On Wed, Feb 02, 2005 at 08:01:32PM +0100, Nicolas wrote:
> Hello OpenBSD fans and pf experts!
>
> I have a problem setting up traffic shapping on OpenBSD. I will try to
> explain it as clearly as possible.
>
> MY GOAL:
> I plan to do some traffic shapping on my bastion which runs OpenBSD.
> That machine acts smoothly as a firewall and a router. On 1 interface is
> connected an ethernet ADSL modem. A lot of DMZed machines are connected
> to 10 other RJ45 plugs and one interface is used to connect the local
> network. At some hours the asymetric ADSL connexion is completly
> saturated: it is then almost impossible to surf on the internet from the
> local network. That is quite normal since the bandwidth of the ADSL line
> is only 512/128 Kbps! I know that is really few and therefore I plan to
> migrate to a 15/2 Mbps ADSL2 line in the following months. However I
> need to solve that congestion problem up to then.
> I read the pf FAQ and found some useful information about traffic
> shapping on OpenBSD. I understand traffic shapping can only take place
> on outgoing paquets. I have to shape traffic in both directions and I
> would like to use the CBQ traffic shapping method.
>
> NETWORK SCHEMA:
> I drawn a simplified schema on which only 4 interfaces are present. In
> fact, there are 6 network interface cards and 12 RJ45 plugs on that
> bastion.
>
> BASTION
> DMZ +---------+
> +===================+ | |
> | [ DNS Server ] |-- dc0-| |
> | | | | 128Kbps -->
> | [ WWW Server ] |-- dc1-| OpenBSD |-ep0 ------------- Internet
> +===================+ | | <-- 512Kbps
> | |
> [ Local Network ] --- dc2-| |
> +---------+
>
> OUTBOUND TRAFFIC SHAPPING:
> As regards to the outbound traffic (128Kbps), I plan to create a root
> queue on ep0 and affect packets to that queue when they pass in through
> the dc0, dc1 and dc2 interfaces. That seems quite simple to set up.
>
> INBOUND TRAFFIC SHAPPING: PROBLEM! :-/
> Then I tried to figure out how to shape inbound traffic. Inbound traffic
> has to be shaped on the outgoing packets going through the dc0, dc1 and
> dc2 interfaces. The problem is that an alternate queueing (ALTQ) must be
> defined on ONE interface only. Here is an extract from the pf FAQ:
> "altq on interface scheduler bandwidth bw qlimit qlim tbrsize size queue
> { queue_list }
> interface - the network interface to activate queueing on."
> Initially, I thought I would create one 512Kbps ALTQ for the dc0, dc1
> and dc2 interfaces but that is not possible. I read in the pf FAQ a
> queue can be valid on several interfaces:
> "queue name [on interface] bandwidth bw [priority pri] [qlimit qlim]
> scheduler ( sched_options ) { queue_list }
> interface - the network interface that the queue is valid on. This value
> is optional, and when not specified, will make the queue valid on all
> interfaces."
> But I am not sure that really helps in my case.
>
> MY QUESTIONS:
> - Is it possible to set up a maximum bandwidth limit which would be
> shared and borrowed by several queues acting on several physical
> interfaces?
> - If shaping inbound traffic on my multi-homed bastion is impossible,
> must I add a traffic shapping dedicated dual-homed machine between the
> bastion and the ethernet modem?
>
> Thanks for your help!
> Nicolas, Paris.
Don't you have any idea about that problem..? :-/
Nicolas, Paris.
--
--- OxStOnE -------------- O
- Z750 & Linux ------- ._ /\_>
--- Powered ---------- (x)> (x)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
