From owner-freebsd-isp@FreeBSD.ORG Mon Nov 24 21:21:52 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46EAA1065673; Mon, 24 Nov 2008 21:21:52 +0000 (UTC) (envelope-from marcello@linconet.com.br) Received: from mail.linconet.com.br (mail.linconet.com.br [189.17.121.39]) by mx1.freebsd.org (Postfix) with ESMTP id DFE878FC17; Mon, 24 Nov 2008 21:21:51 +0000 (UTC) (envelope-from marcello@linconet.com.br) Received: from wolwerine (unknown [200.172.230.194]) by mail.linconet.com.br (Postfix) with ESMTP id 30D7B29B1A; Mon, 24 Nov 2008 18:04:21 -0300 (BRT) Date: Mon, 24 Nov 2008 18:04:11 -0300 From: Marcello Barreto To: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org Message-ID: <20081124180411.0b065be5@wolwerine> Organization: Linconet - =?UTF-8?Q?Solu=C3=A7=C3=B5es?= em =?UTF-8?Q?infor?= =?UTF-8?Q?m=C3=A1tica?= X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Linconet-MailScanner: Found to be clean X-Linconet-MailScanner-From: marcello@linconet.com.br X-Spam-Status: No Cc: Subject: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2008 21:21:52 -0000 Hello Folks, I believe you have heard this several times, but I'm new to FreeBSD and i'm trying to change my bandwidth control from Linux (iptables + TC + iproute) to Freebsd (PF + ALTQ). I read about PF and I was very interested on it, but I want to limit the bandwidth (Download and Upload) from each customer behind a router (Obviously, FreeBSD with PF.).. There are several networks and a lot of customers, and with my rules, only what I got was each customer sharing the same queue... There are my rules: altq on $external cbq queue {def_up, def_up300, def_up450, def_up600, def_up1000} altq on $internal cbq queue {def_down, def_down300, def_down450, def_down600, def_down1000} queue def_up bandwidth 10% cbq(default) queue def_down bandwidth 10% cbq(default) queue def_up300 bandwidth 128Kb cbq(red) queue def_up450 bandwidth 200Kb cbq(red) queue def_up600 bandwidth 300Kb cbq(red) queue def_up1000 bandwidth 500Kb cbq(red) queue def_down300 bandwidth 300Kb cbq(red) queue def_down450 bandwidth 450Kb cbq(red) queue def_down600 bandwidth 600Kb cbq(red) queue def_down1000 bandwidth 1024Kb cbq(red) pass in quick inet proto {tcp, udp} from to any queue def_down300 pass out quick inet proto {tcp, udp} from to any queue def_up300 Ps.: Excuse me for my bad English. -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From owner-freebsd-isp@FreeBSD.ORG Sat Nov 29 14:27:33 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E70241065677 for ; Sat, 29 Nov 2008 14:27:33 +0000 (UTC) (envelope-from david_5073@yahoo.com) Received: from web38504.mail.mud.yahoo.com (web38504.mail.mud.yahoo.com [209.191.125.50]) by mx1.freebsd.org (Postfix) with SMTP id B11A68FC19 for ; Sat, 29 Nov 2008 14:27:33 +0000 (UTC) (envelope-from david_5073@yahoo.com) Received: (qmail 42129 invoked by uid 60001); 29 Nov 2008 14:00:52 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID; b=Gm/oAqgsTQacz8GT50YUZDHnmk0lNtTjtMBKo0dhFHbTtAzkAiahR3Wxa78Kdo7N2koiTADegF9YZzzEbZOElYYIf2D1+Y0Rfx/cLUEeT+0jcRaSUuV04NAZ0PQSpfKZAmjRIciOZoMnTUnAbIA7KBgRz6lcZubkijuKGlas+z8=; X-YMail-OSG: piCTbqEVM1nVflng.R4TCx0bLxlBLbzx78ehFvRoE2iDifrNBjiIcRRSXTJo2sXgWRoRHBvtazerAu6F4yIPgtw6pJdIFGlAZNFTj4deZZ2bYh8ylkzaahnrEWifM7YfRg_zLCLXjrIiWXnCjqNm2f9i3tN995kM1oFyXzQstj01iNZjC5Ui.iXh5LnokLaaizIMRdG2kNaKxFXXfL68Fb7D6qRIfzWdg4tSDIubN4gThhn_qgP5gMfZ1F60 Received: from [98.242.222.229] by web38504.mail.mud.yahoo.com via HTTP; Sat, 29 Nov 2008 06:00:52 PST X-Mailer: YahooMailWebService/0.7.260.1 Date: Sat, 29 Nov 2008 06:00:52 -0800 (PST) From: David Roseman To: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org, Marcello Barreto In-Reply-To: <20081124180411.0b065be5@wolwerine> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <705757.42117.qm@web38504.mail.mud.yahoo.com> Cc: Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: david_5073@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2008 14:27:34 -0000 --- On Mon, 11/24/08, Marcello Barreto wrote: > From: Marcello Barreto > Subject: PF + ALTQ - Bandwidth per customer > To: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org > Date: Monday, November 24, 2008, 4:04 PM > Hello Folks, > I believe you have heard this several times, but I'm > new to FreeBSD and i'm trying to change my bandwidth > control from Linux (iptables + TC + iproute) to Freebsd (PF > + ALTQ). > I read about PF and I was very interested on it, but I > want to limit the bandwidth (Download and Upload) from each > customer behind a router (Obviously, FreeBSD with PF.).. > There are several networks and a lot of customers, and with > my rules, only what I got was each customer sharing the same > queue... > > There are my rules: > altq on $external cbq queue {def_up, def_up300, def_up450, > def_up600, def_up1000} > altq on $internal cbq queue {def_down, def_down300, > def_down450, def_down600, def_down1000} > > queue def_up bandwidth 10% cbq(default) > queue def_down bandwidth 10% cbq(default) > > queue def_up300 bandwidth 128Kb cbq(red) > queue def_up450 bandwidth 200Kb cbq(red) > queue def_up600 bandwidth 300Kb cbq(red) > queue def_up1000 bandwidth 500Kb cbq(red) > > queue def_down300 bandwidth 300Kb cbq(red) > queue def_down450 bandwidth 450Kb cbq(red) > queue def_down600 bandwidth 600Kb cbq(red) > queue def_down1000 bandwidth 1024Kb cbq(red) > > > pass in quick inet proto {tcp, udp} from > to any queue def_down300 > pass out quick inet proto {tcp, udp} from > to any queue def_up300 > You should consider a commercial product rather than relying on old and somewhat unreliable technology. We've been able to squeeze a lot more customers onto our network for a $3500. investment. It paid for itself in 2 months. We have a dual-core 2.33Ghz system passing 95Mb/s with 12000 rules in place and it runs at about 10%. The latest version is truly amazing. http://www.etinc.com Regards, David From owner-freebsd-isp@FreeBSD.ORG Sat Nov 29 16:13:18 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B5E61065673 for ; Sat, 29 Nov 2008 16:13:18 +0000 (UTC) (envelope-from sebastian.tymkow@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by mx1.freebsd.org (Postfix) with ESMTP id BF2B08FC14 for ; Sat, 29 Nov 2008 16:13:17 +0000 (UTC) (envelope-from sebastian.tymkow@gmail.com) Received: by ey-out-2122.google.com with SMTP id 6so754238eyi.7 for ; Sat, 29 Nov 2008 08:13:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=Iv/mu6m1DhG+kgJF2yQqafeuCJd8covf8g3zUmuK8us=; b=RFQlSKgjgbKnoMzXEglBbdzr+vvgBOdOzfd9oYyfesm9xbYhV5+/d5ow8FITTpzbs7 BTVK6zccipX+VcE5JnDTer9AShWJTxJrLh/Mvmf++xRJ/QKg/Rg1dCZG/j3jKJ9vyisO KWE9S+iPT0C4DJ+Lm2DdmCFkstqBU7sG8LggU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=i64KEXWkBxQ2RA2KinIrkw1Kpl0rG64Nwvv9iSrc8+bAlntALpqL7z2dDrlV8v0imq Eu7f4QvUQ6eDrHc8Egegpp703kmtwZsYo4ZiKI3zYtvJgCPS7bFb4d1Lob0fu/bpGT8I YRqze3gYgDobVTtswjw3egX+t8MW9OWWnG6X4= Received: by 10.210.29.11 with SMTP id c11mr2658914ebc.141.1227973715094; Sat, 29 Nov 2008 07:48:35 -0800 (PST) Received: by 10.210.45.16 with HTTP; Sat, 29 Nov 2008 07:48:35 -0800 (PST) Message-ID: <692660060811290748i33059137g3977e51f692d8340@mail.gmail.com> Date: Sat, 29 Nov 2008 16:48:35 +0100 From: "=?ISO-8859-1?Q?Sebastian_Tymk=F3w?=" To: david_5073@yahoo.com In-Reply-To: <705757.42117.qm@web38504.mail.mud.yahoo.com> MIME-Version: 1.0 References: <20081124180411.0b065be5@wolwerine> <705757.42117.qm@web38504.mail.mud.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org, Marcello Barreto , freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2008 16:13:18 -0000 Hello, Why do you think it's unrealiable technology ? I think system that you propose rely on this technology ;) Most of this use bsd/linux/unix on board with own solutions and than they're packed into the box with cute web interface. Of course I can be wrong... Best regards, Shamrock 2008/11/29 David Roseman > > > > --- On Mon, 11/24/08, Marcello Barreto wrote: > > > From: Marcello Barreto > > Subject: PF + ALTQ - Bandwidth per customer > > To: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org > > Date: Monday, November 24, 2008, 4:04 PM > > Hello Folks, > > I believe you have heard this several times, but I'm > > new to FreeBSD and i'm trying to change my bandwidth > > control from Linux (iptables + TC + iproute) to Freebsd (PF > > + ALTQ). > > I read about PF and I was very interested on it, but I > > want to limit the bandwidth (Download and Upload) from each > > customer behind a router (Obviously, FreeBSD with PF.).. > > There are several networks and a lot of customers, and with > > my rules, only what I got was each customer sharing the same > > queue... > > > > There are my rules: > > altq on $external cbq queue {def_up, def_up300, def_up450, > > def_up600, def_up1000} > > altq on $internal cbq queue {def_down, def_down300, > > def_down450, def_down600, def_down1000} > > > > queue def_up bandwidth 10% cbq(default) > > queue def_down bandwidth 10% cbq(default) > > > > queue def_up300 bandwidth 128Kb cbq(red) > > queue def_up450 bandwidth 200Kb cbq(red) > > queue def_up600 bandwidth 300Kb cbq(red) > > queue def_up1000 bandwidth 500Kb cbq(red) > > > > queue def_down300 bandwidth 300Kb cbq(red) > > queue def_down450 bandwidth 450Kb cbq(red) > > queue def_down600 bandwidth 600Kb cbq(red) > > queue def_down1000 bandwidth 1024Kb cbq(red) > > > > > > pass in quick inet proto {tcp, udp} from > > to any queue def_down300 > > pass out quick inet proto {tcp, udp} from > > to any queue def_up300 > > > > You should consider a commercial product rather than relying on > old and somewhat unreliable technology. We've been able to squeeze a > lot more customers onto our network for a $3500. investment. It paid for > itself in 2 months. We have a dual-core 2.33Ghz system passing 95Mb/s > with 12000 rules in place and it runs at about 10%. The latest version is > truly amazing. > > http://www.etinc.com > > > Regards, > > David > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Sat Nov 29 16:26:58 2008 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 380431065677 for ; Sat, 29 Nov 2008 16:26:58 +0000 (UTC) (envelope-from david_5073@yahoo.com) Received: from web38505.mail.mud.yahoo.com (web38505.mail.mud.yahoo.com [209.191.125.51]) by mx1.freebsd.org (Postfix) with SMTP id E30F98FC16 for ; Sat, 29 Nov 2008 16:26:57 +0000 (UTC) (envelope-from david_5073@yahoo.com) Received: (qmail 11959 invoked by uid 60001); 29 Nov 2008 16:26:57 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=0AmLQrzKd50u55YH/5EAVagm0lbRG7agGF11Qe2jmXN6lWmWd7bG0tk5lu/hWJM2F/gPuuBvJQIMHp2HfmRfI+Za1TA/YY/UzzUmCoZ9G0hoSw33pP69G4gqSNjj4b2sh20Zsp2GbI2MjzpOh16Ev9r5niPIR5G1nelKPxRJSvY=; X-YMail-OSG: c7BuLBwVM1n.EQ2yH2uIsYswXOhN4XYV29wbssX918sGq.wa_SD62hG6l7nzoBtnLCxxDWBuEWfcUrfuVo7_VMZ_9DfVCwbP.fiRf.SE7toK0PS0cPUez1PkZvRov3a70gBkGg5HzVEir3NcgDaHnCz0hEL03F8w22sjuF98e_1t.Mad2PKZJ9ee6ejzBLNWt3qb10sX2q01Vm6lWvDJJaOEdD2BogUecQM2lRcYM9dd8IwV6_URWOJIS0lq Received: from [98.242.222.229] by web38505.mail.mud.yahoo.com via HTTP; Sat, 29 Nov 2008 08:26:57 PST X-Mailer: YahooMailWebService/0.7.260.1 Date: Sat, 29 Nov 2008 08:26:57 -0800 (PST) From: David Roseman To: =?iso-8859-1?Q?Sebastian_Tymk=F3w?= In-Reply-To: <692660060811290748i33059137g3977e51f692d8340@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <425805.11833.qm@web38505.mail.mud.yahoo.com> Cc: freebsd-isp@freebsd.org, Marcello Barreto , freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: david_5073@yahoo.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2008 16:26:58 -0000 Is top-posting allowed here? This product has been around longer than ALTQ and pf. So its unlikely that they threw away something that has always been superior to ALTQ to=20 replace it with ALTQ. The release notes go back to 1996. They also claim to have re-written the FreeBSD bridging code to gain 40% in performance.