Queueing with pf

Erik Norgaard norgaard at locolomo.org
Wed Jun 14 08:21:41 UTC 2006


I have a network:

        54Mbps           100Mbps     320Kbps->
   WLAN ------ FBSD w PF ------- DSL --------- Internet

Clearly, any congestion will occur on the DSL-Internet line.

I want to enable queueing on the FBSD gateway using PF such that the 
DSL-Internet connection does not get saturated with questionable traffic 
such as p2p and to allow free riders limited access without getting 
sucking up all the bandwidth, something like this:

    WLAN -> Internet 320Kbps
         critical   256Kbps pri 1 borrow
         noncrit     48Kbps pri 2 borrow
         freeriders  16Kbps pri 3

    Internet -> WLAN  2Mbps
         critical     1.5Mbps pri 1 borrow
         noncrit      256Kbps pri 2 borrow
         freeriders   128Kbps pri 3

That is, freeriders should be able to do the most basic task, but since 
they don't share the costs they should always be lowest priority. Also, 
I want to make sure that bandwidth intensive protocols such as voip gets 
through fast.

Now, reading the PF manual, queueing only makes sense on traffic going 
out. Once packets are received there's no point in holding them back. 
This means that packets from the Internet to some wlan host have 
consumed their part of the 2Mbps available so there is no point in 
holding them back.

In other words, it seems I need to queue the packets from the wlan to 
the Internet such as to get the desired result on both upstream and 
downstream. Any ideas on how to do that?

I think I need a better picture of how much goes in each direction for 
the different protocols, ie. p2p down ~= up, while http down ~= 4*up? Do 
any one have some thumb rules for this?

Secondly: Is it possible to differentiate scp/sftp and ssh such that the 
later goes in the critical queue while the former goes in the noncritical?

Thanks, Erik

More information about the freebsd-questions mailing list