On Sat, 17 Feb 2018 12:30:28 -0800 Jordan Geoghegan <jgeoghega...@gmail.com> wrote:
> Hi folks, I was wondering how one goes about maintaining separate > upload and download queues in pf. I have been playing with various > combinations and I can't seem to get both queues to apply > simultaneously. > > For example, I have a 150 down 15 up connection. I want to limit a > specific device on the network to 100 down and 10 up. I can't for the > life of me figure out how to make this apply. I either end up setting > a 10 megabit limit or 100. How do the pf gurus manage their > asymmetrical connections? > >From my experience queueing is a bit tricky nowadays, but here are a few tips. Do not trust ISP's declared bandwidth. Do extensive testing, and see how much you really get. Next, set your parent queues to 90% of max bandwidth you get without queueing. Set all three values (bandwidth, min and max) to this value: # QUEUES queue ul on $if_ext bandwidth 14M min 14M max 14M ... queue dl on $if_int bandwidth 140M min 140M max 140M I prefer to set my queue matches early in the ruleset, so it applies to all the rules later: # QUEUE MATCHES match proto tcp to any port ssh set queue ssh match proto tcp to any port rdp set queue rdp match proto tcp to any port $xmpp set queue xmpp If you queue not by services but by ip addresses, and you have NAT, you will need to tag traffic on internal interface and queue it on external interface by that tag. Good luck, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
