From owner-freebsd-pf@FreeBSD.ORG Fri Mar 20 08:21:34 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F67910656D2 for ; Fri, 20 Mar 2009 08:21:34 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from proxy1.bredband.net (proxy1.bredband.net [195.54.101.71]) by mx1.freebsd.org (Postfix) with ESMTP id B9D4D8FC1C for ; Fri, 20 Mar 2009 08:21:33 +0000 (UTC) (envelope-from freebsd-pf@pp.dyndns.biz) Received: from ironport2.bredband.com (195.54.101.122) by proxy1.bredband.net (7.3.139) id 49B6DBF700104A61 for freebsd-pf@freebsd.org; Fri, 20 Mar 2009 09:21:32 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkdAAArvwklV4jp1PGdsb2JhbACBT4swh0SBGAEBAQEeFwu9X4N9BmE X-IronPort-AV: E=Sophos;i="4.38,394,1233529200"; d="scan'208";a="465263983" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport2.bredband.com with ESMTP; 20 Mar 2009 09:21:32 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2K8LU9G021533 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 20 Mar 2009 09:21:31 +0100 (CET) (envelope-from freebsd-pf@pp.dyndns.biz) Message-ID: <49C3520A.9050500@pp.dyndns.biz> Date: Fri, 20 Mar 2009 09:21:30 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> In-Reply-To: <4857.216.241.167.208.1237522051.squirrel@webmail.pknet.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2009 08:21:34 -0000 Peter wrote: > The server was just updated to > 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #0: Thu Mar 19 20:00:29 MDT 2009 > > another test: > server <-> 100Mb switch <-> desktop > 172.20.1.1 <-switch-> 172.20.1.2 > ALL traffic stays on local lan. > > altq on fxp0 cbq bandwidth 100Mb queue {extranet} > queue extranet bandwidth 886Kb {poshta} > queue poshta bandwidth 156Kb cbq(borrow,default) > > I sftp from desktop to server, and do 'get blob.tgz' > download to desktop from server goes at ~20KB > > vi /etc/pf.conf > > altq on fxp0 cbq bandwidth 100Mb queue {extranet} > queue extranet bandwidth 886Kb {poshta} > queue poshta bandwidth 856Kb cbq(borrow,default) > > /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf > > I sftp from desktop to server, and do 'get blob.tgz' > download to desktop from server goes at ~100KB > > this is all local file system from /tmp/blob.tgz to /tmp/blob.tgz > > Going to try this tomorrow with 'server' being -CURRENT/latest snapshot. > > ]Peter[ > You are missing "cbq" in your extranet queue definition... don't know how that would affect the behaviour though. Check with pfctl -sq if pf's interpretation of the queue definitions is what you intended. The default queue makes me curious too. Although the man page doesn't give any restrictons to it (other than that there can only be one), I have never seen any example where one of the child queues are used as default queue. Might work perfectly... :-) On a sidenote - although this is an internal LAN with 100Mb you probably can't get that speed during full utilization. Depending on your NIC a more reasonable value would be 80-90% of the linkspeed. This is probably not related to your problem and would only be a potential problem when your trying to use your full bandwidth. Max: Would I be correct in assuming that the bandwidth value for a 100Mb NIC should reflect its real throughput in the root queue definition and not its linkspeed? Regards Morgan