From owner-freebsd-pf@FreeBSD.ORG Wed Sep 3 02:44:34 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80B7E106566B for ; Wed, 3 Sep 2008 02:44:34 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id 15B638FC08 for ; Wed, 3 Sep 2008 02:44:34 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-063-119.pools.arcor-ip.net [88.66.63.119]) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis) id 0MKxQS-1KaiMC1I4Q-0000VW; Wed, 03 Sep 2008 04:44:33 +0200 Received: (qmail 69855 invoked from network); 3 Sep 2008 02:44:31 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 3 Sep 2008 02:44:31 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Wed, 3 Sep 2008 04:44:31 +0200 User-Agent: KMail/1.10.0 (FreeBSD/8.0-CURRENT; KDE/4.1.0; i386; ; ) References: <20080903020843.GA70612@theouterdarkness.com> In-Reply-To: <20080903020843.GA70612@theouterdarkness.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200809030444.31690.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19H2tkMMR/AzU+ISiTX78flt+sgxH4xpIUFrXU IJUNrB7nErPq8fgeGi7sgAndiOkWg/AwSlO11VsF14IZJEz+DL H2WmJ8sr7n9ROXGcln5zQ== Cc: Subject: Re: ALTQ & Multiple Connections X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 02:44:34 -0000 On Wednesday 03 September 2008 04:08:43 Lance Murdock wrote: > I have two Internet connections on my firewall, and a busy web server. > They are both "burstable" connections, where the commit rate is much > lower than the maximum connection speed. I pay a flat rate > up to the commit rate, but If I go over, I get charged per mbit. > > One of the connections' overage rate is a lot cheaper than the other. > So, what I would like to do is fill up the first connection right up to > its commit rate and then dump all remaining traffic to the second > connection, thus guaranteeing myself the cheapest bill at the end of > the month. > > With ALTQ, I can see how to limit outgoing bandwidth by dropping packets, > but I don't want to drop the packets, I want to force them out the > other interface, as I might with pf's route-to. > > Is this possible with pf and ALTQ? No and I don't know of any software that would make that possible - probably because it's a horrible idea. You will run into all kinds of trouble with out of order packets. Let alone the issues you will have if any of your ISPs does source filtering, or with asymmetric return paths and possibly NAT. There really is no way to do what you have in mind. The only thing you can do is some level of *per-flow* round-robin (with weights) onto your outgoing connections - maybe adjusting the weights according to ALTQ usage stats. But that's a very rough estimate - but you can't do better than that, anyways. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News