From owner-freebsd-pf@FreeBSD.ORG Sat Mar 21 10:02:53 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58C21106564A for ; Sat, 21 Mar 2009 10:02:53 +0000 (UTC) (envelope-from forn@ngs.ru) Received: from smtpout1.ngs.ru (smtpout1.ngs.ru [195.93.186.195]) by mx1.freebsd.org (Postfix) with ESMTP id B08938FC1C for ; Sat, 21 Mar 2009 10:02:52 +0000 (UTC) (envelope-from forn@ngs.ru) Received: from [10.20.40.2] (host-89-31-116-35.academ.org [89.31.116.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: forn@ngs.ru) by smtp.ngs.ru (smtp) with ESMTP id 1E6D837C9DDD1 for ; Sat, 21 Mar 2009 15:43:59 +0600 (NOVT) Message-ID: <49C4B6BC.6040108@ngs.ru> Date: Sat, 21 Mar 2009 15:43:24 +0600 From: forn User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) To: freebsd-pf@freebsd.org References: <65306.216.241.167.212.1237557217.squirrel@webmail.pknet.net> In-Reply-To: <65306.216.241.167.212.1237557217.squirrel@webmail.pknet.net> Content-Transfer-Encoding: 8bit X-Anti-Virus: Kaspersky Anti-Virus for Sendmail with Milter API 5.6.20, bases: 20090321 #1757571, check: 20090321 clean MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: more tests - pf + altq + cbq(borrow) not borrowing from parent - all LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2009 10:02:53 -0000 Hello. I'm having the same problem. My system is 7.1-Stable i386. Here's entire pf.conf: ext_if="le0" int_if="le1" all_if="{" $ext_if $int_if "}" localnet="10.20.41.0/24" int_ip="10.20.41.1" ext_ip="10.20.40.61" self="{" $int_ip $ext_ip "}" uplink="10.20.40.1" set skip on lo scrub in altq on $int_if cbq bandwidth 2Mb qlimit 500 queue { defaultq, sshq, localq } queue defaultq bandwidth 500Kb cbq (default) queue sshq bandwidth 100Kb cbq (borrow) queue localq bandwidth 500Kb cbq { www, www5 } queue www bandwidth 100Kb priority 1 cbq (borrow) queue www5 bandwidth 250Kb priority 2 cbq (borrow) nat on $ext_if from $localnet to any -> $ext_ip rdr on $int_if proto tcp from $localnet to any port 80 -> 127.0.0.1 port 3128 block all pass out quick from $self pass in quick proto tcp to $self port ssh queue self_sshq pass quick proto icmp block return on $int_if all pass in quick on $int_if proto tcp from $localnet to 127.0.0.1 port 3128 queue www pass in quick on $int_if proto udp from $localnet to $self port 17094 pass in quick on $int_if proto udp from $localnet to $uplink port 53 pass in quick on $int_if proto tcp from $localnet to $uplink port 55080 queue www5 With this config, speed of traffic in queue www5 never goes higher than 250Kb. But, if queue localq is set to borrow, as follows: altq on $int_if cbq bandwidth 2Mb qlimit 500 queue { defaultq, sshq, localq } queue defaultq bandwidth 500Kb cbq (default) queue sshq bandwidth 100Kb cbq (borrow) queue localq bandwidth 500Kb cbq (borrow) { www, www5 } queue www bandwidth 100Kb priority 1 cbq (borrow) queue www5 bandwidth 250Kb priority 2 cbq (borrow) then queue www5 is able to take the full bandwidth of 2Mb (which is correct). The physical link speed far surpasses 2Mb (actually, these are all virtual machines set up for testing on the same server), so this can't be a problem.