login
Search
Henning Brauer announced today that "altq's functionality has been merged into pf." The ALTQ project page explains that Alternate Queueing "provides queueing disciplines and other QoS related components required to realize resource-sharing and quality of service." Thus PF, the OpenBSD project's stateful packet filter, now gains this resource-sharing and QoS functionality.
In an earlier interview, PF author Daniel Hartmeier [interview] explained:
"altq will continue to do what it already does (manipulating output queues on network interfaces, limiting bandwidth of specified categories of traffic), but pf will assign the packets to the queues. Since rule evaluation and connection tracking is already done in pf, doing queue assignment there will reduce per-packet cost, and combining configuration parsing will simplify syntax."
Read on for Henning's full email, which includes examples of how to configure the ALTQ support now in PF.
From: Henning Brauer
Subject: altq merged into pf
Date: Tue, 26 Nov 2002 20:02:41 +0100
As you might have noticed, altq's functionality has been merged into pf.
This is a major piece of work started back in June. To make it as mature as
possible, we need your help with testing.
Here's how it works:
You enable altq on an interface in pf.conf, you define child queues, and
assign packets to queues on filter rules.
let's have a look at an example.
altq on dc0 scheduler cbq bandwidth 10Mb queue { std, http, mail, ssh }
queue std bandwidth 10% cbq(default)
queue http bandwidth 60% priority 2 cbq(borrow red) { employees, developers }
queue developers bandwidth 75% cbq(borrow)
queue employees bandwidth 15%
queue mail bandwidth 10% priority 0 cbq(borrow ecn)
queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk }
queue ssh_interactive bandwidth 100% priority 7
queue ssh_bulk bandwidth 100% priority 0
with "altq on " you enable altq for that interface. The only
scheduler supported right now is cbq (Class Based Queueing), others will
follow. with "queue { child1 child2 }" you specify the child queues.
The queues build a tree. The root queue you needed to specify in the old altq
is now created implicitely from the interface specification.
For each queue, you can specify the bandwidth - if you do it in % it is
relative to the parent queue -, a priority, and scheduler options.
Two scheduler options are of special interest:
default: all packets not assigned to another queue are assigned to this one.
You must have exactly one default queue.
borrow: The queue can borrow bandwidth from its parent as long as the parent
has bandwidth available.
other scheduler options are explained in pf.conf(5).
you assign packets to a queue directly on the filter rules:
block return out on $ext_if inet all queue std
pass out on dc0 inet proto tcp from $developerhosts to any port 80 keep state
queue developers
pass out on dc0 inet proto tcp from $employeehosts to any port 80 keep state
queue employees
pass out on dc0 inet proto tcp from any to any port 22 tos 0x10
keep state queue ssh_interactive #priority for interactive sessions
pass out on dc0 inet proto tcp from any to any port 22 tos 0x08
keep state queue ssh_bulk #less priority for scp/sftp/...
pass out on dc0 inet proto tcp from any to any port 25 keep state queue mail
We're doing something fance with ssh here. For interactive sessions, the Type
Of Service (tos) field is set to 0x10, while it is 0x08 for non-interactive use
like scp and sftp. We use this to distinguish between them and assign a higher
priority to interactive sessions - obviously, delays are much more disturbing
there.
The queues loaded into the kernel can be viewed with pfctl -s queue.
You can seek for more information in pf.conf(5) as well as a sample ruleset
in /usr/share/pf/.
please test an report back. This is essential for OpenBSD 3.3 to become a
release of our usual high quality.
