From owner-freebsd-pf@FreeBSD.ORG Sat Oct 22 15:52:26 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57E6316A41F for ; Sat, 22 Oct 2005 15:52:26 +0000 (GMT) (envelope-from brunomiguel@dequim.ist.utl.pt) Received: from gecea.ist.utl.pt (gecea.ist.utl.pt [193.136.140.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E28243D67 for ; Sat, 22 Oct 2005 15:52:19 +0000 (GMT) (envelope-from brunomiguel@dequim.ist.utl.pt) Received: from [66.30.10.101] (c-66-30-10-101.hsd1.ma.comcast.net [66.30.10.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gecea.ist.utl.pt (Postfix) with ESMTP id 02AA5411A; Sat, 22 Oct 2005 16:52:17 +0100 (WEST) Message-ID: <435A6025.5060602@dequim.ist.utl.pt> Date: Sat, 22 Oct 2005 11:52:05 -0400 From: Bruno Afonso User-Agent: Thunderbird 1.4 (Windows/20050908) MIME-Version: 1.0 To: Bill Marquette References: <000b01c5d644$54527f20$0132a8c0@delta> <4359ED5B.7010303@dequim.ist.utl.pt> <55e8a96c0510220651t47fa063ayefd1dcffd63950a6@mail.gmail.com> In-Reply-To: <55e8a96c0510220651t47fa063ayefd1dcffd63950a6@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD + MPD + PF + ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2005 15:52:26 -0000 Bill Marquette wrote: > On 10/22/05, Bruno Afonso wrote: >> The download part is the problematic one IF they're not all connected to >> the same network interface. Why ? Because altq only works PER interface >> and tun0, tun1, tun2, etc are each and single one, one interface on its own. >> >> You basically have to >> >> altq on tun0 >> >> altq on tun1, etc.. >> >> What we would need in this case would be a meta-interface that altq >> would work on, but that is not available. Bottom line: you can't control >> with PF global bw over an interface-span. This is probably necessary for >> a full commercial deployment. Don't know of any plans to implement this... >> >> meta_if {tun0, tun1} >> >> altq on meta_1 ... >> >> would be nice. :-) > > You mean something like: > altq on { fxp0 fxp1 } bandwidth 100Mb hfsc queue { a b } > queue a bandwidth 50Mb hfsc(default) > queue b bandwidth 50Mb hfsc > This works today :) Yes, I have now tried and verified that it works, but not as we would like to in the sense of a meta interface, eg: altq on { tun0 tun1 tun2 } cbq bandwidth 1Mb queue { a b } queue a bandwidth 700Kb cbq(default) queue b bandwidth 300Kb which turns itself into... (from pfctl -sq) queue root_tun0 bandwidth 1Mb priority 0 cbq( wrr root ) {a, b} queue a bandwidth 700Kb cbq( default ) queue b bandwidth 300Kb queue root_tun1 bandwidth 1Mb priority 0 cbq( wrr root ) {a, b} queue a bandwidth 700Kb cbq( default ) queue b bandwidth 300Kb queue root_tun2 bandwidth 1Mb priority 0 cbq( wrr root ) {a, b} queue a bandwidth 700Kb cbq( default ) queue b bandwidth 300Kb What would I want with this? To create a queue that is shared by every interface, so limiting globally every interface to a maximum of 1Mb each and all of them to 1Mb each too, in a cqb borrowing shared way. For examply, I'd like a to never exceed 700Kb taking into account every interface. This makes perfect sense if I have a limited ammount of bw to share among each client, which, in a real world, happens 99,9% of the time because resources are limited. So, the syntax works, but it does achieve what I mentioned before, the meta interface concept. The example you give is only useful for simplifying rulesets, although it's more difficult for humans to understand. BA -- Bruno Afonso, Biological Engineer Dana-Farber Cancer Institute 1 Jimmy Fund Way Smith Building Boston, MA 02115 phone: (617)-632-5105 GABBA Graduate Student (http://gabba.up.pt) Homepage @ http://brunoafonso.net/