extranet bandwidth 886Kb {poshta} >> queue poshta bandwidth 856Kb cbq(borrow,default) >> >> /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf >> >> I sftp from desktop to server, and do 'get blob.tgz' >> download to desktop from server goes at ~100KB >> >> this is all local file system from /tmp/blob.tgz to /tmp/blob.tgz >> >> Going to try this tomorrow with 'server' being -CURRENT/latest snapshot. >> >> ]Peter[ >> > > You are missing "cbq" in your extranet queue definition... don't know > how that would affect the behaviour though. Check with pfctl -sq if pf's > interpretation of the queue definitions is what you intended. cbq is defined in the root queue that references 'extranet' - Sets fxp0 interface to cbq - according to examples on pf faq, you only need to define cbq if using any of the special cbq options like borrow/red/ecn. [interface can only have one queue] > > The default queue makes me curious too. Although the man page doesn't > give any restrictons to it (other than that there can only be one), I > have never seen any example where one of the child queues are used as > default queue. Might work perfectly... :-) Well I know that the default queue effects my traffic as when I change it, my download on desktop from server goes much faster. If I set it lower, my download goes low - That is all working as designed, but what is not working is the cbq(borrow) option - It just maxes out at whatever I have defined there. No point in setting a hard max for http/imap/smtp/ssh traffic - when one is not being utilized, the extra should be shared. root - parent(borrow) - this borrows from root/works root - parent - child(borrow) - this does not borrow from parent. root - parent(borrow) - child(borrow) - this child borrows from root?? - this works - but this just gives child ability to borrow all of root, I only want child to borrow all of parents bandwidth. > > On a sidenote - although this is an internal LAN with 100Mb you probably > can't get that speed during full utilization. Depending on your NIC a > more reasonable value would be 80-90% of the linkspeed. This is probably > not related to your problem and would only be a potential problem when > your trying to use your full bandwidth. [those are my only 3 altq lines] > > Max: Would I be correct in assuming that the bandwidth value for a 100Mb > NIC should reflect its real throughput in the root queue definition and > not its linkspeed? > > Regards > Morgan Well on LAN 100Mb is the "real throughput" - I'm not concerned on throughput, I'm trying to "prioritize" traffic, experiment with 'borrowing' bandwidth, and testing with only one queue now - This one queue, although it is the only queue, and this box is only on LAN with only sftp going - It will not borrow anything more than what is defined... Without altq, I get throughput in the MB ranges, so it's not a physical limit, the queue is kicking in, but the child is not borrowing from parent when parent is being _very_ underutilized. ]Peter[ From owner-freebsd-pf@FreeBSD.ORG Sat Mar 21 10:02:53 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58C21106564A for ; Sat, 21 Mar 2009 10:02:53 +0000 (UTC) (envelope-from forn@ngs.ru) Received: from smtpout1.ngs.ru (smtpout1.ngs.ru [195.93.186.195]) by mx1.freebsd.org (Postfix) with ESMTP id B08938FC1C for ; Sat, 21 Mar 2009 10:02:52 +0000 (UTC) (envelope-from forn@ngs.ru) Received: from [10.20.40.2] (host-89-31-116-35.academ.org [89.31.116.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: forn@ngs.ru) by smtp.ngs.ru (smtp) with ESMTP id 1E6D837C9DDD1 for ; Sat, 21 Mar 2009 15:43:59 +0600 (NOVT) Message-ID: <49C4B6BC.6040108@ngs.ru> Date: Sat, 21 Mar 2009 15:43:24 +0600 From: forn User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) To: freebsd-pf@freebsd.org References: <65306.216.241.167.212.1237557217.squirrel@webmail.pknet.net> In-Reply-To: <65306.216.241.167.212.1237557217.squirrel@webmail.pknet.net> Content-Transfer-Encoding: 8bit X-Anti-Virus: Kaspersky Anti-Virus for Sendmail with Milter API 5.6.20, bases: 20090321 #1757571, check: 20090321 clean MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2009 10:02:53 -0000 Hello. I'm having the same problem. My system is 7.1-Stable i386. Here's entire pf.conf: ext_if="le0" int_if="le1" all_if="{" $ext_if $int_if "}" localnet="10.20.41.0/24" int_ip="10.20.41.1" ext_ip="10.20.40.61" self="{" $int_ip $ext_ip "}" uplink="10.20.40.1" set skip on lo scrub in altq on $int_if cbq bandwidth 2Mb qlimit 500 queue { defaultq, sshq, localq } queue defaultq bandwidth 500Kb cbq (default) queue sshq bandwidth 100Kb cbq (borrow) queue localq bandwidth 500Kb cbq { www, www5 } queue www bandwidth 100Kb priority 1 cbq (borrow) queue www5 bandwidth 250Kb priority 2 cbq (borrow) nat on $ext_if from $localnet to any -> $ext_ip rdr on $int_if proto tcp from $localnet to any port 80 -> 127.0.0.1 port 3128 block all pass out quick from $self pass in quick proto tcp to $self port ssh queue self_sshq pass quick proto icmp block return on $int_if all pass in quick on $int_if proto tcp from $localnet to 