----- Original Message ---- > From: Hermes Ojeda Ruiz <hermes....@gmail.com> > To: misc@openbsd.org > Sent: Tue, September 7, 2010 1:38:41 PM > Subject: Re: Distribute bandwidth by IP's > > Yes, It's a little complex but is a requirement to guarantee a little > bandwidth to the user. (and of course use the remaining unused bandwidth). > > There is another way? > > Thanks for the reply > On 07/09/10 15:14, James Peltier wrote: > > ----- Original Message ---- > > > > > >> From: Hermes Ojeda Ruiz<hermes....@gmail.com> > >> To: misc@openbsd.org > >> Sent: Tue, September 7, 2010 12:09:03 PM > >> Subject: Re: Distribute bandwidth by IP's > >> > >> Sorry, if my explanation don't have enough details. > >> > >> - The internet connection is an E1 > >> - There are ~150 users (IPs) > >> - The company give full internet access to the clients. With no service > >> restriction. > >> - There only a C class LAN. > >> > >> E1 --- OpenBSD Firewall --- LAN with ~150 IPs > >> > >> The problem is to distribute equally the bandwidth to the users. My > >> first approach is a CBQ rule by user giving a minimum bandwidth quote > >> and using the "borrow" option, to use the remaining bandwidth when some > >> users don't waste the bandwidth. But the number of rules is so big. > >> > >> I hope that my explanation can be useful. > >> > >> On 07/09/10 13:43, Johan Beisser wrote: > >> > >>> On Tue, Sep 7, 2010 at 11:15 AM, Hermes Ojeda Ruiz<hermes....@gmail.com> > >>> > >> wrote: > >> > >>> > >>> > >>>> Hi, Maybe this is a basic question, but I've read the man pages and > >>>> the >PF > >>>> book and I don't know how solve this problem. > >>>> > >>>> - I have an E1 and the problem is how to distribute the bandwidth >equally > >>>> > >> on > >> > >>>> all the ip's. There are some constraints like use DHCP, and no block > >>>> > > ports. > > > >>>> > >>>> > >>> What exactly are you trying to accomplish. Please explain a little > >>> more, in detail. > >>> > >>> > >>> > >>> > >>>> I have some simple firewalls with prioritization, but I don't know how > >>>> should do that. May be with CBQ but they are a lot of rules. > >>>> > >>>> > >>> If you're trying to set up a fair service, remember that PF simply > >>> processes the packets as they come in. So turn off queues, or define > >>> what you're trying to accomplish first. > >>> > >>> If you're trying to ensure some kinds of traffic can always leave > >>> "fairly" take a look at using HFSC queuing, then define the queues > >>> based on ports and use packet tagging to define what matches each > >>> queue. > >>> > >>> http://cvs.openbsd.org/faq/pf/tagging.html > >>> > >>> > >>> jb > >>> > >> > >> > > Why are you trying to do this? It seems overly complex to setup a queue for > > each IP on the network just to allow them to borrow bandwidth from each >other > > which they would be doing anyway. > > > > It would seem more manageable to either segment the network (DMZ, IT Staff, > > Users) such that you can assign a segment to respective queues or in a >different > > method to queue based on traffic type (http/ftp/ssh,etc). Filtering rules >would > > also be incredibly more simplified. > > > > --- > > James A. Peltier james_a_pelt...@yahoo.ca > >
Well since you're talking service level agreements it is understandable that you might want to do such a thing and in such case you would have no choice but to create the individual queues/rules manually or by script. Still, likely you will run into other issues, such as the number of queues available by default in the code that may need to be tweaked. See a post earlier this month to misc@ about how to do that. Also, perhaps there will be a performance hit in the evaluation of all the queues that might be more hindering than helpful? Best to let the devs speak to that though. --- James A. Peltier james_a_pelt...@yahoo.ca