Date: Tue, 2 Dec 2008 13:03:43 +0300 From: =?koi8-r?B?4czFy9PBzsTSIPvF197FzsvP?= <alexander.shevchenko@itv.ru> To: <freebsd-pf@freebsd.org> Subject: RE: PF + ALTQ - Bandwidth per customer Message-ID: <76463C1E8CB14B958088F7E54C611560@ashevchenko>
next in thread | raw e-mail | index | archive | help
Using ipfw+dummynet you could easily limit bandwidth per ip: $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out Using pf+altq you could limit easily bandwith for all clients: altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_inet } queue powernet_local bandwidth 95% cbq(default) queue powernet_inet bandwidth 40Mb pass out on $int_if from <neighbors_net> to <internal_net> queue powernet_local pass out on $int_if from !<neighbors_net> to <internal_net> queue powernet_inet But you could not limit bandwidth per ip using PF. Ryan McBride wrote in it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbsd-p f/msg/512d1eba9683cea6?hl=ru&dmode=source) > P.S. By the way, no chance to shaping like ipfw(dummynet), by getting > mask for all ip addresses? It's the last reason to stay with ipfw: No, there is nothing like this in PF right now. It's on my list of things to look at, but that list grows faster than I can get things done... -----Original Message----- From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Andrei Kolu Sent: Tuesday, December 02, 2008 11:42 AM To: Peter Jeremy; freebsd-pf@freebsd.org; freebsd-isp@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer ipfw+dummynet is really ugly traffic "shaper" (let's face it there is no shaping going on), because instead of limiting bandwidth it will drop packets to simulate bad connection. I hear many years about "trivial" configuration per user bandwidth limit with pf+altq but never saw ANY code... You can't set bandwidth limit with PF like 3Mbit per 100 clients if your lan card is 100Mbit. This is just lame- in reality clients never use all bandwidth and never all clients are connected all the time. Even Linux ipfilter does it for years with insane cryptic commandline but it just works.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?76463C1E8CB14B958088F7E54C611560>