PF + ALTQ - Bandwidth per customer

eculp eculp at encontacto.net
Wed Dec 3 05:19:43 PST 2008 

Quoting "Ronnel P. Maglasang" <rmaglasang at infoweapons.com>:

> Александр Шевченко wrote:
>> Using ipfw+dummynet you could easily limit bandwidth per ip:
>>
>> $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff
>> $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff
>> $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in
>> $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out
>>
>>
>> Using pf+altq you could limit easily  bandwith for all clients:
>>
>> altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_inet }
>> queue powernet_local bandwidth 95% cbq(default)
>> queue powernet_inet bandwidth 40Mb
>>
>> pass out on $int_if from <neighbors_net> to <internal_net> queue
>> powernet_local
>> pass out on $int_if from !<neighbors_net> to <internal_net> queue
>> powernet_inet
>>
>> But you could not limit bandwidth per ip using PF.
>>
>>
> why not? you create pf+altq equivalent rules for ipfw+dummynet rules.
> you may look at policy based filtering if needed. you just have to play
> with "tag" and "tagged" directives.

I don't remember why but for some reason I have the idea that pf+altq  
is not bidirectional.  Am I mistaken?

Thanks,

ed
>
>> Ryan McBride wrote in
>> it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbsd-p
>> f/msg/512d1eba9683cea6?hl=ru&dmode=source)
>>
>>
>>> P.S. By the way, no chance to shaping like ipfw(dummynet), by getting
>>> mask for all ip addresses? It's the last reason to stay with ipfw:
>>>
>>
>> No, there is nothing like this in PF right now. It's on my list of
>> things to look at, but that list grows faster than I can get things
>> done...
>> -----Original Message-----
>> From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org] On
>> Behalf Of Andrei Kolu
>> Sent: Tuesday, December 02, 2008 11:42 AM
>> To: Peter Jeremy; freebsd-pf at freebsd.org; freebsd-isp at freebsd.org
>> Subject: Re: PF + ALTQ - Bandwidth per customer
>>
>> ipfw+dummynet is really ugly traffic "shaper" (let's face it there  
>> is no shaping going on), because instead of limiting bandwidth it  
>> will drop packets to simulate bad connection. I hear many years  
>> about "trivial" configuration per user bandwidth limit with pf+altq  
>> but never saw ANY code... You can't set bandwidth limit with PF  
>> like 3Mbit per 100 clients if your lan card is 100Mbit. This is  
>> just lame- in reality clients never use all bandwidth and never all  
>> clients are connected all the time. Even Linux ipfilter does it for  
>> years with insane cryptic commandline but it just works.
>>
>> _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list