Now you're just showing off...
I have (in south africa) a "business" package from my ISP with
not-guaranteed 1Mbps down and 128kbs up with a chunked down mtu and really
weird filtering and shaping things going on ...
I really need to move to another country....
On Jan 13, 2008 8:53 PM, Max Hayden Chiz <[EMAIL PROTECTED]> wrote:
> Because several people have asked, my Internet connection is a
> business class cable connection with guaranteed 512Kbps up and 7Mbps
> down. I do get those speeds and can sustain them essentially
> indefinitely.
>
> On Jan 12, 2008 9:01 PM, Max Hayden Chiz <[EMAIL PROTECTED]> wrote:
> > I noticed that running BitTorrent was making my network go very slow
> > and have been trying to fix it. After spending most of the day
> > playing around with it I have concluded that the problem is caused by
> > having too many simultaneous BitTorrent connections. As you increase
> > the number of connections, the latency on the external interface
> > increases dramatically (e.g. ping times hit 900+ms or time out
> > entirely.) This is true regardless of bandwidth usage, because I can
> > rate limit client and still cause the problem. Running `pfctl -vvsq`
> > shows that altq doesn't have a backlog. Looking at the archives, it
> > seems that others on the list have experienced this problem in the
> > past, but there hasn't been a final resolution.
> >
> > I am at a total loss as to why this would be causing the massive
> > increase in latency. Can someone more experienced explain why this is
> > (and possibly tell me what I'm doing wrong)? For your reference I'm
> > running OpenBSD4.2-current (Dec18 snapshot) on a Sun Blade 100. The
> > computer is as it comes from the factory except that I have added a
> > gigabit network card (re) and a wifi card (ral).
> >
> > Here is my pf.conf:
> >
> > ext_if="gem0"
> > int_if="re0"
> > wifi="ral0"
> > vpn="enc0"
> >
> > bthost="172.16.1.10"
> > btport="21885"
> >
> > set skip on lo
> >
> > scrub in
> > scrub on $vpn max-mss 1400 no-df random-id
> >
> > altq on $ext_if priq bandwidth 512Kb queue{ack, main, others, bt}
> > queue ack priority 7
> > queue main priority 6
> > queue others priority 5
> > queue bt priority 1 priq(default)
> >
> >
> > nat on $ext_if from !($ext_if) -> ($ext_if:0)
> > rdr on $ext_if proto tcp to port $btport tag BT -> $bthost
> >
> > block all
> >
> > pass on $int_if no state
> >
> > pass in on $ext_if proto tcp to port $btport queue bt
> >
> > pass out on $ext_if queue (others, ack)
> > pass out on $ext_if from $bthost queue bt
> > pass out on $ext_if proto tcp to port {ssh, http, https} queue
> (main,ack)
> >
> > pass in proto tcp to port ssh
> >
> > ##Rules for WiFi Gateway
> >
> > #Allow configuring IPSec
> > pass in on $wifi proto udp to port isakmp
> > pass in on $wifi proto udp to port domain
> > pass in on $wifi proto esp
> >
> > #allow authenticated users to do everything
> > pass on $vpn no state
> >
> > I can send a dmesg or anything else if I need to. Thanks in advance
> > for your help.
> >
> > --MHC
> >
> > P.S. The obvious way to have pf deal with this is to use
> > max-src-states. I have tested this approach and confirmed that it
> > will avoid the problem, but I don't understand why this works, nor do
> > I know if this is the "correct" way to deal with this.
