Date: Thu, 12 Feb 2009 06:31:41 -0600 From: eculp <eculp@encontacto.net> To: Tom Uffner <tom@uffner.com> Cc: freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer Message-ID: <20090212063141.11024jm7bsi7shio@econet.encontacto.net> In-Reply-To: <4993EB42.2020503@uffner.com> References: <76463C1E8CB14B958088F7E54C611560@ashevchenko> <493634DA.7000408@infoweapons.com> <20081203071940.324735uokbfgyh6o@econet.encontacto.net> <4993EB42.2020503@uffner.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Tom Uffner <tom@uffner.com>: > eculp wrote: > >> I don't remember why but for some reason I have the idea that >> pf+altq is not bidirectional. Am I mistaken? > > no solution that does not involve cooperation from your upstream > connection(s) is truly bidirectional. it is easy to limit/shape > your outbound traffic. on the other hand it is difficult if not > impossible to unilaterally control the amount or sources of inbound > data arriving at your border router(s) on it's way to various > applications (mail servers, for example). > > you can _pretend_ to by dropping, queuing or otherwise limiting it > once inside your network, but you cannot meaningfully prevent it from > using your downlink bandwidth and potentially crowding out other, > possibly more desirable, inbound data. > Hi, Tom. Thanks for responding. As I read your answer and my question. I'm pretty sure that I probably didn't ask the question properly. What I need to do is be intermediary between my upstream ISP's and my customers and would like to control the bandwidth hogs. Basically, I want certain outgoing traffic based on port to go to ISP1 and all other, not blocked, ports to go to the other while limiting the available internal bandwidth to each downstream client say to 64k if and if borrowing is possible when traffic is low, great. I did something like this with IPFW and dummynet maybe 6 or more years ago and as I remember, worked and solved an immediate problem of downstream demand not being distributed adequately or equitably. The major differences were connection speed and there was only one isp. I've looked at: http://www.openbsd.org/faq/pf/pools.html It ether doesn't do what I want or I don't understand how to make it do what I want. I am considering going back to IPFW and dummynet but now that I'm using PF, I am a bit lazy to try and integrate what I have in pf to IPFW. Thanks for any help, advice, configuration examples, etc. ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090212063141.11024jm7bsi7shio>