PF + ALTQ... help please!!

Marcelo Celleri marceloc at espoltel.net
Wed Nov 30 22:48:23 GMT 2005


Hi everyone,

 

I'm trying PF + ALTQ on FreeBSD to implement policies for the traffic flows
of my clients, for each one of them I have a configuration like this: 

 

$int_if="em1"

 

queue marcelo bandwidth 128Kb cbq { gold, silver, default }

        queue marcelo1 bandwidth 70% priority 3 cbq(borrow red)

        queue marcelo2 bandwidth 20% priority 2 cbq(borrow red)

        queue marcelodf bandwidth 10% cbq(borrow)

 

pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default

pass in on $int_if proto tcp from any port { 25,110 } to 200.49.242.42 keep
state queue silver

pass in on $int_if proto tcp from any port { 22,80,443 } to 200.49.242.42
keep state queue gold

pass in on $int_if proto { udp,tcp } from any port 53 to 200.49.242.42 keep
state queue gold

 

I supposed that the "borrow" parameter allows the queue to borrow the exceed
of bandwidth until the top of 128 Kb depending on the priority value, but I
realized that if I'm getting my e-mail via POP3 from xxx.xxx.xxx.xxx the
maximum bandwidth allocated is approximately 40 or 50 Kbps even if there is
no other flow of traffic present.

 

I need to get this setup:

 

If there is full load, I must have 70% of 128 Kbps for domain, ssh, http and
https traffic, 20% for pop3 and smtp and the rest for any other service, but
when I'm using the services defined for the silver queue like pop3 and if
the queue gold isn't full, the bandwidth has to be ( 128Kb - (bw allocated
in gold)),  so if I have no http, https, ssh or domain traffic the value for
the pop3 connection must be in theory 128Kbps.

 

The same should happen if I use a p2p application, that it would be defined
by the default queue, if there is no traffic flow defined by gold or silver
queue at the same time when I'm doing a download; the bandwidth allocated
for this connection has to be 128 Kbps.

 

So, every one of the flows has to reach the maximum of 128Kbps when there is
no other flow with greater priority present at the same time, based on:

 

http, https, dns, ssh: first priority

pop3, smtp: medium priority

rest of services: last priority

 

Thanks for your comments and help.

 

 


-- 
Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A.
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.



More information about the freebsd-pf mailing list