Date: Sun, 14 Nov 2004 18:32:54 +0200 From: "Shane James" <shane@virtek.co.za> To: "Max Laier" <max@love2party.net>, <freebsd-pf@freebsd.org> Subject: Re: FreeBSD ALTQ + PF Problem Message-ID: <008b01c4ca67$98851fc0$320a0a0a@uranus>
next in thread | raw e-mail | index | archive | help
Sorry about that one, here is my current rule set.. it's small as I'm =
just=20
trying to get it to work, for now. It seems the traffic is being =
assigned to the que, it's just not limiting it correctly
Here's what it looks like after I do a 'pfctl -vvsq'
queue argon_u bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb )=20
[ pkts: 4 bytes: 676 dropped pkts: 0 bytes: =
0 ]
[ qlength: 0/ 50 ]
queue argon_d bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb )=20
[ pkts: 5 bytes: 613 dropped pkts: 0 bytes: =
0 ]
[ qlength: 0/ 50 ]
Macros
uplink_if=3D"sis0" # External Interface
hosting_if=3D"rl0" # Internal Interface
access_if=3D"rl1" # Access Network
# Options: tune the behavior of pf, default values are given.
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface none
set optimization normal
set block-policy drop
set require-order yes
#set fingerprints "/etc/pf.os"
# Normalization
scrub in all
# ALTQ
altq on $uplink_if bandwidth 10Mb hfsc queue { dflt_u, argon_u }
queue argon_u hfsc(realtime 64Kb upperlimit 64Kb)
queue dflt_u hfsc(default upperlimit 128Kb)
altq on $hosting_if bandwidth 10Mb hfsc queue { dflt_d, argon_d }
queue argon_d hfsc(realtime 64Kb upperlimit 64Kb)
queue dflt_d hfsc(default upperlimit 128Kb)
# argon.virtek.co.za
pass out on $uplink_if from 196.23.168.137 to any keep state queue =
argon_u
pass out on $hosting_if from any to 196.23.168.137 keep state queue =
argon_d
block in on $uplink_if proto tcp from any to 196.23.168.137 port 22
On Saturday 13 November 2004 21:58, Shane James wrote:
> Hey guys,
>
> I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD
> uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD =
5.2.1-RELEASE-p11=20
> #1:
> Sat Nov 13 15:59:38 SAST 2004
> root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK
> i386)
>
> The Traffic I assign to queue's does not get limited according to the
> specific limit, it only get's limited by the global bandwidth limited
> assign to the specific NIC.
> e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... =
but
> it performs at 256Kb which is what the NIC is set to. therefore not =
being
> assigned to it's designated queue. is it at all possible that this is =
a
> problem perhaps with my Network cards... if not... any suggestions?
>
> pf.conf
>
> altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u }
> queue argon_u hfsc(realtime 64Kb upperlimit 64Kb)
> queue dflt_u hfsc(default upperlimit 128Kb)
>
> altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d }
> queue argon_d hfsc(realtime 64Kb upperlimit 64Kb)
> queue dflt_d hfsc(default upperlimit 128Kb)
>
> #assign argon traffic
> pass out on $uplink_if from 196.23.168.137 to any keep state queue =
argon_u
> pass out on $hosting_if from any to 196.23.168.137 keep state queue=20
> argon_d
I assume that is not your *complete* ruleset?!? Can everybody please =
post
complete rulesets when asking for help? It is okay to emphasize the =
parts
that you think are important as it will help to understand the problem, =
but
giving advice or debugging it impossible without the complete ruleset.
Other than that, what does "$pfctl -vvsq" tell you? Does it show that=20
traffic
is being assigned to the small queue at all?
--=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008b01c4ca67$98851fc0$320a0a0a>