Date: Wed, 25 Apr 2007 23:26:09 +0800 From: John Mok <jmok@attglobal.net> To: freebsd-pf@freebsd.org Subject: Newbie question - Both Ingress & Egress traffic shaping on WAN link needed ? Message-ID: <462F7311.3040306@attglobal.net>
next in thread | raw e-mail | index | archive | help
Hi,
I have a newbie question. I would like to shape the traffic between the
local subnet and the WAN link (e.g. Frame Relay or ATM ) of the company
private network. The bandwidth of the WAN link is only 512Kbps, and the
bandwidth of local subnet is 100Mbps.
Uplink router ----WAN link 512K---- Downlink router --- local subnet
(HQ subnet) (local subnet)
I would like to deploy a FreeBSD bridge + PF between the downlink router
and the main switch of the local subnet, such that the chance of network
congestion on the WAN link / uplink router is kept to minimum and make
the interactive applications ( e.g. Internet proxy access, or mail
client ) more responsive :-
altq on $bridge_if hfsc bandwidth 512Kb queue ( icmp, dns, mail, other )
....
queue icmp hfsc (linkshare (2Kb) upperlimit (4Kb) ) queue ( icmp_in,
icmp_out )
queue dns hfsc (linkshare (4Kb) upperlimit (8Kb) ) queue ( dns_in, dns_out )
queue mail ( linkshare (250Kb) ) queue ( mail_in, mail_out )
queue other ( default ) queue ( other_in, other_out )
....
queue icmp_in priority 10 priq(red)
queue icmp_out priority 5 priq(red)
queue dns_in priority 10 priq(red)
queue dns_out priority 5 priq(red)
queue mail_in priority 10 priq(red)
queue mail_out priority 5 priq(red)
....
pass out quick on $bridge_if inet proto (icmp) from $int_net to any
queue icmp_out
pass out quick on $bridge_if inet proto (icmp) from !$int_net to any
queue icmp_in
pass out quick on $bridge_if inet proto (tcp, udp) from $int_net to any
port 53 queue dns_out
pass out quick on $bridge_if inet proto (tcp, udp) from !$int_net to any
port 53 queue dns_in
pass out quick on $bridge_if inet proto (tcp, udp) from $int_net to any
port { 25, 109, 110, 143, 220, 995 } queue mail_out
pass out quick on $bridge_if inet proto (tcp, udp) from !$int_net to any
port { 25, 109, 110, 143, 220, 995 } queue mail_in
....
My question is that, if it is necessary to account for the incoming
traffic to the queue, such that the outgoing traffic could give way to
the incoming traffic. For example, the smtp gateway could utilize the
full 512Kb to deliver the mails to the local mail server, rather than
being used by the file sharing traffic. In that situation, without
accounting for the incoming traffic as above and shape the outgoing
traffic (i.e. almost completely discarded), would it cause network
congestion on the uplink router when someone shares the bandwidth for
file copying?
Thanks a lot.
John Mok
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?462F7311.3040306>