subject:"allocation bandwidth with cbq"

Re: allocation bandwidth with cbq

2011-01-28 Thread Indunil Jayasooriya

Hi,

I got it done. But for *http *traffic. But, I want to get it done for ftp
download also. It does NOT work.

These are the rules


# enable queueing on the internal interface to control traffic coming in
# from the Internet. use the cbq scheduler to control bandwidth. max
# bandwidth is 2Mbps.

altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, student_in
}

# define the parameters for the child queues.
# std_in  - the standard queue. any filter rule below that does not
#   explicitly specify a queue will have its traffic added
#   to this queue.
# ssh_im_in   - interactive SSH and various instant message traffic.
# dns_in  - DNS replies.
# student_in  - bandwidth reserved for student's workstation.
#

queue std_in bandwidth 1.6Mb cbq(default borrow)
queue ssh_im_in  bandwidth 200Kb priority 4
queue dns_in bandwidth 120Kb priority 5
queue student_in bandwidth 80Kb cbq


# FTP Proxy rules ( *This highlighted rule worked in bold DOES NOT work ?
any idea ?)*
anchor ftp-proxy/*
*pass in quick on $int_if proto tcp from $student_pc to any port 21 \
flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in*

pass in quick on $int_if proto tcp from $lan_net to any port 21 \
flags S/SA keep state rdr-to 127.0.0.1 port 8021

# Squid Redirect ( *This highlighted rule worked*)
*pass in quick on $int_if proto tcp from $student_pc to any port { 80 8080 }
\
flags S/SA keep state rdr-to 127.0.0.1 port 3128 queue student_in
*
pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \
flags S/SA keep state rdr-to 127.0.0.1 port 3128


pass in quick log on $int_if inet proto udp from $lan_net to !$int_if \
  port $clientudpports keep state queue dns_in

pass in quick log on $int_if inet proto tcp from $student_pc to !$int_if \
  port $https flags S/SA keep state queue student_in

pass in quick log on $int_if inet proto tcp from $lan_net to !$int_if \
  port $https flags S/SA keep state



I have got what I want up to certain extent. I am still trying to allocate
ftp download for studnet_pc to 80Kbps.

I think port 21 for connection to establish. It further needs ports higher
than  49151

So i added in this way as well.

*pass in quick on $int_if proto tcp from $student_pc to any port ( 21  
49151 \
flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in*

Still no luck?

Any idea?







-- 
Thank you
Indunil Jayasooriya

Re: allocation bandwidth with cbq

2011-01-28 Thread Indunil Jayasooriya

You need to get your ftp-proxy setup right.



 *I am doing . Pls see below* . Is it right?



 AFAICT you just add the anchor, but do not do the pass in to port 21
 rdr-to 127.0.0.7 port 8021.


ok. removed 2 rules with* pass in to port 21 rdr-to 127.0.0.7 port 8021*



 Later on you must grant the proxy access to external ftp servers. You
 can add the traffic to the ftp queue from there

 Added these rules instead. Now, rule set is like this. ( newly added rules
in BOLD )

# FTP Proxy rules
anchor ftp-proxy/*

*pass in quick on $int_if proto tcp from $student_pc to any port { 21 
49151 } \
flags S/SA keep state queue student_in
*
*pass in quick on $int_if proto tcp from $lan_net to any port { 21  49151 }
\
flags S/SA keep state
*
pass in quick log on $int_if inet proto udp from $lan_net to !$int_if \
  port $clientudpports keep state queue dns_in

*pass out log on $ext_if inet proto tcp from $ext_if to any \
  port { 21  49151 } flags S/SA modulate state*


Now,  Student gets the download speed of *80Kbps*.

Is this way is right? Is there a better way. If so, I would like to hear...


