From owner-freebsd-pf@FreeBSD.ORG Sat Oct 22 23:59:30 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBBE216A41F for ; Sat, 22 Oct 2005 23:59:30 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A87543D49 for ; Sat, 22 Oct 2005 23:59:30 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: by xproxy.gmail.com with SMTP id r21so80511wxc for ; Sat, 22 Oct 2005 16:59:29 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ouH+E+rPqO3q7AqZosGmbrs2oMC4BB8YI7MaKOuNkfhJ9ta0zxjLKSK0/6J9iypdKLWxs51yX5TfY9fHnjPclIqlc24Ii+Xne5OOddpMq3e0oOApYhBVpyu9swKeQOg7hNnGp93x3OwKG2RfQzbNLJDcTheVODJCXWlG9EJrzD4= Received: by 10.70.103.15 with SMTP id a15mr2663738wxc; Sat, 22 Oct 2005 16:59:29 -0700 (PDT) Received: by 10.70.89.12 with HTTP; Sat, 22 Oct 2005 16:59:29 -0700 (PDT) Message-ID: <55e8a96c0510221659g7ac457b1gc696f392a249fee3@mail.gmail.com> Date: Sat, 22 Oct 2005 18:59:29 -0500 From: Bill Marquette To: Bruno Afonso In-Reply-To: <435A6025.5060602@dequim.ist.utl.pt> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <000b01c5d644$54527f20$0132a8c0@delta> <4359ED5B.7010303@dequim.ist.utl.pt> <55e8a96c0510220651t47fa063ayefd1dcffd63950a6@mail.gmail.com> <435A6025.5060602@dequim.ist.utl.pt> Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD + MPD + PF + ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2005 23:59:30 -0000 On 10/22/05, Bruno Afonso wrote: > Bill Marquette wrote: > > On 10/22/05, Bruno Afonso wrote: > >> The download part is the problematic one IF they're not all connected = to > >> the same network interface. Why ? Because altq only works PER interfac= e > >> and tun0, tun1, tun2, etc are each and single one, one interface on it= s own. > >> > >> You basically have to > >> > >> altq on tun0 > >> > >> altq on tun1, etc.. > >> > >> What we would need in this case would be a meta-interface that altq > >> would work on, but that is not available. Bottom line: you can't contr= ol > >> with PF global bw over an interface-span. This is probably necessary f= or > >> a full commercial deployment. Don't know of any plans to implement thi= s... > >> > >> meta_if {tun0, tun1} > >> > >> altq on meta_1 ... > >> > >> would be nice. :-) > > > > You mean something like: > > altq on { fxp0 fxp1 } bandwidth 100Mb hfsc queue { a b } > > queue a bandwidth 50Mb hfsc(default) > > queue b bandwidth 50Mb hfsc > > This works today :) > > Yes, I have now tried and verified that it works, but not as we would > like to in the sense of a meta interface, eg: > > altq on { tun0 tun1 tun2 } cbq bandwidth 1Mb queue { a b } > queue a bandwidth 700Kb cbq(default) > queue b bandwidth 300Kb > > > which turns itself into... (from pfctl -sq) > > > queue root_tun0 bandwidth 1Mb priority 0 cbq( wrr root ) {a, b} > queue a bandwidth 700Kb cbq( default ) > queue b bandwidth 300Kb > queue root_tun1 bandwidth 1Mb priority 0 cbq( wrr root ) {a, b} > queue a bandwidth 700Kb cbq( default ) > queue b bandwidth 300Kb > queue root_tun2 bandwidth 1Mb priority 0 cbq( wrr root ) {a, b} > queue a bandwidth 700Kb cbq( default ) > queue b bandwidth 300Kb > > > What would I want with this? To create a queue that is shared by every > interface, so limiting globally every interface to a maximum of 1Mb each > and all of them to 1Mb each too, in a cqb borrowing shared way. For > examply, I'd like a to never exceed 700Kb taking into account every > interface. This makes perfect sense if I have a limited ammount of bw to > share among each client, which, in a real world, happens 99,9% of the > time because resources are limited. > > So, the syntax works, but it does achieve what I mentioned before, the > meta interface concept. The example you give is only useful for > simplifying rulesets, although it's more difficult for humans to understa= nd. >From what I understand, that binds queue 'a' to every interface. The queue definition still limits the queue itself to 700Kb, but allows you to assign traffic to that queue on each interface that queue is bound to. I can't find the email that I read that suggests it now (machine having recently been wiped and google not being terribly forthcoming with the answer). Have you verified this not working with real traffic, or just the pfctl -sq output? At this time I don't have a multi-interface box at my disposal, so I can't easily test this. --Bill