Yes, It's a little complex but is a requirement to guarantee a little
bandwidth to the user. (and of course use the remaining unused bandwidth).
There is another way?
Thanks for the reply
On 07/09/10 15:14, James Peltier wrote:
----- Original Message ----
From: Hermes Ojeda Ruiz<hermes....@gmail.com>
To: misc@openbsd.org
Sent: Tue, September 7, 2010 12:09:03 PM
Subject: Re: Distribute bandwidth by IP's
Sorry, if my explanation don't have enough details.
- The internet connection is an E1
- There are ~150 users (IPs)
- The company give full internet access to the clients. With no service
restriction.
- There only a C class LAN.
E1 --- OpenBSD Firewall --- LAN with ~150 IPs
The problem is to distribute equally the bandwidth to the users. My
first approach is a CBQ rule by user giving a minimum bandwidth quote
and using the "borrow" option, to use the remaining bandwidth when some
users don't waste the bandwidth. But the number of rules is so big.
I hope that my explanation can be useful.
On 07/09/10 13:43, Johan Beisser wrote:
On Tue, Sep 7, 2010 at 11:15 AM, Hermes Ojeda Ruiz<hermes....@gmail.com>
wrote:
Hi, Maybe this is a basic question, but I've read the man pages and the PF
book and I don't know how solve this problem.
- I have an E1 and the problem is how to distribute the bandwidth equally
on
all the ip's. There are some constraints like use DHCP, and no block
ports.
What exactly are you trying to accomplish. Please explain a little
more, in detail.
I have some simple firewalls with prioritization, but I don't know how
should do that. May be with CBQ but they are a lot of rules.
If you're trying to set up a fair service, remember that PF simply
processes the packets as they come in. So turn off queues, or define
what you're trying to accomplish first.
If you're trying to ensure some kinds of traffic can always leave
"fairly" take a look at using HFSC queuing, then define the queues
based on ports and use packet tagging to define what matches each
queue.
http://cvs.openbsd.org/faq/pf/tagging.html
jb
Why are you trying to do this? It seems overly complex to setup a queue for
each IP on the network just to allow them to borrow bandwidth from each other
which they would be doing anyway.
It would seem more manageable to either segment the network (DMZ, IT Staff,
Users) such that you can assign a segment to respective queues or in a different
method to queue based on traffic type (http/ftp/ssh,etc). Filtering rules would
also be incredibly more simplified.
---
James A. Peltier james_a_pelt...@yahoo.ca