ALTQ/pf troubles
Alexander S. Usov
A.S.Usov at KVI.nl
Mon Sep 27 13:40:38 PDT 2004
Hello !!
As a happy owner of the 1120/352Kbit ADSL line and 5.3-BETA6
I have tried to configure altq as it's described in
/usr/share/examples/pf/ackpri and have hit quite a number of
strange issues with ALTQ.
So, the system is:
FreeBSD kvip55.lan 5.3-BETA6 FreeBSD 5.3-BETA6 #0: Mon Sep 27 18:40:51 CEST
pf.conf & kernel configs are attached to the mail.
Just enabling the queueing on the interface with bandwidth == DSL bandwidth
results in the appox. factor of 2 drop in the speed of the outgoing transfers.
>From my experiments I got an impression that to make this slow-down
away I have to specify the bandwith around 700Kb, which is twice bigger than
real.
Also I found it almoust impossible to reproduce the expected effect of the
ASC prioritization. Below is the table of the measured transfer speeds (shown
by scp after 1-2 minutes of transfer).
1-way corresponds to the copying to/from host, and 2-way is both downloads
running simultaneously.
Speeds are DOWN/UP:
no altq:
1-way: 115/35
2-way: 45-60/35
queue bandwidth 350:
1-way: 115/17
2-way: 55/17
queue bandwidth 550:
1-way: 115/29
2-way: 64/29
queue bandwidth 250:
1-way: 115/13
2-way: 45/10
--
Best regards,
Alexander.
-------------- next part --------------
machine i386
cpu I686_CPU
options CPU_SUSP_HLT
options INCLUDE_CONFIG_FILE
ident KVIP55
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
#options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SCSI_DELAY=150 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
# Add character code conversion support with LIBICONV.
options CD9660_ICONV
options MSDOSFS_ICONV
options LIBICONV
# Additionall network options
options IPDIVERT # divert sockets
options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default
options IPSEC # IP security
options IPSEC_ESP # IP security (crypto; define w/ IPSEC)
options ALTQ
options ALTQ_CBQ # Class Bases Queueing
options ALTQ_PRIQ # Priority Queueing
# To make an SMP kernel, the next two are needed
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
options ATA_STATIC_ID # Static device numbering
device atapicam # emulate ATAPI devices as SCSI ditto via CAM
# needs CAM to be present (scbus & pass)
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
device pass # Passthrough device (direct SCSI access)
device da # Direct Access (disks)
#device cd # CD
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
options SC_ALT_MOUSE_IMAGE
options SC_PIXEL_MODE
options VESA
device agp # support several AGP chipsets
device radeondrm
device mgadrm
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device cbb # cardbus (yenta) bridge
#device pccard # PC Card (16-bit) bus
#device cardbus # CardBus (32-bit) bus
# PCI Ethernet NICs that use the common MII bus controller code.
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 Ethernet
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ehci # EHCI PCI->USB interface
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
# FireWire support
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires scbus and da)
# Sound support
device sound # The generic sound driver.
device snd_ich # Intel ICH PCI and some more audio controllers
# embedded in a chipset.
-------------- next part --------------
#==================== DEFS ====================
ext = "bfe0"
table <priv_nets> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, !10.0.0.0/24 }
tcp_services = "{ ssh, ftp, ftp-data, 17778, 4662, 49152:65535 }"
icmp_types = "echoreq"
#==================== OPTIONS ====================
set block-policy return
set loginterface $ext
set optimization conservative
#==================== SCRUB ====================
scrub in all
#==================== QUEUE ====================
#altq on $ext priq bandwidth 250Kb queue {q_pri, q_def}
#queue q_pri priority 7
#queue q_def priority 1 priq(default)
#==================== NAT ====================
#nat on $ext from $home to any -> ($ext)
#==================== FILTERING ====================
block all
# loopback
pass quick on lo0 all
antispoof for lo0
# ESP
pass quick proto esp
# block private networks
block drop in quick on $ext from <priv_nets> to any
block drop out quick on $ext from any to <priv_nets>
# allow incoming
pass in on $ext proto tcp from any to ($ext) port $tcp_services \
modulate state #queue (q_def, q_pri)
pass in inet proto icmp icmp-type $icmp_types keep state
# allow outgong traffic
pass out on $ext proto tcp modulate state #queue (q_def, q_pri)
pass out on $ext proto { udp, icmp } keep state
More information about the freebsd-current
mailing list