In our organization, I'd like to use Altq to keep any one process
(download or whatever) from hogging bandwidth and degrading
performance for others. It's more complicated than I expected, though,
and I haven't been able to find an example that's much like my
environment (I'd be glad to publish mine if I could get it working
well). Here's the layout:
Office (internal) subnet DMZ
| /
[fxp0] [fxp1]
Internet -------[fxp4]OpenBSD/pf firewall
[fxp2] [fxp3]
| \
Guest class 1 subnet Guest class 2 subnet
We have sort of a conference center, so we're providing access for
guests as well as offices. Hence all the subnets. We also host some of
our own web sites on the DMZ.
Now to make it more complicated, our fractional "T1" provides 512Kb of
*total* bandwidth. That is, the total of upload *and* download
bandwidth can never exceed 512Kb.
Ideally, I would like to set up a single 512k queue and divy it up
(with cbq) among all traffic that passes in or out of fxp4, regardless
of which interface it exits. (I'd really like to allow borrowing among
all directions.)
But as far as I know, there's no way to do exactly that. What I'm
hoping someone could suggest is, what's the best I can do? That is,
how can I get the best utilization out of my limited connection while
preventing anything from hogging it?
Forgive me if I'm overlooking information that's already available.
I'm afraid my brain's gotten a little scrambled trying to adapt the
altq model to this scenario. Thank you for your time!
Jonathan
