----- Original Message ----- From: "Henning Brauer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 04, 2003 2:13 PM Subject: Re: pf+altq
> On Thu, Apr 03, 2003 at 06:12:23PM -0800, Trevor Talbot wrote: > > On Thursday, Apr 3, 2003, at 14:56 US/Pacific, Henning Brauer wrote: > > > > >On Thu, Apr 03, 2003 at 11:14:43PM +0300, Nikolay Denev wrote: > > > > >>When i'am assigning packets to a queue with a "keep state" rule like > > >>this : > > >>"pass out quick on $ext_if inet proto tcp all flags S/SA keep state > > >>queue > > >>tcp-queue" > > >>will the packets coming to me via the "keep state" created states > > >>will be > > >>assigned to the queue too? > > > > > >yes. > > > > Since the documentation on ALTQ says it only queues outbound packets, > > wouldn't this be "no"? If I misunderstood, how would one handle > > asymmetric queueing? > > well, with something like > > pass in to port 80 keep state queue http > > the _outgoing_ packets matching this rule would be queued. > additionally, in the usual setup, packets that are inbound on $ext_if are > outgoing on $int_if ... and the classifying doies not need to happen on the > same interface as the actual queueing later ;-) > > -- > Henning Brauer, BS Web Services, http://bsws.de > [EMAIL PROTECTED] - [EMAIL PROTECTED] > Unix is very simple, but it takes a genius to understand the simplicity. > (Dennis Ritchie) > One or Two more questions? ;-) First is it possible (somewhere in the future) to have support for example for "priq" sheduler on a cbq child queue(and it's childs) And second, i have here the following problem, i want to bandwidth limit some services, and at the same time i want to use the ack-pri trick. But there is one complication, my cable provider (as almost all the providers here), provide me with different bandwidth for local sites and inernet sites. (By local i mean, sites in the same country). And i came up with the following solution, which work ok for shaping the http access, both international and local, but the ack-pri stuff doesn't work... Most probably i'm doind something very wrong here... so please help :) The provider shapes me at 512/128Kb local and 64/16Kb internetional traffic. pf.conf fragment: -------------- # this file contains the local networks dumped from BGP table <bgpeer> persist file "/etc/bgpeer.txt" altq on $ext_if cbq bandwidth 10Mb queue { def, http-inet, http-bgpeer, prio-inet, prio-bgpeer } queue def bandwidth 100% cbq(default) queue http-inet bandwidth 8Kb cbq(ecn) queue http-bgpeer bandwidth 50Kb cbq(ecn) queue prio-inet bandwidth 16Kb cbq { prio-inet-def, prio-inet-pri } queue prio-inet-def priority 0 queue prio-inet-pri priority 7 queue prio-bgpeer bandwidth 128Kb cbq { prio-bgpeer-def, prio-bgpeer-pri } queue prio-bgpeer-def priority 0 queue prio-bgpeer-pri priority 7 # local-http pass in quick on $ext_if inet proto tcp from <bgpeer> to $server \ port 80 flags S/SA keep state queue http-bgpeer # internetional-http pass in quick on $ext_if inet proto tcp from any to $server \ port 80 flags S/SA keep state queue http-inet # local pass out quick on $ext_if inet proto tcp from any to <bgpeer> \ flags S/SA modulate state queue (prio-bgpeer-def,prio-bgpeer-pri) pass out quick on $ext_if inet proto icmp from any to <bgpeer> \ icmp-type 8 code 0 keep state queue (prio-bgpeer-def,prio-bgpeer-pri) pass out quick on $ext_if inet proto udp from any to <bgpeer> \ keep state queue (prio-bgpeer-def,prio-bgpeer-pri) # internetional pass out quick on $ext_if inet proto tcp all \ flags S/SA modulate state queue (prio-inet-def,prio-inet-pri) pass out quick on $ext_if inet proto icmp all \ icmp-type 8 code 0 keep state queue (prio-inet-def,prio-inet-pri) pass out quick on $ext_if inet proto udp all \ keep state queue (prio-inet-def,prio-inet-pri) ----- -- Cheers, Niki
