Re: traffic shaping in OpenBSD
On Tue, 1 Nov 2011 08:55:07 -0400 Nico Kadel-Garcia nka...@gmail.com wrote: On Tue, Nov 1, 2011 at 4:10 AM, Gregory Edigarov g...@bestnet.kharkov.ua wrote: On Tue, 1 Nov 2011 08:53:46 +0100 Bret S. Lambert bret.lamb...@gmail.com wrote: On Tue, Nov 01, 2011 at 09:47:35AM +0200, Gregory Edigarov wrote: On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? I believe he wants to communicate with the kernel with the power of his mind. Where's my brain implant? ;-) Hold still. (I actually used to design electronics for those: they used a *BIG* and wonderfully frightening drill.) Implants seem so, er, unsanitary. Seems to me something like yer basic tinfoil hat would a more elegant approach ... Dhu
Re: traffic shaping in OpenBSD
On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? -- With best regards, Gregory Edigarov
Re: traffic shaping in OpenBSD
On Tue, Nov 01, 2011 at 09:47:35AM +0200, Gregory Edigarov wrote: On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? I believe he wants to communicate with the kernel with the power of his mind. -- With best regards, Gregory Edigarov
Re: traffic shaping in OpenBSD
On Tue, 1 Nov 2011 08:53:46 +0100 Bret S. Lambert bret.lamb...@gmail.com wrote: On Tue, Nov 01, 2011 at 09:47:35AM +0200, Gregory Edigarov wrote: On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? I believe he wants to communicate with the kernel with the power of his mind. Where's my brain implant? ;-) -- With best regards, Gregory Edigarov
Re: traffic shaping in OpenBSD
For example, in FreeBSD there is slow pf in userspace and fast kernel-level netgraph. 2011/11/1 Gregory Edigarov g...@bestnet.kharkov.ua On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? -- With best regards, Gregory Edigarov
Re: traffic shaping in OpenBSD
On Tue, Nov 01, 2011 at 12:26:30PM +0400, ZZ Wave wrote: | For example, in FreeBSD there is slow pf in userspace and fast | kernel-level netgraph. This isn't a FreeBSD list. This is OpenBSD - pf is in the kernel. And besides .. do you think the cpu runs slower when it's executing userland code ? Paul 'WEiRD' de Weerd PS: pretty sure pf is in the kernel in FreeBSD too, but I refer to my first statement... -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: traffic shaping in OpenBSD
On Tue, Nov 01, 2011 at 12:26:30PM +0400, ZZ Wave wrote: For example, in FreeBSD there is slow pf in userspace and fast kernel-level netgraph. *headasplode* 2011/11/1 Gregory Edigarov g...@bestnet.kharkov.ua On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? -- With best regards, Gregory Edigarov
Re: traffic shaping in OpenBSD
ah, you mean nat? In OpenBSD all firewall functions (uhmm, almost all, to be technically correct, in the presence of [t]ftp-proxy) i.e. packet filtering, NAT, shaping are done on the kernel level. On Tue, 1 Nov 2011 12:26:30 +0400 ZZ Wave zzw...@gmail.com wrote: For example, in FreeBSD there is slow pf in userspace and fast kernel-level netgraph. 2011/11/1 Gregory Edigarov g...@bestnet.kharkov.ua On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? -- With best regards, Gregory Edigarov
Re: traffic shaping in OpenBSD
On Tue, Nov 1, 2011 at 9:26 AM, ZZ Wave zzw...@gmail.com wrote: For example, in FreeBSD there is slow pf in userspace and fast kernel-level netgraph. And what has this to do with OpenBSD?
Re: traffic shaping in OpenBSD
On Tue, Nov 1, 2011 at 4:10 AM, Gregory Edigarov g...@bestnet.kharkov.ua wrote: On Tue, 1 Nov 2011 08:53:46 +0100 Bret S. Lambert bret.lamb...@gmail.com wrote: On Tue, Nov 01, 2011 at 09:47:35AM +0200, Gregory Edigarov wrote: On Tue, 1 Nov 2011 11:17:56 +0400 ZZ Wave zzw...@gmail.com wrote: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. Pardon? What do you mean userspace-ish ? I believe he wants to communicate with the kernel with the power of his mind. Where's my brain implant? ;-) Hold still. (I actually used to design electronics for those: they used a *BIG* and wonderfully frightening drill.)
Re: traffic shaping in OpenBSD
ZZ Wave zzw...@gmail.com writes: For example, in FreeBSD there is slow pf in userspace and fast kernel-level netgraph. Wow, I can scarcely imagine a single sentence that reveals more thoroughly and conclusively how little familiarity you have with any of the systems you mention. Hint: both pf and netgraph are 'kernel-level', with some userland tools attached to make the admin's life easier. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: traffic shaping in OpenBSD
ZZ Wave zzw...@gmail.com writes: What solution should be used for traffic shaping on real-life, production gateways with tens and hundreds users? PF queues seem to be too userspace-ish and CPU consuming. PF setups with various altq disciplines are serving sites with larger user bases than that. If it's the altq syntax you object to, I'm slightly sympathetic, but a whole new queueing system is being gradually introduced (the new prio keyword is the first part), and from early access the new syntax will be a lot easier to deal with. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
