Date: Wed, 16 Sep 2015 12:04:09 -0400 From: Mike Tancsa <mike@sentex.net> To: freebsd-pf@freebsd.org Subject: simple altq on RELENG_10 issue Message-ID: <55F992F9.4010701@sentex.net>
next in thread | raw e-mail | index | archive | help
I am trying to get some simple altq rules working to limit a box from
maxing out its allocated bandwidth. Its RELENG_10 (r287826), AMD64.
if_re is the interface.
altq on $ext_if hfsc bandwidth 1Mb queue { http, other }
block in log all
pass in log from <TRUSTED> to any keep state
pass in log inet6 from <TRUSTED6> to any keep state
pass in log inet6 proto icmp6 from any to any keep state
pass in log inet proto icmp from any to any keep state
pass in log on $ext_if inet proto tcp from any to any port 22 keep state
pass out log on $ext_if proto tcp from any to any port {80,443} queue http
pass out log on $ext_if inet6 proto tcp from any to any port {80,443}
queue http
pass out log on $ext_if from any to any keep state queue other
pass out log on $ext_if proto tcp from any to any port {80,443} queue http
pass out log on $int_if from any to any keep state
pass out log on $ext_if inet6 from any to any keep state queue other
pass in log on $ext_if inet6 proto tcp from any to any port {443,22}
keep state
The interface is 10Mb ethernet. I set the rule to 1Mb just to see if it
was an issue of altq not being very accurate. But no matter what, doing a
fetch -4 -o /dev/null http://somebigfile
has the speed at about 10Mb...
Its in the kernel
% sysctl -A | grep -i altq
options ALTQ_NOPCC
options ALTQ_PRIQ
options ALTQ_CDNR
options ALTQ_HFSC
options ALTQ_RIO
options ALTQ_RED
options ALTQ_CBQ
options ALTQ
When I start the fetch, looking at the state table
pfctl -ss -v -v
all tcp xx.yy.zz.9:14313 -> aa.bb.cc.33:80 ESTABLISHED:ESTABLISHED
[2866979674 + 66560] wscale 6 [2041348410 + 196224] wscale 6
age 00:00:07, expires in 24:00:00, 2896:5787 pkts, 150721:8613084
bytes, rule 9
id: 0700000055f98086 creatorid: 8451a24d
and its the rule
@9 pass out log on re0 proto tcp from any to any port = http flags S/SA
keep state queue http
[ Evaluations: 3 Packets: 13038 Bytes: 13118285 States:
1 ]
[ Inserted: uid 0 pid 1836 State Creations: 1 ]
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55F992F9.4010701>