I have 512/512 kbit adsl connection to Internet and 100Mbit on internal side of the firewall. I want to prioritize shoutcast/mp3, windows media services, icq messages and udp traffic higher than ftp and http bulk downloads and other tcp traffic. Additionally, I want ssh and tcp ack packets to have highest priority. Kernel is patched with Trevor Talbot's patch.
The rules look fine.
I basically have 3 levels of priority. I split 100 Mbit on internal
interface in to 488 kbits for internet traffic and the rest for internal
traffic. I don't want ftp and http traffic to use more then 100 kbits
when there is shoutcast or wma traffic present, but do get full 488
otherwise.
The problem is that the bulk traffic never gets more then 100kbits when there is no other traffic, despite "borrow" word.
You may be running into a limitation of CBQ. Check out section 2.8 in http://www.csl.sony.co.jp/person/kjc/kjc/software/TIPS.txt
You can use pfctl -vsq to make sure the class is actually borrowing when it should be. Watching the throughput of a UDP stream might be useful, as it won't self-throttle like TCP will.
If this is the case, removing the 100Kb limit and just relying on the priorities may work better. Note that inbound traffic handling is going to behave a little differently than outbound, since the queueing is basically only adding latency. Using cbq(red) or small qlimit values on the low priority queues may be helpful, since they will increase drops.
I haven't run any tests myself, so I don't have any hard information to offer.
