Hi everyone,
Problem:
Bandwidth management is not working as expected; instead of streaming data
inbound with 237 Kb/sec without bandwidth management, it drops to 29 Kb/sec
(tendency falling) with enabled bandwidth management
Test environment:
OpenBSD 3.7 or 3.8 (both tested); Pentium 3 or
Athlon XP (both tested), PF, ALTQ, PPPOE-Interface,
DSL 2000
Guessed fault:
ALTQ wasn't understood by me?!?
Story:
I'm trying to get bandwidth management to work with openbsd
for 6 weeks now. I read several posts, howtos and manuals.
I tried all supported schedulers. To isolate the problem I reduced
my original complexity to priq as scheduler. (Afterwards this
should change.) The Isolation brought the assumption the problem could
be me and my understanding about altq. So I'm asking you now.
pf.conf:
---pf.conf---
### MACROS & TABLES ###
#
#Define all interfaces
#
ext_if="pppoe0"
int_if="pcn0"
#
#Define privileged network address sets
#
nets_priv = "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }"
### OPTIONS ###
#
#Default behavior
#
##Define default response for block filters
set block-policy drop
##Define statistics logging on
set loginterface $ext_if
### TRAFFIC NORMALIZATION ###
#
#Filter traffic for unusual packets
#
scrub in all
### QUEUEING ###
#
#Bandwidth management
#
##Define upstream parent queue (24Kb * 0,95 Overhead)
altq on $ext_if priq bandwidth 22Kb queue { up_default up_web up_quick }
##Define downstream parent queue (256Kb * 0,95 Overhead)
altq on $int_if priq bandwidth 243Kb queue { dn_default dn_quick }
##Define upstream child queues
queue up_default priq(default)
queue up_quick priority 7 priq
##Define downstream child queues
queue dn_default priq(default)
queue dn_quick priority 7 priq
### TRANSLATION ###
#
#NAT for the external traffic
#
nat on $ext_if from $int_if:network to any -> ($ext_if)
#
#Redirections
#
##Redirect FTP clients to FTP proxy WITHOUT FIREWALL
rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
### PACKET FILTERING ###
#
#Default filter
#
block log all
#
#Loopback interface traffic
#
pass quick on lo0 all
#
#Filter and queue external interface traffic
#
##Deny incoming or outgoing priviliged network address sets
block in quick on $ext_if from $nets_priv to any
block out quick on $ext_if from any to $nets_priv
##Allow incoming traffic to ftp proxy; keep the state
pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
##Allow incoming ping request to router; keep the state
pass in on $ext_if inet proto icmp from any to $ext_if icmp-type 8 code 0
keep state
##Assign upstream traffic to queues; keep the state
pass out on $ext_if keep state queue(up_default up_quick)
#
#Filter and queue internal interface traffic
#
##Allow incoming traffic from internal network; do not keep the state
pass in on $int_if from $int_if:network to any
##Assign outgoing traffic from other interfaces to queues for downstream; do
not keep the state
pass out on $int_if from any to $int_if:network queue(dn_default dn_quick)
#
#Deny spoofing
#
antispoof for $ext_if
antispoof for $int_if
---pf.conf---
Thank you for your assistance,
Benjamin
--
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse f|r Mail, Message, More +++
