Home » Mailing list archives » openbsd-misc » 2007 » December » 6

PF and queuing question

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stefan Castille <stefan.castille@...>
To: OpenBSD-Misc <misc@...>
Subject: PF and queuing question
Date: Thursday, December 6, 2007 - 8:28 am

hey,


I have a question on how to best limit traffic with pf. The main

goal is not so much to limit bandwidth to a lower point all the

time but more to prevent a runaway process (or user) from

drowning the rest.


Since i do not have the means for extensive testing i hope to

get some pointers before going down a path that would only waste

time and resources. I have the following situation (simplified):


                         /-vlan1  <==1Gb==> desktops

internet <==512Kb==>bge0 PF

                         \-vlan2  <==1Gb==> production


I want to make sure production has at least 256Kb both upload as

download on the internet connection.


1) I know it will not stop flooding of the line by 3rd parties. This is

not the goal

of the rules. The goal is to prevent a download initiated by a server or

user

from taking up all the download bandwidth


2) I was thinking of using a shared queue on vlan1 and vlan2 but I could

not find

any documentation whether that is possible at all.

Would the following work and actually limit download traffic? If not

then I guess

I will have to create separate download queues of max 400Kb so ensure at

least

some bandwidth remains for the other side.


altq on bge0 cbq bandwidth 512Kb queue { ext-prod,  ext-desktop }

altq on vlan1 cbq bandwidth 1Gb queue { download, default-desktop }

altq on vlan2 cbq bandwidth 1Gb queue { download, default-prod }

queue download bandwidth 512Kb  { download_prod, download_desktop }

queue download_prod bandwidth 50% priority 3 cbq(borrow)

queue download_desktop bandwidth 50% priority 1 cbq(borrow)

pass in quick on bge0 from any to  keep state queue

download_prod

pass out quick on vlan2 from any to  keep state queue ext-prod

pass in quick on vlan2 from  to any keep state queue ext-prod

pass out quick on vlan2 from  to any keep state queue

download_prod

pass in quick on bge0 from any to  keep state queue

download_desktop

pass out quick on vlan2 from any to  keep state queue ext-desktop

pass in quick on vlan2 from  to any keep state queue ext-desktop

pass out quick on vlan2 from  to any keep state queue

download_desktop


Is this idea going in the right direction or is there a much better way

to do this?


Thanks,

Stefan
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
PF and queuing question, Stefan Castille, (Thu Dec 6, 8:28 am)