Carl Roberso ??????:
NetOne - Doichin Dokov wrote:
In fact, we use also a bit more complicated BGP setup. Don't know if it
would be in any help for you
Doichin, your practical, "hands-on" examples are "true gold" for me, really.
Again, thank you very much for your help.
My router/firewalls, after your "tuning recommendations" works flawlessly,
I'm very pleased.
Your load-balancing option is very interesting, and I'll investigate it
further next week.
As in any gateway solution traffic shaping / rate limiting is very important
as you pointed out, I was wondering if it can be setup in OpenBSD something
like "ATM functional paradigm", where, after giving a global PCR for a dot1q
trunk (ex. 40 Mbit/s), you can give to various VLANs PCRs & MCRs (ex. VLAN 1
with 20Mbit/s PCR, 10Mbit/s MCR, and VLAN 2 with 40Mbit/s PCR, 30Mbit/s
MCR).
I tried hard to figure out a way to do this from the official documentation
& by hard-Googling (for hours), but without any success.
Cheap rate-limiting in that way can be done, in a "mad but cheap way", with
a pair of old Cat 2924M with a ATM 155 and a Gigabit Ethernet module
(switch, modules & a GBIC are under $90 on ebay), "crossed in ATM", so you
connect the dot1q trunk in one switch, do the shaping at the LANE level,
then "extract" shaped services on the other switch (as a trunk on GE, on on
single ports), but.. of course.. it's really a dirty "spaghetti"-style
solution.
Have you any advice on making shaping on a OpenBSD router/firewall in a
"ATM-style"?
Yes, that's possible with OpenBSD and PF / ALTQ. You need the HFSC
queueing algorithm. A very nice site with docs about this is
http://www.probsd.net/pf/index.php/Main_Page
Using HFSC, you can assign each queue a realtime rate (MCR) and an
upperlimit (PCR), then setup the physical interface queue to the total
bandwidth available.
We use HFSC here for this, and it's performing quite fine, so if you
need examples, just drop a line. Another good place for help is the #pf
channel on the FreeNode IRC network. I also used to hang in there, but
we've recently had problems with our main office building (part of the
next building collapsed over it), so I'm personally not available very
much lately.
You can set up the vlans you want to shape on one physical interface.
Remember that you configure ALTQ and all queues on the PHYSICAL
interface, then you can use arbitrary PF rules to catch traffic and
assign it to queues, NO MATTER on which interface.
Read the docs, play with it and come back to the list when you need
help. It would be good if you provide some conf files about your setup -
how the interfaces are setup, what exactly you want to shape, etc.
Regards,
Doichin
