Re: PF: Help with a very simple bandwidth capping using hfsc
On 2009-12-09, Bryan S. Leaman wrote:
> Andres Salazar wrote:
>> Thank you for your suggestions.. however in this particular case I
>> still can download at 615Kbytes/sec .. at least now I can download at
>> a lesser rate with the following:
>>
>> altq on $t_externa bandwidth 200Kb hfsc queue { bulk, ack }
>> queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb
>> upperlimit 40Kb)
>> queue bulk bandwidth 80% priority 1 qlimit 500 hfsc (realtime 120Kb
>> upperlimit 120Kb default)
>>
>>
>> But I still cannot accomplish what I need
> If you want to attempt to throttle inbound traffic, then you will need
> to apply the queue to the *inside* interface, since queuing only works
> for traffic leaving an interface. So the traffic leaving the inside
> interface toward the internal LAN would be the inbound traffic. What
> you have currently is being applied to outbound traffic.
yes, that's exactly it.
>> However everytime I try, it just always ends up using the entire link.
>> If I modify it to 1Kb , it ends up using around 80Kilobytes/sec .
and this "works" because you're throttling the acks, so the sender slows down.
Re: PF: Help with a very simple bandwidth capping using hfsc
Andres Salazar wrote:
Thank you for your suggestions.. however in this particular case I
still can download at 615Kbytes/sec .. at least now I can download at
a lesser rate with the following:
altq on $t_externa bandwidth 200Kb hfsc queue { bulk, ack }
queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb
upperlimit 40Kb)
queue bulk bandwidth 80% priority 1 qlimit 500 hfsc (realtime 120Kb
upperlimit 120Kb default)
But I still cannot accomplish what I need
If you want to attempt to throttle inbound traffic, then you will need
to apply the queue to the *inside* interface, since queuing only works
for traffic leaving an interface. So the traffic leaving the inside
interface toward the internal LAN would be the inbound traffic. What
you have currently is being applied to outbound traffic.
Bryan
Re: PF: Help with a very simple bandwidth capping using hfsc
Andres Salazar wrote:
Thank you for your suggestions.. however in this particular case I
still can download at 615Kbytes/sec .. at least now I can download at
a lesser rate with the following:
altq on $t_externa bandwidth 200Kb hfsc queue { bulk, ack }
queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb
upperlimit 40Kb)
queue bulk bandwidth 80% priority 1 qlimit 500 hfsc (realtime 120Kb
upperlimit 120Kb default)
But I still cannot accomplish what I need.
Andres
On Wed, Dec 9, 2009 at 2:01 PM, Bryan S. Leaman wrote:
Andres Salazar wrote:
Hello,
For some reason I cannot get this to work properly... We have a
1Megabyte/sec connection, and I want this box to be capped at up to
200KiloBytes/sec .
However everytime I try, it just always ends up using the entire link.
If I modify it to 1Kb , it ends up using around 80Kilobytes/sec .
I don't think you can use the upperlimit directive in the altq definition,
but you can use it on each queue to force a maximum amount of bandwidth,
i.e. "queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb
upperlimit 40Kb)".
If you want each child to be able to borrow free bandwidth from the total
200Kb, then you can create a queue with upperlimit of 200Kb and create your
ack and bulk as subqueues with realtime of 40Kb and 160Kb so they have
guaranteed bandwidth, but then they can also borrow any free bandwidth from
the 200Kb parent when it's available. I'm doing this in one case and it
works fine.
Bryan
Which way is the traffic flowing? You say download, and i only see one
interface re0 labeled as externa(im assuming external from that name).
So it sounds like you are trying to limit your inbound or download
traffic correct?
If that is the case, its a bit if a circus trying to limit inbound BW
when the traffic has already arrived at the box. So i wouldnt expect
fully accurate limiting when trying to limit inbound on an interface. It
is usually better to limit on the outbound interface.
Lawrence
Re: PF: Help with a very simple bandwidth capping using hfsc
I just tried on a new install in 4.5, and still no go. Help is appreciated.
Re: PF: Help with a very simple bandwidth capping using hfsc
On Wed, 9 Dec 2009 14:02:24 -0600 Andres Salazar wrote: > Hello, > > In this case the queue "bulk" is the one set as "default" and indeed I > do see the traffic passing through it with the command you gave me. > > Please advise. > > Thanks > Andres I advise you to read his mail again. :) Mr. van Baak told you what is wrong with your ruleset. Did you read the pf faq on the OpenBSD website? It is explained there in detail. You only have two queues, simple enoughto have you see that you are doing something wrong. You get traffic in the default queue because it is the _default_ queue, traffic that isn't assigned to any other queue goes into the queue declared as default, in your case the queue called bulk. You need a rule in your pf config that matches the ack packages and assigns those to the ack queue... Just read the manpage and the faq. They are realy good. - Robert
Re: PF: Help with a very simple bandwidth capping using hfsc
Thank you for your suggestions.. however in this particular case I
still can download at 615Kbytes/sec .. at least now I can download at
a lesser rate with the following:
altq on $t_externa bandwidth 200Kb hfsc queue { bulk, ack }
queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb
upperlimit 40Kb)
queue bulk bandwidth 80% priority 1 qlimit 500 hfsc (realtime 120Kb
upperlimit 120Kb default)
But I still cannot accomplish what I need.
