login
Login / Register
Header Space

 
 

Home » Mailing list archives » openbsd-misc » 2007 » December » 6

PF and queuing question

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stefan Castille <stefan.castille@...>
To: OpenBSD-Misc <misc@...>
Subject: PF and queuing question
Date: Thursday, December 6, 2007 - 8:28 am

hey,

I have a question on how to best limit traffic with pf. The main
goal is not so much to limit bandwidth to a lower point all the
time but more to prevent a runaway process (or user) from
drowning the rest.

Since i do not have the means for extensive testing i hope to
get some pointers before going down a path that would only waste
time and resources. I have the following situation (simplified):

                         /-vlan1  <==1Gb==> desktops    
internet <==512Kb==>bge0 PF
                         \-vlan2  <==1Gb==> production

I want to make sure production has at least 256Kb both upload as
download on the internet connection.

1) I know it will not stop flooding of the line by 3rd parties. This is 
not the goal
of the rules. The goal is to prevent a download initiated by a server or 
user
from taking up all the download bandwidth

2) I was thinking of using a shared queue on vlan1 and vlan2 but I could 
not find
any documentation whether that is possible at all.
Would the following work and actually limit download traffic? If not 
then I guess
I will have to create separate download queues of max 400Kb so ensure at 
least
some bandwidth remains for the other side.

altq on bge0 cbq bandwidth 512Kb queue { ext-prod,  ext-desktop }
altq on vlan1 cbq bandwidth 1Gb queue { download, default-desktop }
altq on vlan2 cbq bandwidth 1Gb queue { download, default-prod }
queue download bandwidth 512Kb  { download_prod, download_desktop }
queue download_prod bandwidth 50% priority 3 cbq(borrow)
queue download_desktop bandwidth 50% priority 1 cbq(borrow)
pass in quick on bge0 from any to <production> keep state queue 
download_prod
pass out quick on vlan2 from any to <production> keep state queue ext-prod
pass in quick on vlan2 from <production> to any keep state queue ext-prod
pass out quick on vlan2 from <production> to any keep state queue 
download_prod
pass in quick on bge0 from any to <desktop> keep state queue 
download_desktop
pass out quick on vlan2 from any to <desktop> keep state queue ext-desktop
pass in quick on vlan2 from <desktop> to any keep state queue ext-desktop
pass out quick on vlan2 from <desktop> to any keep state queue 
download_desktop


Is this idea going in the right direction or is there a much better way 
to do this?

Thanks,
Stefan
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
PF and queuing question, Stefan Castille, (Thu Dec 6, 8:28 am)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 3 users and 775 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary