>> If I understand it correctly, ingress traffic shaping is not possible with
>> pf/altq.
>> Are there any tricks to do it?
> Not really tricky, a diligent read of the PF and ALTQ doc should help you
> figure out the right configs. Would you mind posting your PF configs, the one
> without the loopback redirection?
Thank you for your answer, but it's clear to me how to configure the first
described case when the incoming traffic is forwarded further to the LAN and
shaped as outcoming traffic at the router. My questions are more general. First
I would like to know whether it is at all possible and then how it can be done
(not necessarily in terms of configuration).
At the moment I see that if traffic is forwarded further to the LAN, it might
work somehow as discussed in the previous message from Raymond.
However, I also see that if the incoming traffic is not forwarded further it is
not possible to slow it down somehow and this is now my big problem: I can't do
anything with pf/altq to slow down the download traffic. That is why I'm asking
whether there are any tricks to do it. I'm wondering if my example with
loopback redirection can theoretically work... then I would think about proper
configuratinon. What I feel now is that forwarding of packets between different
interfaces within one host doesn't use queues as expected, probably the packets
are somehow internally forwarded between interfaces and not properly sent via
queues as they would be if sent outside. I use "route-to" for sending packets
from ext_if to lo0 and "rdr" for sending them back from lo0 to ext_if and I see
that the queues at the lo0 interface (where I could shape the traffic) are
always empty... Having written this I've realised that I have to give my
pf.conf. Sorry, this is exactly what you haven't asked for, but maybe you can
help :)
# ----------------------------------------------------
# pf.conf: redirection of ingress traffic from $ext_if to loopback interface
$lo and then back to $ext_if
# this is to be able to shape ingress traffic with altq when sending it from $lo
# in terms of data connection this works fine
### Queue configuration
altq on $lo priq bandwidth 50Kb queue{q1,q2}
queue q1 priority 14 priq
queue q2 priority 0 priq (default)
### Rdr rule
rdr on $lo -> $ext_if0
### Filtering
block in log
block out log
pass in log on $lo
pass out log quick on $lo queue q2
pass in log on $ext_if0 route-to $lo
pass out log on $ext_if0
# ----------------------------------------------------
Problem: q2 queue is always empty (actually it contains always only 1 incoming
ACK packet when the TCP download session is over, but no incoming data packets).
Thanks for any help!
Aleksej.
________________________________
Von: shoks [mailto:[email protected]]
Gesendet: Freitag, 21. Mai 2010 04:46
An: Spenst, Aleksej
Cc: [email protected]
Betreff: Re: Ingress traffic shaping
On Thu, May 20, 2010 at 4:18 PM, Spenst, Aleksej
<[email protected]<mailto:[email protected]>> wrote:
Hi All,
If I understand it correctly, ingress traffic shaping is not possible with
pf/altq.
Are there any tricks to do it?
Not really tricky, a diligent read of the PF and ALTQ doc should help you
figure out the right configs. Would you mind posting your PF configs, the one
without the loopback redirection?
I suppose that if incoming traffic is sent out by the router further to the
LAN, the incoming traffic can be considered as outcoming traffic and therefore
can be easily shaped.
---- incoming traffic ---> <ext_if> ROUTER <int_if with altq> ---- shaped
outcoming traffic ---->
So, in this case one can say that ingress traffic can be shaped. In this manner
it should be possible to limit TCP download traffic.
What if traffic is not forwarded further?
---- incoming traffic ---> <ext_if> END HOST
Is it possible to do anything to slow down for example TCP download traffic?
Drop incoming packets? Drop or slow down outgoing ACKs?
I've tried to put outgoing ACKs in the queue with the lowest priority, but that
doesn't help when there is no much other outbound traffic.
I also was trying to figure out whether it is possible to forward the incoming
traffic to the loopback interface and then back to ext_if, so that incoming
traffic can be considered as outcoming at the loopback interface.
---- incoming traffic ---> <ext_if> ----> <lo0> ---- shaped outcoming traffic
----><back to ext_if>
but I couldn't configure pf.conf such that this would be possible... Is this
theoretically possible?
Thanks a lot for any tips!
Aleksej.
_______________________________________________
[email protected]<mailto:[email protected]> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"[email protected]<mailto:[email protected]>"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
