Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jul 2019 13:15:50 -0700 (PDT)
From:      "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
To:        Kristof Provost <kp@freebsd.org>
Cc:        mike tancsa <mike@sentex.net>, freebsd-pf@freebsd.org
Subject:   Re: pf and dummynet
Message-ID:  <201907292015.x6TKFoYH045849@gndrsh.dnsmgr.net>
In-Reply-To: <F1B54673-B728-44D3-B3E9-F8A356A78C4A@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> On 29 Jul 2019, at 20:22, mike tancsa wrote:
> > On 7/29/2019 1:51 PM, Kristof Provost wrote:
> >>
> >> Also beware of gotchas with things like IPv6 fragment handling or
> >> route-to.
> >>
> >> I do not consider mixing firewalls to be a supported configuration. 
> >> If
> >> it breaks you get to keep the pieces.
> >
> > Thanks, I was worried about that!? Is there a way to get altq to 
> > limit
> > inbound traffic directed to a server ?? I would prefer not mixing and
> > matching, but I dont see any other way other than going to ipfw which 
> > I
> > would rather not
> >
> I don?t know. I?m not very familiar with altq.
> 
> In general I?d expect quality of service and bandwidth limits to only 
> be effective in the upstream direction (when going from a fast link to a 
> slow one). There?s no good way to limit how much traffic other 
> machines send to you.

Though dummynet is most effective in on the outbound
stream (absolute control) it can be used to good effect
on an incoming stream due to the end-to-end paradigm of
the internet and the fact that congestion must be dealt
with.

If dummynet holds packets and parcels them into a box at
a lower rate for things like TCP you'll end up reducing
the congestion window and hence the senders rate.  Or you
can get into the ACK clock situation here the sender simply
does not send any more data until it gets an ack back as
it already has filled the congestion window.

I have been using dummynet for decades in this way,
and it more or less "just works."

> Regards,
> Kristof
-- 
Rod Grimes                                                 rgrimes@freebsd.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907292015.x6TKFoYH045849>