> Nikolay Denev wrote:
> The provider shapes me at 512/128Kb local and 64/16Kb internetional traffic.
this might totally be a stupid nonsense idea, but a good half of my
ideas are stupid nonsense but also crazy enough to work.
what if you created two vlans, each using your external interface
as the parent. set up altq on them like:
#-----------------------
altq on vlan0 cbq bandwidth 128Kb queue { def0, http-bgpeer, \
prio-bgpeer }
queue def0 bandwidth 30% cbq( default )
queue http-bgpeer bandwidth 30% cbq( ecn )
queue prio-bgpeer bandwidth 40% cbq { prio-bgpeer-def, prio-bgpeer-pri }
queue prio-bgpeer-def bandwidth 80% priority 0 cbq
queue prio-bgpeer-pri bandwidth 20% priority 7 cbq
altq on vlan1 cbq bandwidth 16Kb queue { def1, http-inet, prio-inet }
queue def1 bandwidth 30% cbq( default )
queue http-inet bandwidth 30% cbq( ecn )
queue prio-inet bandwidth 40% cbq { prio-inet-def, prio-inet-pri }
queue prio-inet-def bandwidth 80% priority 0 cbq
queue prio-inet-pri bandwidth 20% priority 7 cbq
#------------------------
admittedly, it might complain that the bandwidth partitions are
too low ( i remember pfctl not liking things with less than 5Kb or
6Kb bandwidth when i was messing with cbq'ing everything )...
and then above that, put in :
#-------------------------
rdr on $int_if from any to ! <bgpeer> -> (vlan0)
rdr on $int_if from any to <bgpeer> -> (vlan1)
rdr on $int_if from any to $ext_if -> $ext_if
#-------------------------
essentially taking traffic destined for the hosts ( using roughly
the same logic as you were queueing them out with before, but
just applying it differently ), first throwing it into an
imaginary interface for the purposes of bandwidthing it, and
then letting it spit out of that interface over to the $ext_if.
i might be missing some vital routing table setting here, but
then again, since the vlan has the external interface as its
parent-interface, the routing might be automatically taken
care of for you. also, i don't know if the last rdr is
needed, and i don't know if you would need to rewrite your
current nat rule at all, making it like:
#----------
nat on $ext_if from { $int_if, vlan0, vlan1 ) to any -> $ext_if
#----------
then just augment your pass/block rules to use the appropriate
vlan interface rather than $ext_if.
also, i sorta forgot about the whole '$server' thing you had
in there until just now, so that would have to be accounted
for...
perhaps like:
#------
rdr on $ext_if from ! <bgpeer> to $server -> vlan0
rdr on $ext_if from <bgpeer> to $server -> vlan1
#------
... or is this a worthless idea?
it is right off the top of my head, so might need revising, but
in principle it might be possible to get something like that to
work.
jared.
