On Thu, Jan 7, 2016 at 11:28 AM, Marko Cupać <[email protected]> wrote:
> I am setting up gateway for a small network which has two main types of
> traffic: p2p and http(s). The idea is to give p2p traffic all the
> available bandwidth until there is http(s) traffic, in which case p2p
> should be throttled down and http(s) should be given all the available
> bandwidth.
>
> The problem is that p2p does not get throttled down when http(s) is on
> wire. I spent days re-reading QUEUEING section of pf.conf and
> chapter #7 of 3rd edition of "Book of PF" but I still couldn't make it
> work. From 'systat queues' I can conclude that traffic seem to be
> assigned to appropriate queues, but queue bandwidth does not seem to be
> respected. What am I doing wrong?
>
> Snapshot of 'systat queues' and active pf.conf below:
>
> QUEUE BW SCH P PKTS BYTES DROP_P DROP_B QLEN P/S B/S
> upload on pppoe 860K 0 0 0 0 0 0 0
> ack 10K 228K 12M 0 0 0 364 20K
> fast 20K 60 5397 0 0 0 0 0
> bulk 800K 263 110K 0 0 0 0.6 417
> slow 30K 34234 35M 0 0 0 59 67K
> download on re2 8M 0 0 0 0 0 0 0
> ack 100K 18314 1205K 0 0 0 34 2388
> fast 200K 51 15491 0 0 0 0 0
> bulk 8M 29014 41M 0 0 0 57 85K
> slow 500K 317K 457M 0 0 0 523 771K
> # PORT MACROS
> p2p = "{ 10000:65535 }"
> prpi = "{ 40000:40100 }"
> ipsec = "{ 500 4500 }"
> web = "{ 80 443 }"
> mail = "{ 25 110 143 587 993 995 }"
> xmpp = "{ 5222 }"
> # QUEUES
> queue upload on $if_ext bandwidth 860K
> queue ack parent upload qlimit 50 bandwidth 10K
> queue fast parent upload qlimit 50 bandwidth 20K
> queue bulk parent upload qlimit 50 bandwidth 800K default
> queue slow parent upload qlimit 50 bandwidth 30K
> queue download on $if_int bandwidth 8800K
> queue ack parent download qlimit 50 bandwidth 100K
> queue fast parent download qlimit 50 bandwidth 200K
> queue bulk parent download qlimit 50 bandwidth 8000K default
> queue slow parent download qlimit 50 bandwidth 500K
You NEED to set a max on your ROOT queues. That said, as mentioned
previously, there is a known issue with resolution with small
bandwidth values.
> # SHAPING
> match proto icmp set ( queue fast prio 4 )
> match proto tcp to port 22 set ( queue ( fast ack ) prio ( 4 5 ) )
> match proto tcp to port 53 set ( queue ( fast ack ) prio ( 4 5 ) )
> match proto udp to port 53 set ( queue fast prio 4 )
> match proto tcp to port $web set ( queue ( bulk ack ) prio ( 3 5 ) )
> match proto tcp to port $mail set ( queue ( bulk ack ) prio ( 3 5 ) )
> match proto tcp to port $xmpp set ( queue ( bulk ack ) prio ( 3 5 ) )
> match proto tcp to port $p2p set ( queue ( slow ack ) prio ( 0 5 ) )
> match proto udp to port $p2p set ( queue slow prio 0 )
prio is useless when shaping--see
http://marc.info/?l=openbsd-misc&m=140127924031145&w=2.
