Ingress traffic shaping

Spenst, Aleksej Aleksej.Spenst at harman.com
Thu May 20 08:29:46 UTC 2010


Hi All,

If I understand it correctly, ingress traffic shaping is not possible with pf/altq.
Are there any tricks to do it?


I suppose that if incoming traffic is sent out by the router further to the LAN, the incoming traffic can be considered as outcoming traffic and therefore can be easily shaped.

---- incoming traffic ---> <ext_if> ROUTER <int_if with altq> ---- shaped outcoming traffic ---->

So, in this case one can say that ingress traffic can be shaped. In this manner it should be possible to limit TCP download traffic.


What if traffic is not forwarded further?

---- incoming traffic ---> <ext_if> END HOST

Is it possible to do anything to slow down for example TCP download traffic? Drop incoming packets? Drop or slow down outgoing ACKs?
I've tried to put outgoing ACKs in the queue with the lowest priority, but that doesn't help when there is no much other outbound traffic.

I also was trying to figure out whether it is possible to forward the incoming traffic to the loopback interface and then back to ext_if, so that incoming traffic can be considered as outcoming at the loopback interface.

---- incoming traffic ---> <ext_if> ----> <lo0> ---- shaped outcoming traffic ----><back to ext_if>

but I couldn't configure pf.conf such that this would be possible... Is this theoretically possible?


Thanks a lot for any tips!

Aleksej.





More information about the freebsd-pf mailing list