PF + ALTQ - Bandwidth per customer

[eculp]

Quoting Tom Uffner <tom at uffner.com>:

> eculp wrote:
>
>> I don't remember why but for some reason I have the idea that  
>> pf+altq is not bidirectional.  Am I mistaken?
>
> no solution that does not involve cooperation from your upstream
> connection(s) is truly bidirectional. it is easy to limit/shape
> your outbound traffic. on the other hand it is difficult if not
> impossible to unilaterally control the amount or sources of inbound
> data arriving at your border router(s) on it's way to various
> applications (mail servers, for example).
>
> you can _pretend_ to by dropping, queuing or otherwise limiting it
> once inside your network, but you cannot meaningfully prevent it from
> using your downlink bandwidth and potentially crowding out other,
> possibly more desirable, inbound data.
>

Hi, Tom.

Thanks for responding.  As I read your answer and my question.  I'm  
pretty sure that I probably didn't ask the question properly.  What I  
need to do is be intermediary between my upstream ISP's and my  
customers and would like to control the bandwidth hogs.

Basically, I want certain outgoing traffic based on port to go to ISP1  
and all other, not blocked, ports to go to the other while limiting  
the available internal bandwidth to each downstream client say to 64k  
if  and if borrowing is possible when traffic is low, great.  I did  
something like this with IPFW and dummynet maybe 6 or more years ago  
and as I remember, worked and solved an immediate problem of  
downstream demand not being distributed adequately or equitably.  The  
major differences were connection speed and there was only one isp.

I've looked at:
http://www.openbsd.org/faq/pf/pools.html
It ether doesn't do what I want or I don't understand how to make it  
do what I want.  I am considering going back to IPFW and dummynet but  
now that I'm using PF, I am a bit lazy to try and integrate what I  
have in pf to IPFW.

Thanks for any help, advice, configuration examples, etc.

ed