Re: Distribute bandwidth by IP's

[Hermes Ojeda Ruiz]

Yes, It's a little complex but is a requirement to guarantee a little 
bandwidth to the user.  (and of course use the remaining unused bandwidth).

There is another way?
Thanks for the reply
On 07/09/10 15:14, James Peltier wrote:
----- Original Message ----

   
From: Hermes Ojeda Ruiz<hermes....@gmail.com>
To: misc@openbsd.org
Sent: Tue, September 7, 2010 12:09:03 PM
Subject: Re: Distribute bandwidth by IP's

Sorry, if my explanation don't have enough details.

- The internet  connection is an E1
- There are ~150 users (IPs)
- The company give full  internet access to the clients. With no service
restriction.
- There only  a C class LAN.

E1 --- OpenBSD Firewall --- LAN with ~150 IPs

The  problem is to distribute equally the bandwidth to the users.  My
first  approach is a CBQ rule by user giving a minimum bandwidth quote
and using  the "borrow" option, to use the remaining bandwidth when some
users don't  waste the bandwidth. But the number of rules is so big.

I hope that my  explanation can be useful.

On 07/09/10 13:43, Johan Beisser  wrote:
     
On Tue, Sep 7, 2010 at 11:15 AM, Hermes Ojeda Ruiz<hermes....@gmail.com>
       
wrote:
     

       
Hi, Maybe this is a basic question, but  I've read the man pages and the PF
book and I don't know how solve  this problem.

- I have an E1 and the problem is how to  distribute the bandwidth equally
         
on
     
all the ip's. There are some  constraints like use DHCP, and no block
         
ports.
   

         
What exactly are you trying to accomplish. Please explain a  little
more, in detail.



       
I have some simple firewalls with prioritization, but I don't know  how
should do that. May be with CBQ but they are a lot of  rules.

         
If you're trying to set up a  fair service, remember that PF simply
processes the packets as they come  in. So turn off queues, or define
what you're trying to accomplish  first.

If you're trying to ensure some kinds of traffic can  always leave
"fairly" take a look at using HFSC queuing, then define the  queues
based on ports and use packet tagging to define what matches  each
queue.

http://cvs.openbsd.org/faq/pf/tagging.html


  jb
       

     
Why are you trying to do this?  It seems overly complex to setup a queue for
each IP on the network just to allow them to borrow bandwidth from each other
which they would be doing anyway.

It would seem more manageable to either segment the network (DMZ, IT Staff,
Users) such that you can assign a segment to respective queues or in a different
method to queue based on traffic type (http/ftp/ssh,etc).  Filtering rules would
also be incredibly more simplified.

  ---
James A. Peltier     james_a_pelt...@yahoo.ca