I just joined but I saw this thread in the archive. I have recently
implemented the same thing and just got parallel saturation to work.
I had to cap my default queue at ~100Kb below what I was observing my
max upstream to be with pfstat, but I did not cap the priority queue.
Removing the cap caused my downstream to halve upon saturating my
upstream, like before. I am still getting the same upstream even with
the cap because the priority queue is making use of the bandwidth not
accounted for by the default queue. Here are my altq rules:
altq on xl0 cbq bandwidth 512Kb queue { ext_pri, ext_def, ext_ssh }
queue ext_pri priority 7
queue ext_def priority 1 bandwidth 320Kb cbq(default red)
queue ext_ssh priority 3 bandwidth 320Kb cbq(red)
As far as putting queues on 'pass in' rules:
When using the queue keyword with rules that keep state such as:
pass in on fxp0 proto tcp from any to any port 22 flags S/SA \
keep state queue ssh
PF will record the queue in the state table entry so that packets
traveling back out fxp0 that match the stateful connection will end
up in the ssh queue. Note that even though the queue keyword is being
used on a rule filtering incoming traffic, the goal is to specify a
queue for the corresponding outgoing traffic; the above rule does not
queue incoming packets.
>From the OpenBSD FAQ.
I'm having a different problem now though. When I initiate an ssh
connection from the internet->gateway, pfctl -v -v -s queue shows
that a few packets are going into the ext_ssh queue when the connection
is first established. After that, there are no other packets going into
ext_ssh as I enter commands. I am expecting packets going out from the
server, such as the response to an 'ls' command, would be queued in
ext_ssh as per this rule:
pass in on xl0 inet proto tcp from 66.45.X.X/32 to any port 22 \
flags S/SA keep state queue (ext_ssh, ext_pri)
When making connections from inside the network to the internet, the
queue grows as expected, as per this rule:
pass out on xl0 inet proto tcp from xl0 to any port 22 \
flags S/SA keep state queue (ext_ssh, ext_pri)
Any help would be appreciated.
Jonathan Kennedy
Application Developer
Digital Motorworks, LP
