Hi,
I'm trying to setup packet queueing on a WAN interface with 80Mb/s
downstream bandwidth and 20Mb/s upstream bandwidth.
The first point of call of course is the PF manual:
https://man.openbsd.org/pf.conf.5
Then had a look to see what others had issues with and solutions suggested:
http://openbsd-archive.7691.n7.nabble.com/Debugging-queues-on-pf-td290829.html
http://misc.openbsd.narkive.com/lWIShFZi/per-vlan-traffic-control
My goal is to use a different queue for up/down were I can change the
max bandwidth accordingly.
So far I created a default queue outbound on the ext_if which works fine:
queue rootq_out on $ext_if bandwidth 20M
queue mail_out parent rootq_out bandwidth 2M min 1M max 20M
queue http_out parent rootq_out bandwidth 2M min 1M max 20M
queue voice_out parent rootq_out bandwidth 10M min 2M max 20M
queue dns_out parent rootq_out bandwidth 1M min 512K max 20M
queue else_out parent rootq_out bandwidth 5M max 20M default
match out on $ext_if proto tcp from <IP1> to any port { 80, 443 } set
queue http_out set prio 5
match out on $ext_if proto tcp from <IP1> to any port { 25, 465, 587,
993 } set queue mail_out set prio 4
match out on $ext_if proto udp from <IP2> to any port 5060 set queue
voice_out set prio 7
queue rootq_out on $ext_if bandwidth 20M
queue mail_out parent rootq_out bandwidth 2M min 1M max 20M
queue http_out parent rootq_out bandwidth 2M min 1M max 20M
queue voice_out parent rootq_out bandwidth 10M min 2M max 20M
queue dns_out parent rootq_out bandwidth 1M min 512K max 20M
I have a block of IPv4 addresses hence the IP1 and IP2.
But for the downstream I am struggling to get the inbound packets to add
to the appropriate queue.
I created a list of vlan interfaces called q_if though in one of the
links above Stuart Henderson doesn't advise it but the vlans are bound
to an lacp trunk with a group of physical interfaces....
queue rootq_in on $q_if bandwidth 80M
queue mail_in parent rootq_in bandwidth 10M min 1M max 80M
queue http_in parent rootq_in bandwidth 10M min 1M max 80M
queue else_in parent rootq_in bandwidth 5M max 80M default
So then tying those to the interface I used:
match out on $q_if proto tcp from any port { 80, 443 } to any set queue
http_in set prio 5 received-on pppoe0
match out on $q_if proto tcp from any port { 25, 465, 587, 993 } to any
set queue mail_in set prio 5 received-on pppoe0
I probably am approaching this in the wrong way as the state-table as
pointed out by Stuart to check, only shows packets travelling outbound
towards the public net and not back again.
So basically how would one assign queueing to this type of interface?
There is NAT involved which is why I added the "received-on pppoe0"
option but even with it off it doesn't function meaning that I am
confused and doing something wrong :-(
Regards,
Kaya