-- 
Thank you
Indunil Jayasooriya

Re: allocation bandwidth with cbq

2011-01-27 Thread Indunil Jayasooriya

 Hi, thanks for your reply. I am still NOT be able to get it done ( i.e -
 downloading @ 80 Kbps without borrowing for the student . Pls see below.



 
  and wrote my rules. But, I still can NOT allocate 80Kbps for the student,
  while downloading. it goes up whole a lot.  here are my rules. ( em0  is
  ext_if and em1 is int_if )
 
 
  # enable queueing on the external interface to control traffic going to
  # the Internet. use the priq scheduler to control only priorities. set
  # the bandwidth to 485Kbps to get the best performance out of the TCP
  # ACK queue.
 
  altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
  tcp_ack_out }

  altq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
 tcp_ack_out }

 it should be like below. ( I added tcp_student_out )

 ltq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
tcp_ack_out, tcp_student_out }


queue std_out bandwidth 300Kb cbq(default borrow)
  queue ssh_im_out bandwidth 50Kb cbq(red)
  queue dns_out bandwidth 25Kb cbq(borrow)
  queue tcp_ack_out bandwidth 30Kb priority 6 cbq(borrow red)
  queue tcp_student_out bandwidth 80Kb cbq(red)

 
  # define the parameters for the child queues.
  # std_out  - the standard queue. any filter rule below that does not
  #explicitly specify a queue will have its traffic added
  #to this queue.
  # ssh_im_out   - interactive SSH and various instant message traffic.
  # dns_out  - DNS queries.
  # tcp_ack_out  - TCP ACK packets with no data payload.
 
 
  # enable queueing on the internal interface to control traffic coming in
  # from the Internet. use the cbq scheduler to control bandwidth. max
  # bandwidth is 2Mbps.
 
  altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in,
 student_in
  }


 
  # define the parameters for the child queues.
  # std_in  - the standard queue. any filter rule below that does not
  #   explicitly specify a queue will have its traffic added
  #   to this queue.
  # ssh_im_in   - interactive SSH and various instant message traffic.
  # dns_in  - DNS replies.
  # student_in  - bandwidth reserved for  the workstation.
  #
 
  queue std_in bandwidth 1.6Mb cbq(default)
  queue ssh_im_in  bandwidth 200Kb priority 4
  queue dns_in bandwidth 120Kb priority 5
  queue student_in bandwidth 80Kb cbq
 
  queue std_in bandwidth 1.6Mb cbq(default borrow)
  queue ssh_im_in  bandwidth 200Kb priority 4
  queue dns_in bandwidth 120Kb priority 5
  queue student_in bandwidth 80Kb cbq

 added as given above.


 
  clienttcpports={ 21, 80, 8080, 443 }
  clientudpports={ 53 }
 
 
  # FTP-Proxy
  anchor ftp-proxy/*
  pass in quick on $int_if proto tcp from $lan_net to any port 21 \
  flags S/SA keep state rdr-to 127.0.0.1 port 8021
 
  # Squid Redirect
  pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 }
 \
  flags S/SA keep state rdr-to 127.0.0.1 port 3128
 #--

  pass in quick on $int_if proto tcp from $student_pc to any port 21 \
 flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in

  pass in quick on $int_if proto tcp from $student_pc to any port { 80 8080
 } \
 flags S/SA keep state rdr-to 127.0.0.1 port 3128 queue student_in

  pass in quick on $int_if proto tcp from $lan_net to any port 21 \
 flags S/SA keep state rdr-to 127.0.0.1 port 8021

  pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \
 flags S/SA keep state rdr-to 127.0.0.1 port 3128

 added as given above





 
  # filter rules
  block in log
  block out log
  #pass out log keep state
 
  antispoof quick for { lo $int_if ext_if }
 
 
  pass in log on $int_if inet proto udp from $lan_net to !$int_if \
port $clientudpports keep state


   pass in log on $int_if inet proto tcp from $student_pc to !$int_if \
 port $https flags S/SA keep state queue student_in

  pass in log on $int_if inet proto tcp from $lan_net to !$int_if \
port $https flags S/SA keep state
 
 
  pass out log on $ext_if inet proto udp from $ext_if to any \
port $clientudpports keep state queue dns_out
 
  pass out log on $ext_if inet proto tcp from  $ext_if to any \
port $clienttcpports flags S/SA modulate state queue(std_out,
 tcp_ack_out)
 
 
 
  ###pass out on $int_if proto udp from port $clientudpports to $student_pc
 \
   ###   queue dns_in --delete
 
  ###pass out on $int_if proto tcp from port $clienttcpports to $student_pc
 \
   ###   queue student_in   -delete
 

  I understood the above 2 rules


 block out on $int_if


I think this is NOT needed. since I have default block the above

block in log
block out log


 if a rule pass in on $int_if with keep state it will pass back to
 $student_pc

  Yeah, I understand.


