From owner-freebsd-pf@FreeBSD.ORG Thu Mar 15 10:20:44 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6403516A400 for ; Thu, 15 Mar 2007 10:20:44 +0000 (UTC) (envelope-from Ales.Krajnik@mediafactory.cz) Received: from mail.a24media.cz (mail.a24media.cz [212.24.138.152]) by mx1.freebsd.org (Postfix) with ESMTP id D1B2E13C4C9 for ; Thu, 15 Mar 2007 10:20:43 +0000 (UTC) (envelope-from Ales.Krajnik@mediafactory.cz) Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Thu, 15 Mar 2007 11:08:39 +0100 Message-ID: <66CE3CD196F5C24F9CDE33A03E0FB4113A7EEF@exbox.office.a24media.cz> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Setting bandwidth for multiple internal subnets + few more PF questions Thread-Index: Acdm488l5OHYwrTTS7i5t22Mjazi1A== From: =?iso-8859-2?Q?Ale=B9_Krajn=EDk?= To: Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Setting bandwidth for multiple internal subnets + few more PF questions X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2007 10:20:44 -0000 Hello, =20 I have a problem with PF and I would appreciate any help. I spent few = hours googling around but found no solution. =20 We have a FreeBSD 6.1 router with 4 internal subnets on 4 interfaces = (em1, fxp0, fxp1, xl0), 1 connection to the Internet (em0) - 10Mbps both = directions, full duplex. What we need is to shape traffic so em1 + fxp1 = , fxp0 and xl0 uses equally 33% of traffic, in both incoming and = outgoing directions from the Internet (incoming direction is more = important for us as we don't have almost any servers inside our network = except for HTTP for development purpose so mostly we download data from = the Internet). Traffic between local subnets should stay unlimited. =20 That should not be problem - we could just set 3.33Mbps on each = interface for packets arriving from the Internet. What we cannot solve = is how to set that each interface could borrow bandwidth from other = interfaces (=3D from parent stream) if they are not fully utilised? =20 If I set ALTQ on the external interface, I can control only outgoing = traffic to the Internet (I made that work successfully). If I set ALTQ = on any of the internal interfaces I cannot set it to borrow from each = other. Setting ALTQ on multiple interfaces is not supported AFAIK. Is = there any solution? Can that be solved with packet tagging? =20 Another thing I do not completely understand is setting ALTQ rules on = interfaces. I just want to make it clear to myself. If I set ALTQ on an = interface, it means that packets are being dropped on the chosen = interface? If I set queue on an interface, it means that packets are = added to that queue if and only if the rule is evaluated on the chosen = interface? For example if I would have rules "queue Q on em0 ..." and = "pass in on em1 ... queue Q", what would that do? =20 My last question - I read TCP ACK packets prioritizing can increase = incoming throughput. Does that make sense on fast internet connections = like is ours or is it useful only for e.g. dial-up connections? I would = use following ALTQ settings: =20 ALTQ on $lan_ex bandwidth 10Mb cbq { queue_std, = queue_ack } queue queue_std on $lan_ex bandwidth 99% = cbq(default) queue queue_ack on $lan_ex bandwidth 1% =20 ... and create a TCP/ACK rule on $lan_ex with queue_ack =20 Thanks in advance for your help! =20 Ales Krajnik