On 2023-01-13 18:09, J Doe wrote:
Hello,
I have a question regarding queuing and priorities in pf.conf on OpenBSD
7.2.
I have a basic gateway configuration - a PC with two NIC's (em0, em1).
One interface is connected to the LAN and one interface is connected to
the Internet with a public IP and with a bandwidth of approximately 60
Mbps down and 10 Mbps up. I perform NAT on the gateway.
In terms of queuing, I'd like to make use of the following:
** Queue using HFSC for all outbound traffic
** Flow manager for the queue for fair queue utilization
** For TCP traffic I would like to use two priorities - one for TCP data
packets and one for TCP ACKs (as mentioned in Peter Hansteen's "Book of
pf 3rd edition" in chapter 7)
Current configuration pf.conf:
ext_if = "em0"
int_if = "em1"
set skip on lo0
queue rootq on $ext_if bandwidth 55M max 55M
queue dataq parent rootq bandwidth 55M max 55M flows 1024 \
qlimit 1024 default
match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0)
block all
match in on $int_if inet tag LAN
match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET
pass in quick on $int_if tagged LAN
pass out quick on $ext_if tagged INTERNET
My question are:
1. For better utilization of TCP traffic I have two priorities assigned
to the queue. Do I require more than one sub queue for this to work ? I
don't intend to subdivide my traffic up (i.e. a SSH queue, and HTTP/S
queue, etc.), I just want all my TCP traffic to benefit from better
utilization with the two priorities.
2. If this configuration is currently correct, are they any other
changes I should make for better queuing (ie: better bandwidth
utilization) ?
3. Given the importance of time keeping, would it be a good idea to have
another queue for NTP traffic and use the highest priority of 7 for it ?
Thanks,
- J
Hi list,
It occurs to me that in my originally proposed configuration, I am not
limiting the traffic with the two priorities to TCP traffic. This is
necessary as this optimization applies only to TCP traffic and I should
note that in Peter Hansteen's book he also does this.
So an updated configuration is as follows (modification made on third
match statement):
ext_if = "em0"
int_if = "em1"
set sip on lo0
queue rootq on $ext_if bandwidth 55M max 55M
queue dataq parent rootq bandwidth 55M max 55M flows 1024 \
qlimit 1024 default
match out on $ext_if inet from ($int_if:network) to any \
nat-to ($ext_if:0)
block all
match in on $int_if inet tag LAN
match out on $ext_if inet proto tcp set queue dataq set prio (5, 6) \
tag INTERNET
pass in quick on $int_if tagged LAN
pass out quick on $ext_if tagged INTERNET
Does anyone have any feedback or pointers on this updated configuration ?
Thanks,
- J