Hope to hear from you.



-- 
Thank you
Indunil Jayasooriya

allocation bandwidth with cbq

2011-01-26 Thread Indunil Jayasooriya

Hi list,

I am trying to allocate bandwidth with cbq. I just want to allocate 80Kbps
for a student. I do Not want him to borrow the bandwidth when it is
available. I am on a 64 bit openbsd 4.8 stable.


**I went to the below URL. I studied *example 1*  , Small, Home network
http://www.openbsd.org/faq/pf/queueing.html


and wrote my rules. But, I still can NOT allocate 80Kbps for the student,
while downloading. it goes up whole a lot.  here are my rules. ( em0  is
ext_if and em1 is int_if )


# enable queueing on the external interface to control traffic going to
# the Internet. use the priq scheduler to control only priorities. set
# the bandwidth to 485Kbps to get the best performance out of the TCP
# ACK queue.

altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
tcp_ack_out }

# define the parameters for the child queues.
# std_out  - the standard queue. any filter rule below that does not
#explicitly specify a queue will have its traffic added
#to this queue.
# ssh_im_out   - interactive SSH and various instant message traffic.
# dns_out  - DNS queries.
# tcp_ack_out  - TCP ACK packets with no data payload.

queue std_out priq(default)
queue ssh_im_out  priority 4 priq(red)
queue dns_out priority 5
queue tcp_ack_out priority 6

# enable queueing on the internal interface to control traffic coming in
# from the Internet. use the cbq scheduler to control bandwidth. max
# bandwidth is 2Mbps.

altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, student_in
}

# define the parameters for the child queues.
# std_in  - the standard queue. any filter rule below that does not
#   explicitly specify a queue will have its traffic added
#   to this queue.
# ssh_im_in   - interactive SSH and various instant message traffic.
# dns_in  - DNS replies.
# student_in  - bandwidth reserved for  the workstation.
#

queue std_in bandwidth 1.6Mb cbq(default)
queue ssh_im_in  bandwidth 200Kb priority 4
queue dns_in bandwidth 120Kb priority 5
queue student_in bandwidth 80Kb cbq


clienttcpports={ 21, 80, 8080, 443 }
clientudpports={ 53 }


# FTP-Proxy
anchor ftp-proxy/*
pass in quick on $int_if proto tcp from $lan_net to any port 21 \
flags S/SA keep state rdr-to 127.0.0.1 port 8021

# Squid Redirect
pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \
flags S/SA keep state rdr-to 127.0.0.1 port 3128

# filter rules
block in log
block out log
#pass out log keep state

antispoof quick for { lo $int_if ext_if }


pass in log on $int_if inet proto udp from $lan_net to !$int_if \
  port $clientudpports keep state

pass in log on $int_if inet proto tcp from $lan_net to !$int_if \
  port $https flags S/SA keep state


pass out log on $ext_if inet proto udp from $ext_if to any \
  port $clientudpports keep state queue dns_out

pass out log on $ext_if inet proto tcp from  $ext_if to any \
  port $clienttcpports flags S/SA modulate state queue(std_out, tcp_ack_out)



pass out on $int_if proto udp from port $clientudpports to $student_pc \
queue dns_in

pass out on $int_if proto tcp from port $clienttcpports to $student_pc \
queue student_in



there are some more rules. I think the given rules are enough..


any ideas?






-- 
Thank you
Indunil Jayasooriya

Re: allocation bandwidth with cbq

Re: allocation bandwidth with cbq

Re: allocation bandwidth with cbq

allocation bandwidth with cbq

4 matches

Site Navigation

Mail list logo

Footer information