Now you're just showing off... I have (in south africa) a "business" package from my ISP with not-guaranteed 1Mbps down and 128kbs up with a chunked down mtu and really weird filtering and shaping things going on ... I really need to move to another country....
On Jan 13, 2008 8:53 PM, Max Hayden Chiz <[EMAIL PROTECTED]> wrote: > Because several people have asked, my Internet connection is a > business class cable connection with guaranteed 512Kbps up and 7Mbps > down. I do get those speeds and can sustain them essentially > indefinitely. > > On Jan 12, 2008 9:01 PM, Max Hayden Chiz <[EMAIL PROTECTED]> wrote: > > I noticed that running BitTorrent was making my network go very slow > > and have been trying to fix it. After spending most of the day > > playing around with it I have concluded that the problem is caused by > > having too many simultaneous BitTorrent connections. As you increase > > the number of connections, the latency on the external interface > > increases dramatically (e.g. ping times hit 900+ms or time out > > entirely.) This is true regardless of bandwidth usage, because I can > > rate limit client and still cause the problem. Running `pfctl -vvsq` > > shows that altq doesn't have a backlog. Looking at the archives, it > > seems that others on the list have experienced this problem in the > > past, but there hasn't been a final resolution. > > > > I am at a total loss as to why this would be causing the massive > > increase in latency. Can someone more experienced explain why this is > > (and possibly tell me what I'm doing wrong)? For your reference I'm > > running OpenBSD4.2-current (Dec18 snapshot) on a Sun Blade 100. The > > computer is as it comes from the factory except that I have added a > > gigabit network card (re) and a wifi card (ral). > > > > Here is my pf.conf: > > > > ext_if="gem0" > > int_if="re0" > > wifi="ral0" > > vpn="enc0" > > > > bthost="172.16.1.10" > > btport="21885" > > > > set skip on lo > > > > scrub in > > scrub on $vpn max-mss 1400 no-df random-id > > > > altq on $ext_if priq bandwidth 512Kb queue{ack, main, others, bt} > > queue ack priority 7 > > queue main priority 6 > > queue others priority 5 > > queue bt priority 1 priq(default) > > > > > > nat on $ext_if from !($ext_if) -> ($ext_if:0) > > rdr on $ext_if proto tcp to port $btport tag BT -> $bthost > > > > block all > > > > pass on $int_if no state > > > > pass in on $ext_if proto tcp to port $btport queue bt > > > > pass out on $ext_if queue (others, ack) > > pass out on $ext_if from $bthost queue bt > > pass out on $ext_if proto tcp to port {ssh, http, https} queue > (main,ack) > > > > pass in proto tcp to port ssh > > > > ##Rules for WiFi Gateway > > > > #Allow configuring IPSec > > pass in on $wifi proto udp to port isakmp > > pass in on $wifi proto udp to port domain > > pass in on $wifi proto esp > > > > #allow authenticated users to do everything > > pass on $vpn no state > > > > I can send a dmesg or anything else if I need to. Thanks in advance > > for your help. > > > > --MHC > > > > P.S. The obvious way to have pf deal with this is to use > > max-src-states. I have tested this approach and confirmed that it > > will avoid the problem, but I don't understand why this works, nor do > > I know if this is the "correct" way to deal with this.