On 2009-11-03, Alexander Shikoff <minot...@crete.org.ua> wrote:
> Because I need queuing for outgoing traffic on vlan* interfaces.
> When keep state is used then queues for outgoing traffic do not work.
this (and variations) keep coming up (and has been answered 3 or 4
times in various mailing lists), but it's incorrect.
you can do this with stateful rules, you just need to do the queue
assignments in the right place/s to make sure that traffic gets
queued correctly.
- when you keep state, the state entry has a queue name associated
with it. any packets matching that state will be assigned to
the queue/s with that name on _any_ interface in the system.
- you can assign traffic on an interface other than the one holding
the queue. assuming you want to queue the downstream traffic you have
received on bge0 and want to forward to 1.2.3.4 on vlan1:
+--- --- -- -
| altq on vlan1 [...] queue { onetwothreefour [...] }
| queue onetwothreefour...
|
| ## incoming connections to 1.2.3.4 get queued:
| pass in on bge0 to 1.2.3.4 queue { onetwothreefour }
|
| ## outbound connections from 1.2.3.4 create state with a queue,
| ## so _return traffic matching that state_ is queued:
| pass in on vlan1 from 1.2.3.4 queue { onetwothreefour }
+--- --- -- -
- if you're queuing both upstream and downstream, note that
queues on different interfaces can have the same name:
+--- --- -- -
| altq on vlan1 [...] queue { onetwothreefour [...] }
| altq on bge0 [...] queue { onetwothreefour [...] }
| queue onetwothreefour...
| pass in on vlan1 from 1.2.3.4 queue { onetwothreefour }
| pass in on bge0 to 1.2.3.4 queue { onetwothreefour }
+--- --- -- -
