Re: altq on multiple interfaces
* Andy a...@brandwatch.com [2013-10-09 17:14]: After-all the packets egress the physical underlying interface so I wonder if its possible to 'queue' on the physical interface 'on emX' for example underneath the 802.1Q tagging, such that all the traffic for all VLANs on top of that phys interface would go through the same queues! yes, that's supposed to work. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: altq on multiple interfaces
On Mon 21 Oct 2013 10:45:41 BST, Henning Brauer wrote: * Andy a...@brandwatch.com [2013-10-09 17:14]: After-all the packets egress the physical underlying interface so I wonder if its possible to 'queue' on the physical interface 'on emX' for example underneath the 802.1Q tagging, such that all the traffic for all VLANs on top of that phys interface would go through the same queues! yes, that's supposed to work. That's fantastic, wonderful news! I will ensure to add that to my testing once I've got the new hardware through. Incidentally, the new hardware we're buying is part of a larger project to scale up our infrastructure and once its in place (Q1 next year) we will have the capacity and bandwidth to be an OpenBSD mirror and maybe host a few other things for the project in our DC racks. Cheers, Andy.
Re: altq on multiple interfaces
Hi, A question for Henning I think? Do you know if your new super duper HENQ queuing subsystem would allow this? I.e. to queue on the underlying physical (or trunk) interface which all the VLAN interfaces sit upon? This would be amazing as this would mean that you could finally share your total downstream WAN bandwidth across all of your internal VLAN subnets without having to slice up a fixed portion of the bandwidth allocation to each one for the egress of each internal interface. Crossing my fingers and toes! ;) PS; hopefully gonna start testing your diff soon, as soon as I get my new hardware in November. Cheers, Andy. On 09/10/13 16:14, Andy wrote: On Wed 09 Oct 2013 13:53:06 BST, Andy wrote: On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote: Thanks for your reply Andy. What if I have: - multiple VLANs on an internal IF Just have a different set of queues for each 'on vlanX' etc. - have a limited bandwidth on external (say 10/10Mbit/s) Do as was suggested, have a smaller bandwidth for the WAN traffic (100Mbit in the example). Just change that to 10Mbit. and I want to share the external bandwidth among all VLANs giving some IPs (from different VLANs) each a bandwidth guarantee ? You cannot share the 'download' bandwidth across all internal VLANS for the inbound direction, you have to divide it out so that the egress bandwith of each of the internal VLANs sum to the total ingress bandwidth of your WAN. This is a horrible limitation which I *hate* :( Thinking about it, this might not be true.. After-all the packets egress the physical underlying interface so I wonder if its possible to 'queue' on the physical interface 'on emX' for example underneath the 802.1Q tagging, such that all the traffic for all VLANs on top of that phys interface would go through the same queues! If that were the case it would be wonderful :) and I would be changing my own topology immediately to take advantage of having all my different internal nets share the same WAN downstream bandwidth! Someone on here who knows OpenBSD better than me might know if this is possible? You can share the upstream bandwith however as this can be all applied to the single WAN interface. Remember you can only queue egress, not ingress. Sorry if I was not clear in my original question... Thanks
altq on multiple interfaces
Hi all, is there a way to configure altq on multiple interfaces, sharing the same parameters (bandwidth, priorities, etc) ? If not, is there some other mechanism to obtain the same result ? Thanks for any suggestion. Leonardo
Re: altq on multiple interfaces
# WAN egress Queues
altq on $if_ext bandwidth 970Mb hfsc queue { ext_local, ext_wan }
queue ext_local bandwidth 800Mb priority 4 hfsc(upperlimit 800Mb) {
_local_kernel, _local_data }
queue _local_kernel on $if_ext bandwidth 1% priority 6
hfsc(realtime 1%, linkshare 10%)
queue _local_data on $if_ext bandwidth 99% priority 0
hfsc(linkshare 80%)
queue ext_wan bandwidth 100Mb priority 15 hfsc(linkshare 100Mb) {
_wan_pri, _wan_int, _wan_web, _wan_dflt }
queue _wan_pri on $if_ext bandwidth 20% priority 6 qlimit 100
hfsc(realtime 20%, linkshare 20%)
queue _wan_int on $if_ext bandwidth 5% priority 5 qlimit 100
hfsc(realtime 5%, linkshare 5%)
queue _wan_web on $if_ext bandwidth 50% priority 4 qlimit 100
hfsc(realtime(10%, 1000, 1%), linkshare 50%, ecn)
queue _wan_dflt on $if_ext bandwidth 5% priority 2 qlimit 100
hfsc(realtime(10%, 1000, 1%), linkshare 5%, ecn, default)
# LAN egress Queues
altq on $if_lan bandwidth 970Mb hfsc queue { lan_local, lan_wan }
queue lan_local bandwidth 800Mb priority 4 hfsc(upperlimit 800Mb) {
_local_kernel, _local_data }
queue _local_kernel on $if_lan bandwidth 1% priority 6
hfsc(realtime 1%, linkshare 10%)
queue _local_data on $if_lan bandwidth 99% priority 0
hfsc(linkshare 80%)
queue lan_wan bandwidth 100Mb priority 15 hfsc(linkshare 100Mb) {
_wan_pri, _wan_int, _wan_web, _wan_dflt }
queue _wan_pri on $if_lan bandwidth 10% priority 6 qlimit 100
hfsc(realtime 10%, linkshare 10%)
queue _wan_int on $if_lan bandwidth 5% priority 5 qlimit 100
hfsc(realtime 5%, linkshare 5%)
queue _wan_web on $if_lan bandwidth 60% priority 4 qlimit 100
hfsc(realtime(10%, 1000, 1%), linkshare 60%, ecn)
queue _wan_dflt on $if_lan bandwidth 5% priority 2 qlimit 100
hfsc(realtime(10%, 1000, 1%), linkshare 5%, ecn, default)
Note the 'on $if_ext'
You can now write the rule;
pass quick proto { tcp } from { ext_trusted_netsv4 } to {
int_ssh_serversv4 } port { ssh } queue (_wan_dflt,_wan_int) set prio (2,5)
This would queue the traffic in both directions with only one rule.
