On 2012-02-18, Michael Seiwald <mich...@mseiwald.at> wrote:
> Hello all,
>
> I've been playing around with pf's altq feature for the last two days. I
> want to achieve that my server ($srv) always has 50 % of the bandwidth
> for downloading available and can also "borrow" the other 50 % if they
> are not needed by other clients in the LAN. Currently I have the
> following pf.conf:
>
> http://pastie.org/3406858
>
> From what I have read in the documentation and seen in examples this
> should do what I want. The problem is that I only get about 0.33 Mbps on
> speedtest.net in the std_in queue instead of 50% of my downstream.
The firewall rule creating state (and assigning the queue) for
connections initiated by the server is probably not the one you
expect. pfctl -ss -v will show you the rule number then you can
lookup the rule with pfctl -sr -R (number). 'sudo systat q .5'
is also good as a fast-updating display of queue use.
Simplest way to fix is probably to use 'match' instead e.g.:
match from $srv queue srv
match to $srv queue srv
No need for specific assignments for traffic which will go in
the default queue anyway.
I normally put these at the top of the ruleset with the altq
definitions.
> Also SSH connections from a LAN client to the OpenBSD gateway lag and are
> almost unusable.
>
> I would appreciate any advice to fix my pf.conf...
There's no reason these wouldn't be affected by the queue too.
You could use a higher bandwidth queue on the interface, have
a child queue for the internet traffic containing your std_in and
srv_in queues, and another local queue alongside it, then match
traffic from/to the gateway and assign it to the local queue.
interface
|
+-- local (say 50Mb)
|
+-- internet (3.5Mb, *not* borrow)
|
+-- srv (1.75Mb borrow)
|
+-- std (1.75Mb)
If you later want to add queueing for *upstream* traffic (which
is really where queueing works best) then just use the same queue
names ('queue std on $int_if...' and 'queue std on $ext_if'),
don't use separate std_out/srv_out queues.