Andres
On Wed, Dec 9, 2009 at 2:01 PM, Bryan S. Leaman wrote:
> Andres Salazar wrote:
>>
>> Hello,
>>
>> For some reason I cannot get this to work properly... We have a
>> 1Megabyte/sec connection, and I want this box to be capped at up to
>> 200KiloBytes/sec .
>>
>> However everytime I try, it just always ends up using the entire link.
>> If I modify it to 1Kb , it ends up using around 80Kilobytes/sec .
>>
>
> I don't think you can use the upperlimit directive in the altq definition,
> but you can use it on each queue to force a maximum amount of bandwidth,
> i.e. "queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb
> upperlimit 40Kb)".
>
> If you want each child to be able to borrow free bandwidth from the total
> 200Kb, then you can create a queue with upperlimit of 200Kb and create your
> ack and bulk as subqueues with realtime of 40Kb and 160Kb so they have
> guaranteed bandwidth, but then they can also borrow any free bandwidth from
> the 200Kb parent when it's available. I'm doing this in one case and it
> works fine.
>
> Bryan
Re: PF: Help with a very simple bandwidth capping using hfsc
Andres Salazar wrote: Hello, For some reason I cannot get this to work properly... We have a 1Megabyte/sec connection, and I want this box to be capped at up to 200KiloBytes/sec . However everytime I try, it just always ends up using the entire link. If I modify it to 1Kb , it ends up using around 80Kilobytes/sec . I don't think you can use the upperlimit directive in the altq definition, but you can use it on each queue to force a maximum amount of bandwidth, i.e. "queue ack bandwidth 20% priority 2 qlimit 500 hfsc (realtime 40Kb upperlimit 40Kb)". If you want each child to be able to borrow free bandwidth from the total 200Kb, then you can create a queue with upperlimit of 200Kb and create your ack and bulk as subqueues with realtime of 40Kb and 160Kb so they have guaranteed bandwidth, but then they can also borrow any free bandwidth from the 200Kb parent when it's available. I'm doing this in one case and it works fine. Bryan
Re: PF: Help with a very simple bandwidth capping using hfsc
Hello, In this case the queue "bulk" is the one set as "default" and indeed I do see the traffic passing through it with the command you gave me. Please advise. Thanks Andres
Re: PF: Help with a very simple bandwidth capping using hfsc
On 11:33, Wed 09 Dec 09, Andres Salazar wrote: > Hello, > > For some reason I cannot get this to work properly... We have a > 1Megabyte/sec connection, and I want this box to be capped at up to > 200KiloBytes/sec . > > However everytime I try, it just always ends up using the entire link. > If I modify it to 1Kb , it ends up using around 80Kilobytes/sec . You are not attaching the queues to any rule in your ruleset. The queues are there, but unused. Check for yourself with pfctl -vvvsq -- Michiel van Baak mich...@vanbaak.eu http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD "Why is it drug addicts and computer aficionados are both called users?"
PF: Help with a very simple bandwidth capping using hfsc
Hello,
For some reason I cannot get this to work properly... We have a
1Megabyte/sec connection, and I want this box to be capped at up to
200KiloBytes/sec .
However everytime I try, it just always ends up using the entire link.
If I modify it to 1Kb , it ends up using around 80Kilobytes/sec .
# cat /etc/pf.conf
t_externa = "re0"
## Queueing
altq on $t_externa bandwidth 200Kb hfsc queue { bulk, ack }
queue ackbandwidth 20% priority 2 qlimit 500 hfsc (realtime 20%)
queue bulk bandwidth 80% priority 1 qlimit 500 hfsc (realtime
60% default)
block all
#pass out from self to any
antispoof quick for { lo0 }
pass in quick on $t_externa inet proto tcp from any to ($t_externa) \
port 22 keep state
pass out quick on $t_externa inet proto { tcp, udp } from ($t_externa) to any \
port 53 keep state
pass out quick on $t_externa inet proto tcp from ($t_externa) to any \
port { 80 443 }
### ICMP
pass inet proto icmp all icmp-type { echoreq, unreach } keep state
This is what systat queues says:
5 usersLoad 0.77 0.53 0.42 Wed Dec 9 17:59:16 2009
QUEUE BW SCH PRIO PKTSBYTES
DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S
root_re0200K hfsc000
000 0 0
ack 4 hfsc200
000 0 0
bulk 160K hfsc 27060 1818302
00 62 373 25006
This is what I can download at:776 KiB/sec using lynx
Iam using OPenBSD 4.6 .
Thanks
Andres
