I am very scared after reading this https://wiki.freebsd.org/IpfwNg
how could I put my trust in something that could have so many edge cases? I know that is a lot off topic, but what about Xen? May it be reliable to run routers/gateways/firewalls over Xen? On 13 April 2013 11:19, Raimundo Santos <[email protected]> wrote: > Hi Antonio! > > Well, there is not much to miss ;) - it is an ISP which uses wireless to > distribute internet, which in turns do not allow us to control the > bandwidth limit over the medium in a trusted way. Therefore, we need to > limit this traffic in some way, and the actual way is with linux(iptables + > tc), but it is hard to maintain - and almost everything is manualy > controled 0_o (I am new at this job) > > A really liked the PF syntax, it is clean and easy to read - even more > within the match keyword that is new in OpenBSD >= 4.7. But the queuing > methods implemented in PF do not let to share the bandwitdh in an > overbooking fashion, which is crucial to an ISP. The only way is to divide > the queues to share bandwidth in a manner that do not surpass the total. > > By now, I am putting my chips in FreeBSD ipfw integration with ALTQ, in a > way that the packets are limited by pipe and queued with HFSC in ALTQ. But > I really dislike the syntax of ipfw, it reminds me of iptables. > > Cheers! > > > On 12 April 2013 18:13, Antonio Huete Jimenez > <[email protected]>wrote: > >> ** >> Hi Raimundo, >> >> I don't think vkernels are up to the task currently. In my >> experience/opinion they are not stable and fast enough now for what you are >> intending to do. >> Maybe I am just missing some details of your setup. >> >> Cheers, >> Antonio Huete >> >> El 12 de abril de 2013 a las 17:14 Raimundo Santos <[email protected]> >> escribió: >> >> On 12 April 2013 02:58, Sepherosa Ziehau <[email protected]> wrote: >> >> >> You could use ALTQ fairq w/ PF, which is similar to dummynet's WF2Q >> >> Best Regards, >> sephe >> >> -- >> Tomorrow Will Never Die >> >> >> Hum... but I need to do a hard limiting to all my customers. They have a >> unique IP address, so I can decide about the bandwidth (here, we are about >> to implement RADIUS to do auth too). The ideia here is to >> >> 1. limit external in/out traffic >> 2. do QoS over this limited traffic >> >> I have an average of 600 clients at the same time, so I think that FAIRQ >> could be a good thing but not to hard limiting every IP. >> >> If I offer three kinds of bandwidth to my customers, may I define three >> subclasses in FAIRQ and let the traffic of the right kinds go through the >> right queues? I think it does not work: if someone is hogging that queue, >> what the others will end up with? >> >> -- >> -------------------------------------------- >> Raimundo A. P. Santos >> Bacharelando em Informática >> ICMC - USP >> >> >> >> > > > > -- > -------------------------------------------- > Raimundo A. P. Santos > Bacharelando em Informática > ICMC - USP > -- -------------------------------------------- Raimundo A. P. Santos Bacharelando em Informática ICMC - USP
