Re: Packet loss simulation with ALTQ
On Wednesday 20 September 2006 15:50, Norberto Meijome wrote: > gotcha, so i may end up using 2 firewalls anyway... :-) I think I may go > with ipfw and dummynet to keep it to one set I'll have to read on some > comparisons before making up my mind... Perhaps you can combine ipfw/dummynet and pf/ALTQ. I know for sure that you can use pf and ipfw at the same time. The filtering is done in a serial way(packets that are allowed through the first packet filter, go through the second etc). You can load the modules in any order you like and this will be the order packets flow through the packet filters... Don't know if that's the case with dummynet and ALTQ... Also, ipfw can "inject" packets to altq. You still have to use pf for setting up the queues. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Packet loss simulation with ALTQ
On Wed, 20 Sep 2006 14:20:19 +0300
Nikos Vassiliadis <[EMAIL PROTECTED]> wrote:
> On Tuesday 19 September 2006 18:24, Norberto Meijome wrote:
> > hi there :)
> > I was planning to migrate a 4.11 firewall using a combo of ipf/ipnat and
> > ipfw pipe/dummynets to pf + ALTQ.
>
> pf/ipf/ipfw & dummynet/ALTQ are available since 5.3-R if I recall correctly.
Yes, of course - sorry, i meant to say 'I have a 4.11 which will be upgrading
to 6.2' :) thanks for making me right.
>
> > One thing I haven't figured out how to do with pf is the plr option to the
> > dummynet configuration - we use it to simulate modem connections or just
> > simply bad links.
>
> pf.conf manual(6.1-STABLE)
>
> probability
>A probability attribute can be attached to a rule, with a value set
>between 0 and 1, bounds not included. In that case, the rule will
>be honoured using the given probability value only. For example,
>the following rule will drop 20% of incoming ICMP packets:
>
> block in proto icmp probability 20%
>
thanks :) i didn't realise it could be done this way :)
>
> > Also, is it definitely possibly to simulate the 'delay' option of dummynet
> > with pf+ALTQ ?
>
> No, ALTQ cannot delay packets, you have to use dummynet for this.
gotcha, so i may end up using 2 firewalls anyway... :-) I think I may go with
ipfw and dummynet to keep it to one set I'll have to read on some
comparisons before making up my mind...
The alternative would be to use netgraph to add this delay... not sure if there
is a ng_delay node ...
thanks for your help,
B
_
{Beto|Norberto|Numard} Meijome
Q. How do you make God laugh?
A. Tell him your plans.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Packet loss simulation with ALTQ
On Tuesday 19 September 2006 18:24, Norberto Meijome wrote: > hi there :) > I was planning to migrate a 4.11 firewall using a combo of ipf/ipnat and > ipfw pipe/dummynets to pf + ALTQ. pf/ipf/ipfw & dummynet/ALTQ are available since 5.3-R if I recall correctly. > One thing I haven't figured out how to do with pf is the plr option to the > dummynet configuration - we use it to simulate modem connections or just > simply bad links. pf.conf manual(6.1-STABLE) probability A probability attribute can be attached to a rule, with a value set between 0 and 1, bounds not included. In that case, the rule will be honoured using the given probability value only. For example, the following rule will drop 20% of incoming ICMP packets: block in proto icmp probability 20% > Also, is it definitely possibly to simulate the 'delay' option of dummynet > with pf+ALTQ ? No, ALTQ cannot delay packets, you have to use dummynet for this. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Packet loss simulation with ALTQ
hi there :)
I was planning to migrate a 4.11 firewall using a combo of ipf/ipnat and ipfw
pipe/dummynets to pf + ALTQ.
One thing I haven't figured out how to do with pf is the plr option to the
dummynet configuration - we use it to simulate modem connections or just simply
bad links.
Also, is it definitely possibly to simulate the 'delay' option of dummynet with
pf+ALTQ ?
thanks!!
Beto
_
{Beto|Norberto|Numard} Meijome
"I abhor a system designed for the 'user', if that word is a coded pejorative
meaning 'stupid and unsophisticated'. Ken Thompson
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
