From owner-freebsd-pf@FreeBSD.ORG Mon Nov 12 15:47:49 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B238716A417 for ; Mon, 12 Nov 2007 15:47:49 +0000 (UTC) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.freebsd.org (Postfix) with ESMTP id 4159013C4AA for ; Mon, 12 Nov 2007 15:47:48 +0000 (UTC) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from [192.168.2.10] ([192.168.2.10]) by mail1.cil.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 12 Nov 2007 15:58:32 +0100 Message-ID: <47386A17.3010400@ide.resurscentrum.se> Date: Mon, 12 Nov 2007 15:58:31 +0100 From: Jon Otterholm User-Agent: Thunderbird 2.0.0.6 (X11/20070804) MIME-Version: 1.0 To: Jeremy References: <47382493.9040202@techniumcast.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 12 Nov 2007 14:58:32.0978 (UTC) FILETIME=[7E72D720:01C8253C] Cc: freebsd-pf@freebsd.org Subject: Re: Giving all hosts on network same bandwidth X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2007 15:47:49 -0000 Jeremy wrote: > On Nov 12, 2007 12:01 PM, Rob Shepherd wrote: > >> If the question is: "Can I assign all hosts on a network to a single queue?", >> then YES. > > no, i dont want to assign each addresses to single queue or every > addresses to more queues one by one, is there solution in network > address rules just like that > > pass out on dc0 inet proto tcp from $employeehosts to any port 80 keep > state queue employees > > altq on dc0 scheduler cbq bandwidth 10Mb queue { std, http, mail, ssh } > queue std bandwidth 10% cbq(default) > queue http bandwidth 60% priority 2 cbq(borrow red) { employees, developers } > queue developers bandwidth 75% cbq(borrow) > queue employees bandwidth 15% > queue mail bandwidth 10% priority 0 cbq(borrow ecn) > queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk } > queue ssh_interactive bandwidth 100% priority 7 > queue ssh_bulk bandwidth 100% priority 0 > > pass out on dc0 inet proto tcp from $employeehosts to any port 80 keep > state queue employees > > this example qives employeehosts 15% of total bandwidth but i want > to give each hosts to same bandwidth ( for example i have 10Mb > bandwidth and 20 hosts iwant to give each of hosts to 512 K .if i use > 10M in altq rules some hosts' have 9M bandwitdh and some have 1M ) . > is that possible writing without all of ip addresses in rules > > pass out on dc0 inet proto tcp from $employee1 to any port 80 keep > state queue employees > pass out on dc0 inet proto tcp from $employee2 to any port 80 keep > state queue employees > pass out on dc0 inet proto tcp from $employee3 to any port 80 keep > state queue employees > pass out on dc0 inet proto tcp from $employee4 to any port 80 keep > state queue employees > pass out on dc0 inet proto tcp from $employee5 to any port 80 keep > state queue employees > pass out on dc0 inet proto tcp from $employee6 to any port 80 keep > state queue employees > ....... > pass out on dc0 inet proto tcp from $employee20 to any port 80 keep > state queue employees > > this is silly > >> queue assignment is by pf rules; whatever you can match you can assign to a queue. >> >> There is an example of matching whole networks and assigning to queues at the >> bottom of http://www.openbsd.org/faq/pf/queueing.html >> >> Rob >> >> -- >> Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd >> Technium CAST | LL57 4HJ | http://www.techniumcast.com >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" The easiest way to do this is to use IPFW+DUMMYNET. DUMMYNET has the ability to dynamically create child-queues based on src-/dst-ip. You can still use PF for all other filtering if you want to, just compile IPFW with "default to accept" and add "option DUMMYNET". To do this add this to your kernel config: options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options DUMMYNET options HZ=1000 A pipe config would look like this: ipfw pipe 100 config bw 1Mbit/s mask dst-ip 0xffffffff and the rule would look like: ipfw add 00100 pipe 100 ip from any to 1.1.1.1/24 This would give any host on the 1.1.1.1/24-network a limit of 1Mbit/s when downloading. //Jon