On Fri, 2007-03-23 at 23:27 +0100, Paul wrote:
> There's a provider-friendly mpd out there which I'm planning to > integrate into pfsense. It's compatible with mpd, but has some ISP-grade > features included. this sounds good, am i guessing this is the first step. is there any areas that you think i might be able to assist you. > the modded mpd (as well as the normal one) has provisions to call > scripts and/or insert rules directly in ipfw. But pfsense is PF bases > and has hsfc (?) scheduler. This is superior way to handle traffic and > allows you to have different classes of users (allocating more traffic > to higher paying users and moving abusers to a slow queue)... hence > being able to respect different minimum service rates on the same > machine (as opposed to slowing down each user to the same speed). i felt that the issue with altq and queues qas you need a new parent queue each time you add a new user this makes it far more complicated than the dummynet method where you can still have differnet classes > > However, the pfsense rules generator is much more complex than what is > needed to a normal ISP hence my request for help on this side. I don't > want to break things like carp etc. well my knowledge here is somewhat useful as our pactical experiance with pfsense is from 0.20 > > Next move would be to attach each ng interface to a separate queue > depending on the "Filter-Id" returned from the radius. This requires a > patched mpd which I'm trying to substitute to the real one (it compiles > cleanly under FreeBSD 5.x but requires some kernel modules and these are > not yet ported to 6.x). i was under the understanding that altq did not work well with multiple interfaces or is this just an issue with the pfsense implementation > > There's some code to be written before we can see this happen :-( well i would love to know more it sounds very interesting i know scott has been working on dummynet integration again recently which would be great because the stock mpd already has radius input for this method. this is the primary area that i would like to see worked on the termination of aaa well is a real enterprise class thing and pfsense is so close with ipsec openvpn and pppoe and pptp terminations intergrated well it would be fantastic. > > Paul.
