ALTQ/pf troubles

Alexander S. Usov A.S.Usov at KVI.nl
Fri Oct 1 14:04:45 PDT 2004 

On Friday 01 October 2004 21:00, Max Laier wrote:
> > Increasing bandwith in the altq rule to 700Kb, results in the upload
> > speed of approx. 30-34 KB/s.
>
> Hmmm ... you realize that ALTQ takes *BIT* per second?

Yes. And 350Kbit/s ~ 43KB/s

> > Is it a good idea to check the behavior of the ruleset with OpenBSD?
>
> First of all a look at your queue statistics would be helpful:
>  $ pfctl -vvsq
> how many packets are being dropped? Which queues do the packets end up in?

Ok. The pf ruleset used during the test is attached to the letter.
Using scp results in the approx. 17-20KByte/s sustained transfer rate.
$ pfctl -vvsq
queue q priq( default )
  [ pkts:       6515  bytes:    7183041  dropped pkts:      0 bytes:      0 ]
  [ qlength:   4/ 50 ]
  [ measured:    18.2 packets/s, 162.56Kb/s ]

Setting the bandwidth to 700Kb gives:
$ pfctl -vvsq
queue q priq( default )
  [ pkts:       2526  bytes:    3201627  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50 ]
  [ measured:    30.6 packets/s, 313.11Kb/s ]

> If you can easily check OpenBSD behavior, that'd be a good check as well.

I will try to install it this weekend and check there.
I believe 3.5 has a driver for broadcom 4401.

-- 
Best regards,
  Alexander.
-------------- next part --------------
#==================== DEFS ====================
ext = "bfe0"

table <priv_nets> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
	10.0.0.0/8, !10.0.0.0/24 } 

tcp_services = "{ ssh, ftp, ftp-data, 17778, 4662, 49152:65535 }"
icmp_types = "echoreq"

#==================== OPTIONS ====================
set block-policy return
set loginterface $ext
set optimization conservative

#==================== SCRUB ====================
scrub in all

#==================== QUEUE ====================
altq on $ext priq bandwidth 350Kb queue {q}
queue q priority 1 priq(default)

#==================== FILTERING ====================
block all

# loopback
pass quick on lo0 all
antispoof for lo0

# ESP
pass quick proto esp

# block private networks
block drop in  quick on $ext from <priv_nets> to any
block drop out quick on $ext from any to <priv_nets>

# incoming
pass in on $ext proto tcp from any to ($ext) port $tcp_services \
	modulate state
pass in inet proto icmp icmp-type $icmp_types keep state

# outgong
pass out on $ext proto tcp modulate state
pass out on $ext proto { udp, icmp } keep state

More information about the freebsd-current mailing list