From owner-freebsd-pf@FreeBSD.ORG Mon Apr 3 02:57:50 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA98D16A401 for ; Mon, 3 Apr 2006 02:57:50 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4774643D45 for ; Mon, 3 Apr 2006 02:57:50 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: by uproxy.gmail.com with SMTP id u2so613188uge for ; Sun, 02 Apr 2006 19:57:49 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aSnSu0HD3p1VPOAHetm5vLo/YbkN0r8H0gpnG9as0k7drsHFiphHlvTEa+IOTSE/27ExpesP/J7NtMGGGfwYAGPsaXt3UqrvqoN38mnCSB34Sr4V2FJ1XbU4HemUlIPyqsCYBa0GKUIpdzaM9oM7Sl6kwIe6g0BinmHlPmLCgLU= Received: by 10.78.40.10 with SMTP id n10mr101629hun; Sun, 02 Apr 2006 19:57:49 -0700 (PDT) Received: by 10.78.46.14 with HTTP; Sun, 2 Apr 2006 19:57:48 -0700 (PDT) Message-ID: <55e8a96c0604021957y6959fcban1e885f93f9db6d2c@mail.gmail.com> Date: Sun, 2 Apr 2006 20:57:48 -0600 From: "Bill Marquette" To: "Christopher McGee" In-Reply-To: <442CD97B.2050103@xecu.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <442CD1E7.9030803@xecu.net> <442CD97B.2050103@xecu.net> Cc: freebsd-pf@freebsd.org Subject: Re: Traffic mysteriously dropping X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 02:57:51 -0000 On 3/31/06, Christopher McGee wrote: > A quick follow up since I realize I left out a little detail. I have > tried this on 5.4-RELEASE-p8 and 6.0-RELEASE-p6. I've been trying to > get altq working properly also, but it's been disabled until I work out > the above problem. > > The problem I've had with altq is trying to implement hfsc on the 6.0 > firewall. I thought it was a pretty simple configuration. I want to > limit outgoing traffic to 100Mbit/s and have one queue higher priority, > with a guaranteed 3 Mb of bandwidth, and a second lower priority queue > with no guaranteed bandwidth. The 2 queues should share the 97Mb of > spare bandwidth evenly when the firewalls are busy, and queue2 should > not be allowed to exceed 95Mb ever. This is what I put together but it > errors: > > altq on $ext_if bandwidth 100Mb hfsc queue { queue1, queue2 } > queue queue1 priority 3 hfsc(realtime 3Mb linkshare 50% default red) > queue queue2 hfsc(upperlimit 95Mb linkshare 50% red) > > I get the following error: > pfctl: the sum of the child bandwidth higher than parent "root_em0" You've got two issues here. The one causing the pfctl error is easy to solve, you need to put a bandwidth keyword on the queue statement (it can be 0Kb - it's ignored). The second, is that priority and linkshare are mutually exclusive. If linkshare is in use, priority is ignored. Use one or the other. --Bill