From owner-freebsd-questions@FreeBSD.ORG Fri Jul 2 14:37:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A167616A4CE for ; Fri, 2 Jul 2004 14:37:19 +0000 (GMT) Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56ECB43D41 for ; Fri, 2 Jul 2004 14:37:19 +0000 (GMT) (envelope-from pieckiel@sdf.lonestar.org) Received: from sdf.lonestar.org (IDENT:pieckiel@sverige.freeshell.org [192.94.73.4]) by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i62EZVkl029967 for ; Fri, 2 Jul 2004 14:35:32 GMT Received: (from pieckiel@localhost) by sdf.lonestar.org (8.12.10/8.12.8/Submit) id i62EZVRv001876 for freebsd-questions@freebsd.org; Fri, 2 Jul 2004 10:35:31 -0400 (EDT) Date: Fri, 2 Jul 2004 10:35:31 -0400 From: "Kevin A. Pieckiel" To: freebsd-questions@freebsd.org Message-ID: <20040702143531.GA26526@SDF.LONESTAR.ORG> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: Traffic shaping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jul 2004 14:37:19 -0000 I want to do traffic shaping with a FreeBSD firewall. The firewall uses IPF on FBSD 5.2.1-p8, and the only shaper I see in the ports is trickle. This doesn't even integrate into the firewall, so it would be useless to me for shaping traffic from other hosts on the protected network. Besides, I can't allocate bandwidth the way I want to. I basically want to be able to "guarantee" certain services a certain minimum level of bandwidth, but offering more if it is available. For example, I want WWW traffic to have at LEAST 50% of outgoing bandwidth under heavy load (leaving 50% for all other services). But I also want to "guarantee" that interactive sessions (ssh) have 10% of the bandwidth. (I'm just making these numbers up for this example.) That way, if I crank up, say, NNTP services on a client and start sucking large files from USENET, or if I start FTPing ISO images for the next FBSD release, I could still surf the web and ssh to my favorite offsite computers without much delay in response. Yet if I'm otherwise idle while NNTPing or FTPing, I can use the full bandwidth of my connection for the file transfers. I started looing at ALTQ, but wasn't sure how well it worked with FBSD. I'm not even sure if it can offer the kind of QoS shaping I want; I was more interested in if it even worked with FBSD. Are there any recommendations out there? Does anyone here have any experience with a FBSD QoS traffic shaper?