On Wed, Dec 10, 2014 at 4:30 AM, Paco Esteban <[email protected]> wrote: > The box has an vr(4) interface connected to a ADSL modem that provides > roughly 14Mbps/910Kbps (down/up) thought pppoe. > I've set up some queues on pppoe0 interface (I use $gw_if in rules). > There are also basically 3 subnets behind this box. One for wired net, > one for wifi net and one I called torrent net which, as you may expect, > has a torrent box handling P2P downloads. > > This is my queue definition: > > queue q_root on $gw_if bandwidth 850K > queue q_dns parent q_root bandwidth 50K, min 25K > queue q_pri parent q_root bandwidth 200K, min 100K > queue q_dow parent q_root bandwidth 80K, max 210K > queue q_def parent q_root bandwidth 520K default > > And the match rules that apply: > > match out on $gw_if inet proto { udp, tcp } from any to <special_servers> > port 19302:19309 set queue(q_pri, q_pri) set prio (7,7) > match out on $gw_if inet proto { tcp, udp } from $gw_if to { x.x.x.x, y.y.y.y > } port domain set queue q_dns set prio (5,5) > match out on $gw_if inet proto tcp from any to any port { 80, 443 } set > queue(q_def, q_pri) set prio (3,6) > > match out on $gw_if from $torrent_net nat-to ($gw_if) set queue(q_dow, q_dow) > set prio (0,0) > > Basically I want google hangouts traffic to be priorized as much as > possible, then DNS resolutions. Torrent traffic comming from a specific > subnet should work, but at low prio and should never exeed 210Kbps on > the up link. In fact all traffic from this subnet is low prio (that's > why I put the queue "tag" on the nat rule).
Per henning@/http://marc.info/?l=openbsd-misc&m=140127924031145&w=2, "prio is ignored when bandwidth shaping is on" so this is useless here. > Http and https traffic goes to default queue, with ACKs to priority. > > Packets are correctly assigned to their respective queues. I can see > counters go up on systat and pfctl -vvsq. All works as expected till here. > > The things I don't understand are: > > The sum of all sub-queues when I try to saturate the uplink is greater > than the bandwidth defined for "q_root". I see values near 900Kbps or > sometimes near 910Kbps (which is physical limit, not my manually > defined limit). Set a max on your root queue. > When I saturate the link with traffic going out on "q_pri", "q_dow" and > "q_def" the only rule that is always applied is the "max 210K" for > "q_def". The other queues seem to share the bandwith in a "best-effort" > manner. > > Maybe I'm messing things up ... I don't know. > > I can live without traffic shaping here. I can make the network quiet if > I need all the uplink to make a video-call, but I really want to > understand how this works. Your best bet is to define your bandwidth requirements appropriately in your queues. If you need a specific amount of bandwidth for a quality video call, define an appropriate minimum for the queue. > After reading pf.conf(5) and Chapter 7 on "The Book of PF" (3rd edition) > I thought I got it, but clearly I did not. > > So, any good soul could waste some time trying to explain all this ?
