From owner-freebsd-pf@FreeBSD.ORG Tue May 29 02:19:06 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A502016A46E for ; Tue, 29 May 2007 02:19:06 +0000 (UTC) (envelope-from bcook@poughkeepsieschools.org) Received: from a.outbound.bsdwebsolutions.com (a.outbound.bsdwebsolutions.com [64.72.68.2]) by mx1.freebsd.org (Postfix) with ESMTP id 466FC13C4B0 for ; Tue, 29 May 2007 02:19:06 +0000 (UTC) (envelope-from bcook@poughkeepsieschools.org) Received: from mail.bsdwebsolutions.com ([64.72.68.15]) by a.outbound.bsdwebsolutions.com with esmtps (TLSv1:AES256-SHA:256) (BSD Web Solutions, Inc.) (envelope-from ) id 1Hsqhi-000CPZ-BU for freebsd-pf@freebsd.org; Mon, 28 May 2007 21:40:54 -0400 Received: from [64.72.66.117] (helo=mail.poughkeepsieschools.org) by mail.bsdwebsolutions.com with esmtps (TLSv1:AES256-SHA:256) (BSD WebSolutions, Inc.) (envelope-from ) id 1Hsqhi-000Fi2-33 for freebsd-pf@freebsd.org ; Mon, 28 May 2007 21:40:54 -0400 Received: from localhost ([127.0.0.1]:50610 helo=mail.poughkeepsieschools.org) by mail.poughkeepsieschools.org with esmtp (BSD WebSolutions, Inc.) (envelope-from ) id 1Hsqhh-0004Kv-Re for freebsd-pf@freebsd.org ; Mon, 28 May 2007 21:40:53 -0400 Received: from 24.161.13.8 (SquirrelMail authenticated user bcook) by mail.poughkeepsieschools.org with HTTP; Mon, 28 May 2007 21:40:53 -0400 (EDT) X-BSD-Virus-Check: ClamAV 0.90.2/3314 on mail.poughkeepsieschools.org; Mon, 28 May 2007 21:40:53 -0400 Message-ID: <60516.24.161.13.8.1180402853.squirrel@mail.poughkeepsieschools.org> Date: Mon, 28 May 2007 21:40:53 -0400 (EDT) From: "B. Cook" To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: multiple vlans and altq X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 May 2007 02:19:06 -0000 I am trying to figure out the best way to do this, and I am quite confused about where I have to altq. I am sure that I am the source of my own confusion, but I can not seem to find anything to help myself. :) I have a new box that we would like to use to replace our aging router that currently does not do any traffic shaping. I am using a P4 2G box w/ 256MB and two em cards running FreeBSD 6.2-p5 and Dell PowerConnects. I have all the vlan interfaces setup, and routing properly in my test area; but I can not seem to figure out how to altq the vlans logically. The new router will have em0 as a /30 facing the provider and em1 will be setup with vlans. What I have is a 4mbit link symmetrical and what I would like to do is make one parent queue on the external interface (cbq). Then split that into three queues (25% servers(borrow), and 74% users and 1% other). And then split the users queue up into 4 queues 25% each that can also borrow. (this is inferred from the 'Building Firewalls with OpenBSD and PF: second edition (paper page211, pdf page225) The mental problem I am having is how do the vlans work with respect to the 4mbit link? As in how can I give all the vlan networks ethernet bandwith when going vlan to vlan? Do I want not want to do that? (this was the problem with our 3620 is that the vlans overwhelm the router when there is too much traffic) If I want to limit their upload ability to the Internet would I have to do that on each vlan interface? Or would I need a second altq rule on the other interface em1? Should I just let them have free run of the ethernet - as this pc can handle it? (I have also been reading the Absolute OpenBSD book from Michael Lucas, in which he uses an example of a dmznet, localnet and a t1. He subtracks the bandwidth of the t1 from the ethernet and makes a local queue of the difference of the two; I do not understand that. This is what got me confused and scared about all of this.) I am not sure if I am helping myself by out thinking myself, or making this harder on myself than it needs to be. Can anyone tell me how to do this? Or what I am thinking that is incorrect? I have something like 20+ vlans that will be going into each of the 4 users queues, so I really need to know what I'm missing and why I think this is so hard. Thank you greatly, - Confused