Date: Fri, 02 Jul 2004 07:48:37 -0700 From: Derrick <freebsd@fbsdsolutions.com> To: "Kevin A. Pieckiel" <pieckiel+freebsd-questions@sdf.lonestar.org> Cc: freebsd-questions@freebsd.org Subject: Re: Traffic shaping Message-ID: <1088779717.2434.3.camel@aragorn.clanbuckbuck.org> In-Reply-To: <20040702143531.GA26526@SDF.LONESTAR.ORG> References: <20040702143531.GA26526@SDF.LONESTAR.ORG>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2004-07-02 at 07:35, Kevin A. Pieckiel wrote: > I want to do traffic shaping with a FreeBSD firewall. The firewall uses > IPF on FBSD 5.2.1-p8, and the only shaper I see in the ports is trickle. > This doesn't even integrate into the firewall, so it would be useless to > me for shaping traffic from other hosts on the protected network. > Besides, I can't allocate bandwidth the way I want to. > > I basically want to be able to "guarantee" certain services a certain > minimum level of bandwidth, but offering more if it is available. For > example, I want WWW traffic to have at LEAST 50% of outgoing bandwidth > under heavy load (leaving 50% for all other services). But I also want > to "guarantee" that interactive sessions (ssh) have 10% of the bandwidth. > (I'm just making these numbers up for this example.) That way, if I > crank up, say, NNTP services on a client and start sucking large files > from USENET, or if I start FTPing ISO images for the next FBSD release, > I could still surf the web and ssh to my favorite offsite computers > without much delay in response. Yet if I'm otherwise idle while NNTPing > or FTPing, I can use the full bandwidth of my connection for the file > transfers. > > I started looing at ALTQ, but wasn't sure how well it worked with FBSD. > I'm not even sure if it can offer the kind of QoS shaping I want; I was > more interested in if it even worked with FBSD. > > Are there any recommendations out there? Does anyone here have any > experience with a FBSD QoS traffic shaper? ALTQ would probably work, but most recommendations around here would be for DUMMYNET. You will need to recompile your kernel if the option isn't there already. With DUMMYNET, you can specify traffic through certain ports or certain ips get X bandwidth, or you can have it intelligently divide bandwidth in that if no one else is using their allotment, you can "borrow" their. I don't have the full details on how to set it up as I have fully jumped off that bridge yet, but I am sure someone else on this list could give more detail answers to a finer grained question.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1088779717.2434.3.camel>