From owner-freebsd-pf@FreeBSD.ORG Sat Nov 29 16:26:58 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F5A31065676 for ; Sat, 29 Nov 2008 16:26:58 +0000 (UTC) (envelope-from david_5073@yahoo.com) Received: from web38505.mail.mud.yahoo.com (web38505.mail.mud.yahoo.com [209.191.125.51]) by mx1.freebsd.org (Postfix) with SMTP id DF6878FC14 for ; Sat, 29 Nov 2008 16:26:57 +0000 (UTC) (envelope-from david_5073@yahoo.com) Received: (qmail 11959 invoked by uid 60001); 29 Nov 2008 16:26:57 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=0AmLQrzKd50u55YH/5EAVagm0lbRG7agGF11Qe2jmXN6lWmWd7bG0tk5lu/hWJM2F/gPuuBvJQIMHp2HfmRfI+Za1TA/YY/UzzUmCoZ9G0hoSw33pP69G4gqSNjj4b2sh20Zsp2GbI2MjzpOh16Ev9r5niPIR5G1nelKPxRJSvY=; X-YMail-OSG: c7BuLBwVM1n.EQ2yH2uIsYswXOhN4XYV29wbssX918sGq.wa_SD62hG6l7nzoBtnLCxxDWBuEWfcUrfuVo7_VMZ_9DfVCwbP.fiRf.SE7toK0PS0cPUez1PkZvRov3a70gBkGg5HzVEir3NcgDaHnCz0hEL03F8w22sjuF98e_1t.Mad2PKZJ9ee6ejzBLNWt3qb10sX2q01Vm6lWvDJJaOEdD2BogUecQM2lRcYM9dd8IwV6_URWOJIS0lq Received: from [98.242.222.229] by web38505.mail.mud.yahoo.com via HTTP; Sat, 29 Nov 2008 08:26:57 PST X-Mailer: YahooMailWebService/0.7.260.1 Date: Sat, 29 Nov 2008 08:26:57 -0800 (PST) From: David Roseman To: =?iso-8859-1?Q?Sebastian_Tymk=F3w?= In-Reply-To: <692660060811290748i33059137g3977e51f692d8340@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <425805.11833.qm@web38505.mail.mud.yahoo.com> X-Mailman-Approved-At: Sat, 29 Nov 2008 17:25:44 +0000 Cc: freebsd-isp@freebsd.org, Marcello Barreto , freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: david_5073@yahoo.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2008 16:26:58 -0000 Is top-posting allowed here? This product has been around longer than ALTQ and pf. So its unlikely that they threw away something that has always been superior to ALTQ to=20 replace it with ALTQ. The release notes go back to 1996. They also claim to have re-written the FreeBSD bridging code to gain 40% in performance.=20 http://www.etinc.com/release.notes RED and CBQ were technologies championed by Cisco. They're designed to work on CPU-starved routers. Cisco had a big problem because their routers were designed to move packets and they didn't have any cpu power available for intelligent processing required for packet shaping. So they designed these brain-dead "leaky bucket" and CBQ models to work on their cpu-starved= routers in the 90s. Inexplicably, these silly techniques were copied and p= ut into pubic operating systems, and people still use them to save what amounts to pennies compared to the new business they can attract with a better network. If you'd read the white papers you'd know its not a queue-based product and its totally custom. Window shaping is really the most important technology to reduce the amount of traffic in a nework. Slowing servers naturally without having to queue data makes a dramatic change in the delay patterns of a large network. Imagine 1000 servers sending 3000 bytes per window instead of 32K. The backup queue depths are dramatically= =20 reduced even without specific bandwidth limits per customer. It also has a traffic monitor that is indispensable in tracking down=20 DOS attacks, worms and out of control servers. I'd pay $500. just for the m= onitor. I have a problem, I fire up the monitor and bingo, I find the=20 problem. I think you can buy the lowest priced license and still use the monitor and gather statistics no matter how large your network is. David --- On Sat, 11/29/08, Sebastian Tymk=F3w wrote= : > From: Sebastian Tymk=F3w > Subject: Re: PF + ALTQ - Bandwidth per customer > To: david_5073@yahoo.com > Cc: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org, "Marcello Barreto" <= marcello@linconet.com.br> > Date: Saturday, November 29, 2008, 10:48 AM > Hello, >=20 > Why do you think it's unrealiable technology ? > I think system that you propose rely on this technology ;) > Most of this use bsd/linux/unix on board with own solutions > and than they're > packed into the box > with cute web interface. > Of course I can be wrong... >=20 > Best regards, >=20 > Shamrock >=20 > 2008/11/29 David Roseman >=20 > > > > > > > > --- On Mon, 11/24/08, Marcello Barreto > wrote: > > > > > From: Marcello Barreto > > > > Subject: PF + ALTQ - Bandwidth per customer > > > To: freebsd-pf@freebsd.org, > freebsd-isp@freebsd.org > > > Date: Monday, November 24, 2008, 4:04 PM > > > Hello Folks, > > > I believe you have heard this several > times, but I'm > > > new to FreeBSD and i'm trying to change my > bandwidth > > > control from Linux (iptables + TC + iproute) to > Freebsd (PF > > > + ALTQ). > > > I read about PF and I was very interested > on it, but I > > > want to limit the bandwidth (Download and Upload) > from each > > > customer behind a router (Obviously, FreeBSD with > PF.).. > > > There are several networks and a lot of > customers, and with > > > my rules, only what I got was each customer > sharing the same > > > queue... > > > > > > There are my rules: > > > altq on $external cbq queue {def_up, def_up300, > def_up450, > > > def_up600, def_up1000} > > > altq on $internal cbq queue {def_down, > def_down300, > > > def_down450, def_down600, def_down1000} > > > > > > queue def_up bandwidth 10% cbq(default) > > > queue def_down bandwidth 10% cbq(default) > > > > > > queue def_up300 bandwidth 128Kb cbq(red) > > > queue def_up450 bandwidth 200Kb cbq(red) > > > queue def_up600 bandwidth 300Kb cbq(red) > > > queue def_up1000 bandwidth 500Kb cbq(red) > > > > > > queue def_down300 bandwidth 300Kb cbq(red) > > > queue def_down450 bandwidth 450Kb cbq(red) > > > queue def_down600 bandwidth 600Kb cbq(red) > > > queue def_down1000 bandwidth 1024Kb cbq(red) > > > > > > > > > pass in quick inet proto {tcp, udp} from > > > > to any queue def_down300 > > > pass out quick inet proto {tcp, udp} from > > > to any queue def_up300 > > > > > > > You should consider a commercial product rather than > relying on > > old and somewhat unreliable technology. We've been > able to squeeze a > > lot more customers onto our network for a $3500. > investment. It paid for > > itself in 2 months. We have a dual-core 2.33Ghz system > passing 95Mb/s > > with 12000 rules in place and it runs at about 10%. > The latest version is > > truly amazing. > > > > http://www.etinc.com > > > > > > Regards, > > > > David =0A=0A=0A