Hello , > >>> But under dynamic queues, I understand, the creation of a large number of >> dynamic patterns. >>> For example creates template for the queue with an indication of the speed >> such as 512Kbit / s, >>> and then creates template for the filter of which you can >>> specify a subnet like 192.168.1.0/24 and this pattern break this subnet to >> the desired number of rules in this case, >>> to 254, and under each This rule will create a dynamic part of the dynamic >> pattern of 512Kbit / s for each rule. >> > On 2009-05-27, (private) HKS <hks.priv...@gmail.com> wrote: >> What? > > > If you want to throttle all your clients to, say, 512Kb/sec, you need a > stack of separate queues, and a stack of match rules for them. You can set > them up individually via pfctl/pf.conf but it's a bit messy, you'd probably > want to do part of it via some script or preprocessor. (I think using a > shell script to generate a file to include would be viable though). > > Real dynamic queues would be created and destroyed on-the-fly which > could help it scale a bit further, but I don't know how useful it would > be, the first thing that comes to mind is memory use, but each extra > queue doesn't use _all_ that much from the pool unless it's actively > in-use. There might be problems other than memory when using a huge > number of queues, I don't know, never used more than a handful here... > something for someone who has a big setup to look at and profile, really.
Similar constructions shaper frequently uses in local area networks ISP (in russia,ukraine), where one powerful computer can be up to 6-7 thousand clients. Use of these computers tend to linux or freebsd (with dummynet (real dynamic queues with src and dst masks:))) Here in such cases it is simply indispensable. I found the patches which allow you to add queues altq through pfctl (may be useful, and add to main tree :) ) http://dinar.yantel.ru/patches/openbsd/merge/ And this patch remove altq when interface is destroy http://dinar.yantel.ru/patches/openbsd/altq/patch_pf_if.c -- Best regards, irix mailto:i...@ukr.net
