Date: Thu, 24 Jun 2010 14:18:07 -0300 From: Rafael Henrique Faria <rafaelhfaria@cenadigital.com.br> To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Unknown Behavior of PF+ALTQ on a Bridge Message-ID: <AANLkTilMEb29wh-fKSBVqbiBQhLr2SWwWebFWXcc2qHP@mail.gmail.com> In-Reply-To: <AANLkTimCHZakUfHRUplTGyNMsx3ZFuVo7wLYbRLNseQA@mail.gmail.com> References: <AANLkTim4F0iJvKfjCWJtAFkwYhOT4J_Yz3sZOiOdRPoj@mail.gmail.com> <AANLkTimCHZakUfHRUplTGyNMsx3ZFuVo7wLYbRLNseQA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 24, 2010 at 14:04, Ermal Lu=E7i <eri@freebsd.org> wrote: > On Thu, Jun 24, 2010 at 3:12 PM, Rafael Henrique Faria > <rafaelhfaria@cenadigital.com.br> wrote: >> Hi. >> >> I'm working on a Brige between a router Cisco 7200, and a 3Com 7900 swit= ch. >> I have several subnetworks, and I need to balance the bandwidth between = then. >> >> The Brigde is running: "FreeBSD dell05 8.1-PRERELEASE FreeBSD >> 8.1-PRERELEASE #0: Tue Jun 22 13:59:17 BRT 2010 >> rafaelhfaria@dell05:/usr/obj/usr/src/sys/BRIDGE =A0amd64" >> >> I have the following lines in /boot/loader.conf: >> --- >> net.graph.maxalloc=3D512 >> net.graph.maxdgram=3D45000 >> net.graph.recvspace=3D45000 >> bridgestp_load=3D"YES" >> if_vlan_load=3D"YES" >> --- >> >> And my kernel is compiled with: >> device =A0 =A0 =A0 =A0 =A0if_bridge >> device =A0 =A0 =A0 =A0 =A0pf >> device =A0 =A0 =A0 =A0 =A0pflog >> options =A0 =A0 =A0 =A0 ALTQ >> options =A0 =A0 =A0 =A0 ALTQ_CBQ >> options =A0 =A0 =A0 =A0 ALTQ_RED >> options =A0 =A0 =A0 =A0 ALTQ_RIO >> options =A0 =A0 =A0 =A0 ALTQ_HFSC >> options =A0 =A0 =A0 =A0 ALTQ_PRIQ >> options =A0 =A0 =A0 =A0 ALTQ_NOPCC >> options =A0 =A0 =A0 =A0 DEVICE_POLLING >> options =A0 =A0 =A0 =A0 HZ=3D1000 >> options =A0 =A0 =A0 =A0 SHMSEG=3D16 >> options =A0 =A0 =A0 =A0 SHMMNI=3D32 >> options =A0 =A0 =A0 =A0 SHMMAX=3D2097152 >> options =A0 =A0 =A0 =A0 SHMALL=3D4096 >> options =A0 =A0 =A0 =A0 MAXFILES=3D8192 >> >> And the bridge configuration: >> cloned_interfaces=3D"bridge0 vlan1" >> ifconfig_bridge0=3D"addm bce0 stp bce0 addm bce1 stp bce1 up" >> ifconfig_bce0=3D"polling up" >> ifconfig_bce1=3D"polling up" >> ifconfig_vlan1=3D"inet 200.x.x.x netmask 0xFFFFFF00 broadcast >> 200.x.x.255 vlan 1 vlandev bce1" >> >> bce0 is connected to the Cisco 7200 ($wan_if in pf) >> bce1 is conencted to the 3Com 7900 ($lan_if in pf) >> >> And my sysctl for bridge: >> dell05# sysctl net.link.bridge >> net.link.bridge.ipfw: 0 >> net.link.bridge.inherit_mac: 0 >> net.link.bridge.log_stp: 0 >> net.link.bridge.pfil_local_phys: 1 >> net.link.bridge.pfil_member: 1 >> net.link.bridge.pfil_bridge: 0 >> net.link.bridge.ipfw_arp: 0 >> net.link.bridge.pfil_onlyip: 0 >> dell05# >> >> Ok... >> >> Now, the problem. >> >> With the following queue: >> altq on $lan_if bandwidth 33Mb hfsc queue { down_sub1, down_sub2, >> down_sub3, down_sub4, down_def } >> =A0 queue down_sub1 =A0 bandwidth 8Mb priority 1 qlimit 300 hfsc ( >> realtime 3.20Mb upperlimit 22.40Mb ) >> =A0 queue down_sub2 =A0 bandwidth 8Mb priority 1 qlimit 300 hfsc ( >> realtime 3.20Mb upperlimit 22.40Mb ) >> =A0 queue down_sub3 =A0bandwidth 8Mb priority 1 qlimit 300 hfsc ( >> realtime 3.20Mb upperlimit 22.40Mb ) >> =A0 queue down_sub4 =A0bandwidth 8Mb priority 1 qlimit 300 hfsc ( >> realtime 3.20Mb upperlimit 22.40Mb ) >> =A0 queue down_def =A0 =A0 bandwidth 128Kb hfsc ( default ) >> >> And with the following rules: >> pass in =A0log quick on $lan_if from <sub1> to any keep state queue ( do= wn_sub1 ) >> pass out log quick on $wan_if from <sub1> to any keep state queue ( up_s= ub1 ) >> pass in =A0log quick on $wan_if from any to <sub1> keep state queue ( up= _sub1 ) >> pass out log quick on $lan_if from any to <sub1> keep state queue ( down= _sub1 ) >> >> (..) for each <sub1-4> I have the pass rules like those. >> >> >> With the full use of the link, only a small part of the traffic gets >> into the correct queue. >> >> queue root_bce1 