NB; I use '_local_kernel' for local CARP traffic etc, and '_local_data'
for traffic which is not distined for the WAN link but other local
networks and so can run at wire speed.
And _wan_* for the wan based traffic..
Hope this helps,
Andy.
On 09/10/13 07:47, Leonardo Lombardo wrote:
Hi all,
is there a way to configure altq on multiple interfaces, sharing the same
parameters (bandwidth, priorities, etc) ?
If not, is there some other mechanism to obtain the same result ?
Thanks for any suggestion.
Leonardo
Re: altq on multiple interfaces
Thanks for your reply Andy. What if I have: - multiple VLANs on an internal IF - have a limited bandwidth on external (say 10/10Mbit/s) and I want to share the external bandwidth among all VLANs giving some IPs (from different VLANs) each a bandwidth guarantee ? Sorry if I was not clear in my original question... Thanks
Re: altq on multiple interfaces
On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote: Thanks for your reply Andy. What if I have: - multiple VLANs on an internal IF Just have a different set of queues for each 'on vlanX' etc. - have a limited bandwidth on external (say 10/10Mbit/s) Do as was suggested, have a smaller bandwidth for the WAN traffic (100Mbit in the example). Just change that to 10Mbit. and I want to share the external bandwidth among all VLANs giving some IPs (from different VLANs) each a bandwidth guarantee ? You cannot share the 'download' bandwidth across all internal VLANS for the inbound direction, you have to divide it out so that the egress bandwith of each of the internal VLANs sum to the total ingress bandwidth of your WAN. This is a horrible limitation which I *hate* :( You can share the upstream bandwith however as this can be all applied to the single WAN interface. Remember you can only queue egress, not ingress. Sorry if I was not clear in my original question... Thanks
Re: altq on multiple interfaces
On Wed 09 Oct 2013 13:53:06 BST, Andy wrote: On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote: Thanks for your reply Andy. What if I have: - multiple VLANs on an internal IF Just have a different set of queues for each 'on vlanX' etc. - have a limited bandwidth on external (say 10/10Mbit/s) Do as was suggested, have a smaller bandwidth for the WAN traffic (100Mbit in the example). Just change that to 10Mbit. and I want to share the external bandwidth among all VLANs giving some IPs (from different VLANs) each a bandwidth guarantee ? You cannot share the 'download' bandwidth across all internal VLANS for the inbound direction, you have to divide it out so that the egress bandwith of each of the internal VLANs sum to the total ingress bandwidth of your WAN. This is a horrible limitation which I *hate* :( Thinking about it, this might not be true.. After-all the packets egress the physical underlying interface so I wonder if its possible to 'queue' on the physical interface 'on emX' for example underneath the 802.1Q tagging, such that all the traffic for all VLANs on top of that phys interface would go through the same queues! If that were the case it would be wonderful :) and I would be changing my own topology immediately to take advantage of having all my different internal nets share the same WAN downstream bandwidth! Someone on here who knows OpenBSD better than me might know if this is possible? You can share the upstream bandwith however as this can be all applied to the single WAN interface. Remember you can only queue egress, not ingress. Sorry if I was not clear in my original question... Thanks
altq on multiple interfaces
Hi I'm currently trying to enhance my altq-rules and I apologize in advance if this is a FAQ, but I definitly googled: So far, I used priq on my internal and external interface to prioritize VoIP over SSH over mail over everything else. But now I have a third interface that sometimes consumes a lot of traffic and is thus killing VoIP. Is there a simple way to basically say everything that enters my router, no matter which internal interface it uses, has to follow these rules? The two internal interfaces are different Class-C nets and they have to stay this way. And traffic that comes from the router but not from the internet should be able to use the full FastEthernet bandwidth and not just the SDSL-speed configured in altq. Is there any way to do this without having to use two sets of rules for incoming traffic? The FAQ only lists a CBQ example for a system with more than 2 interfaces and I'd really like to stay with priq. Or do I have to switch to CBQ? Thanks :) -- Fridtjof Busse
