Setting bandwidth for multiple internal subnets + few more PF questions

Aleš Krajník Ales.Krajnik at mediafactory.cz
Thu Mar 15 10:20:44 UTC 2007 

Hello,

 

I have a problem with PF and I would appreciate any help. I spent few hours googling around but found no solution.

 

We have a FreeBSD 6.1 router with 4 internal subnets on 4 interfaces (em1, fxp0, fxp1, xl0), 1 connection to the Internet (em0) - 10Mbps both directions, full duplex. What we need is to shape traffic so em1 + fxp1 , fxp0 and xl0 uses equally 33% of traffic, in both incoming and outgoing directions from the Internet (incoming direction is more important for us as we don't have almost any servers inside our network except for HTTP for development purpose so mostly we download data from the Internet). Traffic between local subnets should stay unlimited.

 

That should not be problem - we could just set 3.33Mbps on each interface for packets arriving from the Internet. What we cannot solve is how to set that each interface could borrow bandwidth from other interfaces (= from parent stream) if they are not fully utilised?

 

If I set ALTQ on the external interface, I can control only outgoing traffic to the Internet (I made that work successfully). If I set ALTQ on any of the internal interfaces I cannot set it to borrow from each other. Setting ALTQ on multiple interfaces is not supported AFAIK. Is there any solution? Can that be solved with packet tagging?

 

Another thing I do not completely understand is setting ALTQ rules on interfaces. I just want to make it clear to myself. If I set ALTQ on an interface, it means that packets are being dropped on the chosen interface? If I set queue on an interface, it means that packets are added to that queue if and only if the rule is evaluated on the chosen interface? For example if I would have rules "queue Q on em0 ..." and "pass in on em1 ... queue Q", what would that do?

 

My last question - I read TCP ACK packets prioritizing can increase incoming throughput. Does that make sense on fast internet connections like is ours or is it useful only for e.g. dial-up connections? I would use following ALTQ settings:

 

                ALTQ on $lan_ex bandwidth 10Mb cbq { queue_std, queue_ack }

                               queue queue_std on $lan_ex bandwidth 99% cbq(default)

                               queue queue_ack on $lan_ex bandwidth 1%

 

                ... and create a TCP/ACK rule on $lan_ex with queue_ack

 

Thanks in advance for your help!

 

Ales Krajnik

More information about the freebsd-pf mailing list