Re: Need help in per user basis bandwidth sharing

Thu, 26 May 2005 16:07:23 -0700 

On Thu, May 26, 2005 at 09:09:59AM +0200, Peter N. M. Hansteen wrote:
> Porkodi <[EMAIL PROTECTED]> writes:
> 
> >   Please help me in per user basis bandwidth sharing.
> > Is there any way in pf with altq?
> 
> authpf with per user rules which assign the user's traffic to queues
> should be possible.

  the authpf idea is very slick for when the users are not local
  to the machine (as otherwise the user is 'unknown').

  if you're trying to do it for users who actually are logged into
  the machine, something like:

----------
e = "fxp0"

altq on $e hfsc bandwidth 100Kb queue{ 1000 1001 1002 }
queue 1000              on $e   bandwidth 20%   priority 6 hfsc( upperlimit 
100Kb )
queue 1001              on $e   bandwidth 20%   priority 1 hfsc( upperlimit 
100Kb default )
queue 1002              on $e   bandwidth 20%   priority 0 hfsc( upperlimit 
100Kb )

pass on $e inet proto {tcp udp} all user 1000 keep state queue 1000
pass on $e inet proto {tcp udp} all user 1001 keep state queue 1001
pass on $e inet proto {tcp udp} all user 1002 keep state queue 1002
----------

  would work. ( in that context, the hfsc is really kinda like priq,
  i believe )

  you can't effectively use a macro for this as macros do not expand
  when used for a queue declaration, and if you put two macros on a line
  you get AA AB BA BB and not just AA BB.

  if you want to queue both for users on the local machine and authpf
  users, you can do a combination.

  on the home LAN, i do a similar thing on a per-LANhost basis.

  the ruleset is not terribly long due a cute way of using a shitload
  of tags and macros with the $srcaddr $dstaddr stuff.

  eg, pftop looks like this on the external iface in the queue view:

-------
QUEUE                 
root_fxp0             
 exthi                
 extlo                
 extLAN               
  u192.168.7.X        
   u192.168.7.Xd      
   u192.168.7.Xa      
  u192.168.7.1        
   u192.168.7.1d      
   u192.168.7.1a      
  u192.168.7.2        
   u192.168.7.2d      
   u192.168.7.2a      
  u192.168.7.17       
   u192.168.7.17d     
   u192.168.7.17a     
  u192.168.7.18       
   u192.168.7.18d     
   u192.168.7.18a     
  u192.168.7.19       
   u192.168.7.19d     
   u192.168.7.19a     
-------

  where i make a queue for each host i care about and then 
  a catch-all queue ( the X ones ) for hosts i lump together.

  ( each host gets data/ack prioritized in its own subqueues, 
    the queues are all HFSC. )

  you could hit the max queue declaration pretty quick, if you
  try to get real complex; but if you just do it per host like
  that, but without data/ack prio you'll probably be fine for 
  most home-use cases.

  jared

-- 

[ openbsd 3.7 GENERIC ( may 17 ) // i386 ]

Reply via email to