Re: pf change state's altq queue
On 2012-09-17, Simon Perreault wrote: > Le 2012-09-17 11:57, Ted Unangst a écrit : >> Here's the background. My cable ISP has this "turbo boost" thing >> where the first ~2 seconds of a connection download at 50Mbps, then >> it's throttled back to 20Mbps. I want to do this in pf (differentiate >> casual web browsing from long downloads). >> >> My first thought is I need to set up two altq queues, one full speed >> and one half speed. [...] >> >> Alternatively, any way to accomplish the same thing would be good. > > I probably have missed something obvious... Why don't you just use hfsc? I needed something like this for public wifi running over a handful of ADSLs which usually struggled to get more than 2-3Mb each. >From what I've seen in my attempts at using hfsc for this, the limits are for the queue, not per-state. If you have a separate queue for every IP address then maybe you could do something like this on a per-user basis, but given a large enough dhcp range on the network that people turning up and playing with lladdr random don't quickly run you out of space, the queue config is insane (plus then you can only do this per-user, rather than allow a fast burst on *every* connection and then throttle it back). Closest I came to what I wanted was using squid as a transparent proxy on port 80 with delay pools, most ports other than 22/80 got throttled right back (plus I pushed a few critical things like dns/ntp/voip over a dedicated line). It has most of the desired effect but it's a lot heavier-weight than I was really after and of course the main effect is http only.
Re: pf change state's altq queue
On Mon, Sep 17, 2012 at 13:23, Simon Perreault wrote: > Le 2012-09-17 13:19, Ted Unangst a écrit : >>> I probably have missed something obvious... Why don't you just use hfsc? >> >> I want the queue to change based on the length of time (or data) the >> connection has been around. All of my traffic is going to be coming >> from port 80, so there's way to identify to long connections vs short >> connections in pf. > > Isn't that the point of hfsc? From pf.conf(5): oh, hmm, i guess it is. not a good day for reading. thanks. :)
Re: pf change state's altq queue
Le 2012-09-17 13:19, Ted Unangst a écrit : I probably have missed something obvious... Why don't you just use hfsc? I want the queue to change based on the length of time (or data) the connection has been around. All of my traffic is going to be coming from port 80, so there's way to identify to long connections vs short connections in pf. Isn't that the point of hfsc? From pf.conf(5): The hfsc scheduler supports some additional options: linkshare The bandwidth share of a backlogged queue. realtimeThe minimum required bandwidth for the queue. upperlimit The maximum allowed bandwidth for the queue. is an abbreviation for service curve. The format for service curve specifications is (m1, d, m2). m2 controls the bandwidth assigned to the queue. m1 and d are optional and can be used to control the initial bandwidth assignment. For the first d milliseconds the queue gets the bandwidth given as m1, afterwards the value given in m2. Just define m1, d, and m2 according to your needs... I must be missing something obvious... Simon
Re: pf change state's altq queue
On Mon, Sep 17, 2012 at 12:24, Simon Perreault wrote: > Le 2012-09-17 11:57, Ted Unangst a écrit : >> Here's the background. My cable ISP has this "turbo boost" thing >> where the first ~2 seconds of a connection download at 50Mbps, then >> it's throttled back to 20Mbps. I want to do this in pf (differentiate >> casual web browsing from long downloads). >> >> My first thought is I need to set up two altq queues, one full speed >> and one half speed. [...] >> >> Alternatively, any way to accomplish the same thing would be good. > > I probably have missed something obvious... Why don't you just use hfsc? I want the queue to change based on the length of time (or data) the connection has been around. All of my traffic is going to be coming from port 80, so there's way to identify to long connections vs short connections in pf.
Re: pf change state's altq queue
Le 2012-09-17 11:57, Ted Unangst a écrit : Here's the background. My cable ISP has this "turbo boost" thing where the first ~2 seconds of a connection download at 50Mbps, then it's throttled back to 20Mbps. I want to do this in pf (differentiate casual web browsing from long downloads). My first thought is I need to set up two altq queues, one full speed and one half speed. [...] Alternatively, any way to accomplish the same thing would be good. I probably have missed something obvious... Why don't you just use hfsc? Simon
pf change state's altq queue
Here's the background. My cable ISP has this "turbo boost" thing where the first ~2 seconds of a connection download at 50Mbps, then it's throttled back to 20Mbps. I want to do this in pf (differentiate casual web browsing from long downloads). My first thought is I need to set up two altq queues, one full speed and one half speed. Something like this: pass out queue fast pass out tagged download queue slow I suspect that will work, but I need to set the tags. Are tags attached to rules or states? It's not clear from the man page, probably because it doesn't make any difference right now. But then there's the question of whether the queue is attached to the state, or whether the queue is picked per packet. Basically, if I add an edit state ioctl, what do I need to change? The tag or the queue? (The plan was to have an external program monitor pf states and when a state passed a certain amount of traffic, it would be moved to another queue. I don't expect pf to do that for me.) Alternatively, any way to accomplish the same thing would be good.
