On 07/29/2005 06:03:56 PM, Chris 'Xenon' Hanson wrote:
I've finally concluded that I'm not personally ever going to
understand how to use PF to do rock-solid traffic shaping on my
network. We have one incoming DSL line (1.5/768) and three other
interfaces for our LAN, DMZ and VOIP subnets. We have one external
static IP.
I've never been able to get the traffic shaping to work solidly
with our NAT and RDR-to-DMZ setup. TCP and UDP traffic to/from the
VOIP phone subnet should always win, since it's realtime and can't be
delayed or retried.
I've seen all kind of conflicting information about multiple
queues, NAT disrupting queue assignments and the like.
I'm interested in hearing from anyone who actually thinks this can
be done, purely using a single OpenBSD router with four ethernet
interfaces (1 to the outside world, 3 to our subnets).
I've heard from a lot of people who claim to think they know how
this works, but I'm now convinced that very few actually do.
I've not heard anything back from the list on this topic either.
I believe I understand enough to make something work on my network
and plan to try to implement it next Wed. So by the end of next
week I should know if it makes a difference to the end-users.
I'll post the results I get.
My plan is to twiddle the knobs
empirically once I get the basic setup installed. I suspect
this will be necessary in any real-world environment, the
real problem being trading bandwidth for latency on the inbound
traffic and how much must be lost to get the latency low enough
that the traffic rapidly converges to the desired "shape".
This is bound to depend on the rate of connection establishment
as well as the total number of connections active at any one
time. (Should I be using the word "stream" here? Or maybe
"flow"? Can somebody point me to reference materials defining
these 3 terms?)
Regards,
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