=20 http://www.etinc.com/release.notes RED and CBQ were technologies championed by Cisco. They're designed to work on CPU-starved routers. Cisco had a big problem because their routers were designed to move packets and they didn't have any cpu power available for intelligent processing required for packet shaping. So they designed these brain-dead "leaky bucket" and CBQ models to work on their cpu-starved= routers in the 90s. Inexplicably, these silly techniques were copied and p= ut into pubic operating systems, and people still use them to save what amounts to pennies compared to the new business they can attract with a better network. If you'd read the white papers you'd know its not a queue-based product and its totally custom. Window shaping is really the most important technology to reduce the amount of traffic in a nework. Slowing servers naturally without having to queue data makes a dramatic change in the delay patterns of a large network. Imagine 1000 servers sending 3000 bytes per window instead of 32K. The backup queue depths are dramatically= =20 reduced even without specific bandwidth limits per customer. It also has a traffic monitor that is indispensable in tracking down=20 DOS attacks, worms and out of control servers. I'd pay $500. just for the m= onitor. I have a problem, I fire up the monitor and bingo, I find the=20 problem. I think you can buy the lowest priced license and still use the monitor and gather statistics no matter how large your network is. David --- On Sat, 11/29/08, Sebastian Tymk=F3w wrote= : > From: Sebastian Tymk=F3w > Subject: Re: PF + ALTQ - Bandwidth per customer > To: david_5073@yahoo.com > Cc: freebsd-pf@freebsd.org, freebsd-isp@freebsd.org, "Marcello Barreto" <= marcello@linconet.com.br> > Date: Saturday, November 29, 2008, 10:48 AM > Hello, >=20 > Why do you think it's unrealiable technology ? > I think system that you propose rely on this technology ;) > Most of this use bsd/linux/unix on board with own solutions > and than they're > packed into the box > with cute web interface. > Of course I can be wrong... >=20 > Best regards, >=20 > Shamrock >=20 > 2008/11/29 David Roseman >=20 > > > > > > > > --- On Mon, 11/24/08, Marcello Barreto > wrote: > > > > > From: Marcello Barreto > > > > Subject: PF + ALTQ - Bandwidth per customer > > > To: freebsd-pf@freebsd.org, > freebsd-isp@freebsd.org > > > Date: Monday, November 24, 2008, 4:04 PM > > > Hello Folks, > > > I believe you have heard this several > times, but I'm > > > new to FreeBSD and i'm trying to change my > bandwidth > > > control from Linux (iptables + TC + iproute) to > Freebsd (PF > > > + ALTQ). > > > I read about PF and I was very interested > on it, but I > > > want to limit the bandwidth (Download and Upload) > from each > > > customer behind a router (Obviously, FreeBSD with > PF.).. > > > There are several networks and a lot of > customers, and with > > > my rules, only what I got was each customer > sharing the same > > > queue... > > > > > > There are my rules: > > > altq on $external cbq queue {def_up, def_up300, > def_up450, > > > def_up600, def_up1000} > > > altq on $internal cbq queue {def_down, > def_down300, > > > def_down450, def_down600, def_down1000} > > > > > > queue def_up bandwidth 10% cbq(default) > > > queue def_down bandwidth 10% cbq(default) > > > > > > queue def_up300 bandwidth 128Kb cbq(red) > > > queue def_up450 bandwidth 200Kb cbq(red) > > > queue def_up600 bandwidth 300Kb cbq(red) > > > queue def_up1000 bandwidth 500Kb cbq(red) > > > > > > queue def_down300 bandwidth 300Kb cbq(red) > > > queue def_down450 bandwidth 450Kb cbq(red) > > > queue def_down600 bandwidth 600Kb cbq(red) > > > queue def_down1000 bandwidth 1024Kb cbq(red) > > > > > > > > > pass in quick inet proto {tcp, udp} from > > > > to any queue def_down300 > > > pass out quick inet proto {tcp, udp} from > > > to any queue def_up300 > > > > > > > You should consider a commercial product rather than > relying on > > old and somewhat unreliable technology. We've been > able to squeeze a > > lot more customers onto our network for a $3500. > investment. It paid for > > itself in 2 months. We have a dual-core 2.33Ghz system > passing 95Mb/s > > with 12000 rules in place and it runs at about 10%. > The latest version is > > truly amazing. > > > > http://www.etinc.com > > > > > > Regards, > > > > David =0A=0A=0A