On 12/01/2005 03:49:06 PM, Chris 'Xenon' Hanson wrote:
The trouble comes when you use the router as a gateway for multiple
LANs to one WAN. If you put a queue on the LAN connections to try to
control the inbound WAN connection, you'll find that you are also
throttling the traffic BETWEEN the two LAN connections to a maximum
of the speed of the WAN connection.
I believe that this indicates that PF needs the ability to queue on
the inbound side of an interface. Numerous people have told me that
this is not necessary, but have not been able to explain how to make
flow-control work properly with one slow WAN interface and two fast
LAN interfaces.
What the developers are waiting for is proof that the tcp flow limiting
mechanisim is actually an effective way to control bandwidth
across a WAN. The test should be simple, but I haven't quite gotten
to it it yet. See the thread:
Using state and routing inbound traffic
http://marc.theaimsgroup.com/?l=openbsd-pf&m=112327857418876&w=2
http://marc.theaimsgroup.com/?l=openbsd-pf&m=112328043617387&w=2
(In fact, Chris 'Xenon' Hanson was part of this thread.)
I think that proof of utility would go a long way towards getting
people interested in implimenting inbound queueing. It would
surely go a long way toward answering those who say it's useless.
(I think rate limiting tests at common WAN link speeds would be best,
1.544Mbps, etc.)
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
