HFSC ALTQ for prioritization LAN and router traffic

Thu Nov 24 18:05:16 UTC 2011

 Hi!
 I have FreeBSD9 router with ADSL connections and with 5Mb/s download speeed and only 850 Kb/s upload.

 I am attempting prioritization outgoing traffic coming from LAN (bulk and TCP ACK) and traffic coming from the router, because I have some services running on the server for remote clients.

mst="modulate state"
ext_if="em0"
int_if1="em1"

table <lan> persist {192.168.10/24}

set skip on {lo}
set ruleset-optimization basic
set state-policy if-bound
set require-order yes

scrub on $ext_if all random-id no-df min-ttl 128

### ALTQ

altq on $ext_if hfsc bandwidth 800Kb queue {std, lan, lan_ack, serv, serv_ack}
queue std bandwidth 50Kb priority 1 hfsc (default realtime 50Kb)
queue lan bandwidth 50Kb priority 2 hfsc (realtime 50Kb)
queue lan_ack bandwidth 50Kb priority 7 hfsc (realtime 300Kb upperlimit 300Kb)
queue serv bandwidth 50Kb priority 2 hfsc (realtime 50Kb)
queue serv_ack bandwidth 50Kb priority 7 hfsc (realtime 50Kb)

###

nat on $ext_if tag INET tagged INET -> ($ext_if) port 1024:65535

###################### BLOCK IN/OUT/ALL

block all
block in quick inet from urpf-failed to any
block in quick inet from no-route to any

antispoof quick for {$int_if1 lo} inet

####################### PASS IN

### EXT_IF_IN

pass in quick on $ext_if inet from any to ($ext_if) $mst (max 100) queue (serv serv_ack)

### INT_IF

pass in quick on $int_if1 inet from <lan> to !$int_if1 $mst tag INET
pass in quick on $int_if1 inet from <lan> to $int_if1

###################### PASS OUT

### EXT_IF

pass out quick on $ext_if inet from $ext_if to any tagged INET queue (lan lan_ack)
pass out quick on $ext_if inet from $ext_if to any queue (serv serv_ack)

### INT_IF
pass out quick on $int_if1 inet from $int_if1 to <lan>

pfctl -vvsq

queue root_em0 on em0 bandwidth 800Kb priority 0 {std, lan, lan_ack, serv, serv_ack}
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue  std on em0 bandwidth 50Kb hfsc( default realtime 50Kb )
  [ pkts:          3  bytes:        126  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue  lan on em0 bandwidth 50Kb priority 2 hfsc( realtime 50Kb )
  [ pkts:         17  bytes:       1123  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue  lan_ack on em0 bandwidth 50Kb priority 7 hfsc( realtime 300Kb upperlimit 300Kb )
  [ pkts:       8872  bytes:     479088  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50 ]
  [ measured:    49.0 packets/s, 21.19Kb/s ]
queue  serv on em0 bandwidth 50Kb priority 2 hfsc( realtime 50Kb )
  [ pkts:      11290  bytes:   17089007  dropped pkts:      0 bytes:      0 ]
  [ qlength:  43/ 50 ]
  [ measured:    50.0 packets/s, 605.60Kb/s ]
queue  serv_ack on em0 bandwidth 50Kb priority 7 hfsc( realtime 50Kb )
  [ pkts:         29  bytes:       2597  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50 ]
  [ measured:     0.0 packets/s, 0 b/s ]

  Without ALTQ when anybody from Internet dowloading from server the dowload speed for LAN bring down to 20Kb/s. When use ALTQ - speed for LAN users bring down to 2Mb/s. This is good, but not as I have specified in pf.conf
  I have specified realtime speed for ACK's packets 300Kb but in real I have about 20Kb.

  In above queues output, one user from LAN downloading file and one from Internet downloading from router. Both via ftp.

  Where is my mistake?