From owner-freebsd-isp@FreeBSD.ORG Wed May 16 17:22:57 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5941816A405 for ; Wed, 16 May 2007 17:22:57 +0000 (UTC) (envelope-from jtregunna@blurgle.ca) Received: from picard.blurgle.ca (picard.blurgle.ca [64.187.9.69]) by mx1.freebsd.org (Postfix) with ESMTP id 19BEA13C458 for ; Wed, 16 May 2007 17:22:56 +0000 (UTC) (envelope-from jtregunna@blurgle.ca) Received: from [192.168.7.2] (office.highspeedfx.net [64.187.18.74]) (authenticated bits=0) by picard.blurgle.ca (8.13.8/8.13.8) with ESMTP id l4GHHr9Q073172 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES128-SHA bits=128 verify=NO); Wed, 16 May 2007 13:17:53 -0400 (EDT) (envelope-from jtregunna@blurgle.ca) In-Reply-To: <008e01c797cf$8eecda60$d101010a@recol.us> References: <008e01c797cf$8eecda60$d101010a@recol.us> Mime-Version: 1.0 (Apple Message framework v752.3) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <4A5057D3-3AF7-4E3E-8165-4B821FCB0E1A@blurgle.ca> Content-Transfer-Encoding: 7bit From: Jeremy Tregunna Date: Wed, 16 May 2007 13:21:15 -0400 To: Lan Tran X-Mailer: Apple Mail (2.752.3) Cc: freebsd-isp@freebsd.org Subject: Re: pf+altq for bandwidth management X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 May 2007 17:22:57 -0000 On 16-May-07, at 11:33 AM, Lan Tran wrote: > Hello, > > Is pf and altq a right combo for bandwidth limiting? What I'm > trying to do is limit each IP or block of IPs to predefined > bandwidth. I'm not doing traffic shaping, just wanting to prevent > servers from hogging all the bandwidth. > > My setup is as follow: > LAN {test server} -> xl1 {FreeBSD} xl0 -> router -> net > xl0 and xl1 are functioning as a bridge. kernel has pf and altq > compiled. > > pf.conf: > ext_if = "xl0" > int_if = "xl1" > pc = "any" > set loginterface $ext_if > > # to net > altq on $ext_if cbq bandwidth 100Mb queue { std_ext, test_ext } > queue std_ext bandwidth 3Mb qlimit 1000 priority 5 cbq(default red > ecn) > queue test_ext bandwidth 2Mb priority 1 cbq(red ecn) > > pass out on $ext_if from $pc to any keep state queue test_ext > --- > The problem I'm having is that all outbound traffic from "test > server" always shows around 3Mb instead of 2Mb per queue test_ext > ruleset. What am I missing? I've noticed the best precision for bandwidth limiting on cheap cards like realtek's (provided of course, the particular rl(4) card you're using is supported). Cards like fxp(4) and xl(4) I've not had great luck with getting them limited properly (always above or below the target)). -- Jeremy Tregunna