From owner-freebsd-pf@freebsd.org Mon Oct 16 19:38:44 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4254FE430F4 for ; Mon, 16 Oct 2017 19:38:44 +0000 (UTC) (envelope-from ian.freislich@capeaugusta.com) Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F24B869DD3 for ; Mon, 16 Oct 2017 19:38:43 +0000 (UTC) (envelope-from ian.freislich@capeaugusta.com) Received: by mail-qt0-x236.google.com with SMTP id f8so34163862qta.5 for ; Mon, 16 Oct 2017 12:38:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=capeaugusta-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=w9dCbNktwDlHh1P8tpdEgv89twFtc659PiI84xnQjQE=; b=t2m6l3L0z6eAPJXenhxliwVrvCzKXQDstfd0rPbwPGcF9ir9Qi0vfjAxpBdkiEQImo DYDbjaS5d90ZX2M6qhoZC4hLULjhf27tyO12sh1U+qvDox3xKPoBmCu3m4SzplWLbZWA 3P+CzVtY7u9LVRFn9Xirr0zRzEAAexUzsnLbIhLDzEeV04JYGR9HPX7C9i5SBVPRS+Na khxiWOv6hjAxn+EyESrkivqp5ZBUyjuBlX9VaLFduTE1D9Ez/W+IdP4WRXWhEb9MseNp QzC7yY22EgX5+s0g1czNPw2/dxEgEvqYBiiWFm/4ZzWXxQXzba0O+1zwHnpopgRU0kBy TxZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=w9dCbNktwDlHh1P8tpdEgv89twFtc659PiI84xnQjQE=; b=NltfDC6e07AQBALIPdNsH0z664M+xqkEoSbyhxlWCTgQjUU24fzW/+a2aaEHowVdrF nYCe5CW6q6YH8H081zrFwLZrCoAMFdaWbFAiwYn2QUlCezGZ22xR0T3u0zmnkdsadeZi fdEsF6Tsp9uesCSKNzIkYRjzJqwWB3+6ryZPRyD2KtyFG+q9OWfn58iRK9mlr0eyhxNT JAiz1Eq2GgOlbQoAQxlL9Q/Q+jYjXM3RjHQ0x6e/9bWHp3vTTEEPv+0knlQpSVXQcvfe i189p3e5Oi2IE46pv+XwIYkIc64bAOXuUxtNzZ9GI8clgraaDlNFM8DjZHilmIymrBVO ra3w== X-Gm-Message-State: AMCzsaU8pBh+P9Z4Am0NOEoDTHFcA9jZFrQdlMBie0UXsGp4s83SKQcO rTweGN5AR4xd8YchJGFKhvA+gB7KPbc6EnQy6M/XcBGkhEJD183VBXS6t/Bs/S9hzE+xdX9Oghj mm6YToVO0FxN1GKgcgk05eRldd8LR4Y4FnGxJI+IrsyWtYYTjyQYS4+tHC7XymdZayvM54HyiUu dpuD43 X-Google-Smtp-Source: ABhQp+RikcQAtY5/WLYyK9olf49/Z7H2nxJ30ixPxvrDptEB5oom80fglYzzZ7y+8n353ML6IJ+1Ug== X-Received: by 10.129.103.193 with SMTP id b184mr1119970ywc.364.1508182722378; Mon, 16 Oct 2017 12:38:42 -0700 (PDT) Received: from zen.clue.co.za (c-73-217-184-74.hsd1.ga.comcast.net. [73.217.184.74]) by smtp.gmail.com with ESMTPSA id e14sm4034898ywe.1.2017.10.16.12.38.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Oct 2017 12:38:41 -0700 (PDT) Subject: Re: AW: Issue using altq_priq unter FreeBSD 11.1 - help needed To: Rolf Dahmen , Doug Hardie Cc: "freebsd-pf@freebsd.org" References: <201C56274507CA41A05709BADF3703F3761C03@MX01.scientific.de> <088C50D8-0533-4969-939B-62A174598A4B@mail.sermon-archive.info> <201C56274507CA41A05709BADF3703F3761F88@MX01.scientific.de> From: Ian FREISLICH Message-ID: <5819a74f-cc43-8947-24a2-c3ef99825990@capeaugusta.com> Date: Mon, 16 Oct 2017 15:38:41 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <201C56274507CA41A05709BADF3703F3761F88@MX01.scientific.de> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 19:38:44 -0000 On 10/16/17 12:32, Rolf Dahmen wrote: > Thx, Doug > > Understood. We need to define some "pass" commands to map the traffic to = dedicated queues. We=C2=B4ve studied the "pf manual" and are not quite sure= how the pass actions should look like. > > We have already configured the below listed tables in "ipfw.rules". > > pass in quick on igb0 from t_allowed to queue allowed pass in quick on igb0 from t_allowed to any queue allowed > pass in quick on igb0 from t_specialip to queue specialip > pass in quick on igb0 from t_terminals to queue terminals > pass in quick on igb0 from t_freeunlimited to queue freeunlimited > pass in quick on igb0 from t_free to queue free > > Any idea what we have missed? > > -----Urspr=C3=BCngliche Nachricht----- > Von: Doug Hardie [mailto:bc979@lafn.org] > Gesendet: Montag, 16. Oktober 2017 17:22 > An: Rolf Dahmen > Cc: freebsd-pf@freebsd.org > Betreff: Re: Issue using altq_priq unter FreeBSD 11.1 - help needed > > You are missing the filtering commands to tell pf which traffic goes in w= hich queue. Here is an example using bandwidth queues that I used to use. = They are all commented out now since I don't need them anymore, but kept t= hem around just in case. This configuration restricted the bandwidth for w= eb and mail. If I remember correctly, I built this from "The Book of PF" w= hich I believe is available on the web now. > > > ############ Queueing: rule-based bandwidth control. > #altq on $ext_if cbq bandwidth 100% queue {normal, web, mail} > # queue normal bandwidth 99% qlimit 100 cbq(default) > # queue web bandwidth 100Kb qlimit 100 cbq > # queue mail bandwidth 250Kb qlimit 100 cbq > > ############ Filtering: Last Rule Matches #pass log proto tcp from any t= o any port 80 queue web #pass log proto tcp from any to any port 25 queue m= ail > > -- Doug > >> On 16 October 2017, at 05:55, Rolf Dahmen wrote: >> >> Hi all, >> >> I=C2=B4m Rolf Dahmen working as CTO for a german Wifi Service Provider. = We do have a certain issue that we are not able to configure QoS to priorit= ize queues on FreeBSD using pf with altq. My SysOps engineers are stuck in = getting it done, so I`m looking forward to get a resolution or any consults= onboarded. >> >> We have successfully recompiled the kernel to use pf with altq. >> >> We have configured 5 new queues "allowed, specialip, terminals, freeunli= mited, free" to pass the incoming traffic to prioritize the flow. The issue= is that always the defined default queue is used but never the user queues= . >> >> I do think that our pf.conf is not complete: >> >> (pf.conf) >> altq on igb0 priq queue {allowed, specialip, terminals, freeunlimited, >> free} queue free priority 5 priq(red) queue freeunlimited priority 4 >> priq(red) queue terminals priority 3 priq(red) queue specialip >> priority 2 priq(red) queue allowed priority 1 priq(default red) >> >> >> Gru=C3=9F, >> >> Rolf Dahmen >> Chief Technology Officer (CTO) >> >> [cid:image001.jpg@01D168B7.D9C957D0] >> >> T: +49 (0)241 980 986 68 >> M: +49 (0)151 617 196 23 >> Fax: +49 (0)241 980 986 90 >> >> Web: www.m3connect.de >> E-Mail: r.dahmen@m3connect.de >> >> m3connect GmbH | Friedlandstr.18 | 52064 Aachen | DE/Germany | >> Amtsgericht Aachen | HRB 8773 | USt.- ID: DE219 664 658 | >> Gesch=C3=A4ftsf=C3=BChrer/CEO: Emilio Dragas, Markus Schindler >> >> >> >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" --=20 =20 Cape Augusta Digital Properties, LLC a Cape Augusta Company *Breach of confidentiality & accidental breach of confidentiality * This email and any files transmitted with it are confidential and intended= =20 solely for the use of the individual or entity to whom they are addressed.= =20 If you have received this email in error please notify the system manager.= =20 This message contains confidential information and is intended only for the= =20 individual named. If you are not the named addressee you should not=20 disseminate, distribute or copy this e-mail. Please notify the sender=20 immediately by e-mail if you have received this e-mail by mistake and=20 delete this e-mail from your system. If you are not the intended recipient= =20 you are notified that disclosing, copying, distributing or taking any=20 action in reliance on the contents of this information is strictly=20 prohibited.