on bce1 bandwidth 33Mb priority 0 {down_sub1, >> down_sub2, down_sub3, down_sub4, down_def} >> =A0[ pkts: =A0 =A0 =A0 =A0 =A00 =A0bytes: =A0 =A0 =A0 =A0 =A00 =A0droppe= d pkts: =A0 =A0 =A00 bytes: =A0 =A0 =A00 ] >> =A0[ qlength: =A0 0/ 50 ] >> =A0[ measured: =A0 =A0 0.0 packets/s, 0 b/s ] >> queue =A0down_sub1 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime >> 3.20Mb upperlimit 22.40Mb ) >> =A0[ pkts: =A0 =A0 =A053177 =A0bytes: =A0 50082785 =A0dropped pkts: =A0 = =A0 =A00 bytes: =A0 =A0 =A00 ] >> =A0[ qlength: =A0 0/300 ] >> =A0[ measured: =A0 364.5 packets/s, 2.81Mb/s ] >> queue =A0down_sub2 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime >> 3.20Mb upperlimit 22.40Mb ) >> =A0[ pkts: =A0 =A0 =A090724 =A0bytes: =A0 79670459 =A0dropped pkts: =A0 = =A0 =A00 bytes: =A0 =A0 =A00 ] >> =A0[ qlength: =A0 0/300 ] >> =A0[ measured: =A0 744.6 packets/s, 5.20Mb/s ] >> queue =A0down_sub3 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime >> 3.20Mb upperlimit 22.40Mb ) >> =A0[ pkts: =A0 =A0 =A038333 =A0bytes: =A0 37384626 =A0dropped pkts: =A0 = =A0 =A00 bytes: =A0 =A0 =A00 ] >> =A0[ qlength: =A0 0/300 ] >> =A0[ measured: =A0 285.2 packets/s, 2.35Mb/s ] >> queue =A0down_sub4 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime >> 3.20Mb upperlimit 22.40Mb ) >> =A0[ pkts: =A0 =A0 =A080385 =A0bytes: =A0 69021129 =A0dropped pkts: =A0 = =A0 =A00 bytes: =A0 =A0 =A00 ] >> =A0[ qlength: =A0 0/300 ] >> =A0[ measured: =A0 585.1 packets/s, 3.92Mb/s ] >> queue =A0down_def on bce1 bandwidth 128Kb hfsc( default ) >> =A0[ pkts: =A0 =A0 268756 =A0bytes: =A0336423531 =A0dropped pkts: =A0 = =A0121 bytes: =A081921 ] >> =A0[ qlength: =A0 0/ 50 ] >> =A0[ measured: =A01615.4 packets/s, 16.49Mb/s ] >> >> watching the pflog interface, I can see that the pass rules are >> working, no traffic is getting out of one of the rules (I have put an >> "pass log all" to check this). >> >> All the rules are working... but they aren't sending the traffic to >> the specified queue. >> >> If someone have a glue for this... >> Any suggestion are welcome. >> >> Thank's in advance. > > Sorry but i do not see any evidence that what you claim is true! > > -- > Ermal > My subnets are all /24, so table <sub1> const { 200.x.1.0/24 } table <sub2> const { 200.x.2.0/24 } table <sub3> const { 200.x.3.0/24 } table <sub4> const { 200.x.4.0/24 } In my network, I only have thoses subnets. With: pass all from <sub1> to any queue sub1 pass all from any to <sub1> queue sub1 pass all from <sub2> to any queue sub2 pass all from any to <sub2> queue sub2 pass all from <sub3> to any queue sub3 pass all from any to <sub3> queue sub3 pass all from <sub4> to any queue sub4 pass all from any to <sub4> queue sub4 pass all (sent to default queue) The queues have to get all the traffic from my network. But it don't. If I put an log option to the last pass all rule, and do a tcpdump to pflog0, no packet is showed. So, the rules are working OK. But with "pfctl -vvs queue", it shows: sub1: 2.81Mb/s sub2: 5.20Mb/s sub3: 2.35Mb/s sub4: 3.92Mb/s default: 16.49Mb/s As I can understand, with the pass rules, all the traffic from that subnets, need to get into that queue. So... with the pass rule of the <sub1>, all the traffic data from that subnet, need to get into the queue sub1, the same with sub2, sub3, and sub4. But, Why, I have a high traffic in the default queue? There is no packet at the last pass all rule. So, no packet is missing the other rules. What I want, it to get all the traffic from 200.x.1.0/24, into the sub1 queue, and get limited by this queue, not the default queue. And again, the same with sub2-4. I'm using HFSC, but I'll try with CBQ. --=20 Rafael Henrique da Silva Faria Grupo de Sistemas e Redes Servi=E7o T=E9cnico de Inform=E1tica Faculdade de Ci=EAncias e Letras do Campus de Araraquara - UNESP
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilMEb29wh-fKSBVqbiBQhLr2SWwWebFWXcc2qHP>