127.0.0.1 port 3128 queue www pass in quick on $int_if proto udp from $localnet to $self port 17094 pass in quick on $int_if proto udp from $localnet to $uplink port 53 pass in quick on $int_if proto tcp from $localnet to $uplink port 55080 queue www5 With this config, speed of traffic in queue www5 never goes higher than 250Kb. But, if queue localq is set to borrow, as follows: altq on $int_if cbq bandwidth 2Mb qlimit 500 queue { defaultq, sshq, localq } queue defaultq bandwidth 500Kb cbq (default) queue sshq bandwidth 100Kb cbq (borrow) queue localq bandwidth 500Kb cbq (borrow) { www, www5 } queue www bandwidth 100Kb priority 1 cbq (borrow) queue www5 bandwidth 250Kb priority 2 cbq (borrow) then queue www5 is able to take the full bandwidth of 2Mb (which is correct). The physical link speed far surpasses 2Mb (actually, these are all virtual machines set up for testing on the same server), so this can't be a problem. From owner-freebsd-pf@FreeBSD.ORG Sat Mar 21 10:28:37 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B38061065686 for ; Sat, 21 Mar 2009 10:28:37 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from mail.minselhoz.samara.ru (mail.minselhoz.samara.ru [195.128.135.231]) by mx1.freebsd.org (Postfix) with ESMTP id 5F2648FC32 for ; Sat, 21 Mar 2009 10:28:37 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from [94.180.156.209] (helo=[192.168.0.15]) by mail.minselhoz.samara.ru with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LkyRQ-0009ks-Ky for freebsd-pf@freebsd.org; Sat, 21 Mar 2009 14:28:36 +0400 Message-ID: <49C4C14D.9090007@minselhoz.samara.ru> Date: Sat, 21 Mar 2009 14:28:29 +0400 From: Yuriy Grishin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <49C1EF75.3010204@minselhoz.samara.ru> In-Reply-To: <49C1EF75.3010204@minselhoz.samara.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: synproxy on tuns X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2009 10:28:38 -0000 update : The address has been changed. Now it's 94.180.156.209 From owner-freebsd-pf@FreeBSD.ORG Sat Mar 21 17:15:02 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D69E4106566C for ; Sat, 21 Mar 2009 17:15:02 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: from mail-bw0-f164.google.com (mail-bw0-f164.google.com [209.85.218.164]) by mx1.freebsd.org (Postfix) with ESMTP id 611D28FC1C for ; Sat, 21 Mar 2009 17:15:02 +0000 (UTC) (envelope-from sullrich@gmail.com) Received: by bwz8 with SMTP id 8so1162519bwz.43 for ; Sat, 21 Mar 2009 10:15:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :received:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=9k19ls43rZl1BWU9TtfEFLuSDw/P2o0vh/deFDUoZxM=; b=sBnrwTwBLg6jgVVzxg1cZfyo1dcpONZx/RdMbApvvkAxAerzR0aRIiXPMDOscn4uQ5 NJjWiHn4WSKYrKTYwWbroZ4xd/2vqqjNQTzCJZjTOkSPfTYA9OOV51I9/lbSYhEHl4LS DS6lfGxA60op8D0TKLDPAJ3alpMB7xmYMvbgA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=BQry9LwSgOoQyc6fvQ7wKhlRuMJTv+GzlQuEg1UfsaKDiJCoSyLtgjkPnJJvUNuo4t bgs3QFShBGsDa7OJWmLVpp+vB1w/We1TkguNKsBxhM9rTP6s6Ktfpp1k9fFo/ArVVZiG Yb5M7yYN8F1IvhnhmSuRUn8I4DlNvBa3auFB8= MIME-Version: 1.0 In-Reply-To: <49C4C14D.9090007@minselhoz.samara.ru> References: <49C1EF75.3010204@minselhoz.samara.ru> <49C4C14D.9090007@minselhoz.samara.ru> Date: Sat, 21 Mar 2009 12:50:14 -0400 Received: by 10.103.214.8 with SMTP id r8mr2251275muq.92.1237654229330; Sat, 21 Mar 2009 09:50:29 -0700 (PDT) Message-ID: From: Scott Ullrich To: Yuriy Grishin Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: synproxy on tuns X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2009 17:15:03 -0000 2009/3/21 Yuriy Grishin : > update : > > The address has been changed. Now it's > 94.180.156.209 See the thread "synproxy state does not work on FreeBSD 7.1-PRERELEASE" Hint: set skip on lo0 Scott From owner-freebsd-pf@FreeBSD.ORG Sat Mar 21 17:34:24 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1C3E10656C4 for ; Sat, 21 Mar 2009 17:34:24 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from mail.minselhoz.samara.ru (mail.minselhoz.samara.ru [195.128.135.231]) by mx1.freebsd.org (Postfix) with ESMTP id 54A978FC1E for ; Sat, 21 Mar 2009 17:34:24 +0000 (UTC) (envelope-from grishin-mailing-lists@minselhoz.samara.ru) Received: from [94.180.156.209] (helo=[192.168.0.15]) by mail.minselhoz.samara.ru with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Ll55S-000J5F-OA for freebsd-pf@freebsd.org; Sat, 21 Mar 2009 21:34:22 +0400 Message-ID: <49C52520.8000609@minselhoz.samara.ru> Date: Sat, 21 Mar 2009 21:34:24 +0400 From: Yuriy Grishin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <49C1EF75.3010204@minselhoz.samara.ru> <49C4C14D.9090007@minselhoz.samara.ru> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: synproxy on tuns X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2009 17:34:25 -0000 Scott Ullrich wrote: > 2009/3/21 Yuriy Grishin : > >> update : >> >> The address has been changed. Now it's >> 94.180.156.209 >> > > See the thread "synproxy state does not work on FreeBSD 7.1-PRERELEASE" > > Hint: set skip on lo0 > > Scott > It's already set; but still doesn't work anyway.