Re: Borrow isn't borrowing much
On Monday, May 29, 2006, at 10:48 US/Pacific, Karl O. Pinc wrote: On 05/29/2006 07:02:40 AM, Steven Surdock wrote: I found that cbq didn't borrow as aggressively as I expected. Switching to the hfsc scheduler approached closer to what I wanted. That does seem to be better, but I clearly am not getting how hfsc uses the 'bandwidth' parameter as it seems to be using more bandwidth for a sub-queue than 'bandwidth' would allow. Perhaps I should be setting upperlimit as well HFSC is different enough that the bandwidth setting alone often doesn't make much sense. CBQ works in terms of bandwidth limits; HFSC works with bandwidth guarantees. You've got 3 options to play with: hfsc(realtime) is the minimum bandwidth for this queue. No matter what traffic comes along, a queue is guaranteed to get at least this much bandwidth. hfsc(upperlimit) is the maximum bandwidth for this queue. It will never get more than this. hfsc(linkshare) is what the bandwidth setting controls. It sets the weight of this queue (in relation to the others) for excess bandwidth on the interface, which is what is left over after the realtime guarantees have been satisfied for all queues. If you had 2 queues, each with a linkshare of 50% (or the equivalent bandwidth setting), and both queues were equally contending for the same bandwidth, they would each get 50% of the excess. If one queue wasn't in use at all, the other would get 100%. For a given queue, available bandwidth under HFSC is: realtime = (excess weighted by linkshare) = upperlimit
PF Schema and Design question
Where can i find a more advanced schema on how PF is doing filtering on each packet ? Something like : interface -- in -- nat -- pf rules ... ( grapfical presentation of where and how each rule PF is acting on each packet ) Thanks alot ! -- Key fingerprint = 9864 E575 E207 FB90 44C8 26A2 0167 E57E 66ED 0F1D
Re: PF Schema and Design question
Nikolay Kalev wrote: Where can i find a more advanced schema on how PF is doing filtering on each packet ? Something like : interface -- in -- nat -- pf rules ... ( grapfical presentation of where and how each rule PF is acting on each packet ) Thanks alot ! Try: http://mniam.net/pf/pf.png -or- http://homepage.mac.com/quension/pf/flow.png ~~MJ
Re: Borrow isn't borrowing much
On 05/29/2006 10:06:32 PM, Trevor Talbot wrote: hfsc(linkshare) is what the bandwidth setting controls. If hfc(linkshare) and bandwidth are the same thing, then what happens if you specify both? Karl [EMAIL PROTECTED] Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein
Re: seeking advice on spam gateway
On 05/29/2006 11:59:51 PM, Peter wrote: I am running 3.8 with postfix and amavisd-new. I have noticed a large number of postfix disconnections in my logs recently and I'm wondering whether this is normal or not. Postfix has a tarpit setting that delays initial SMTP replies because spammers often just blast ahead without waiting for replies, or won't wait for a reply and will just disconnect. This may be what you're seeing. Certainly longer connections are going to result in more state in the state table. I've not paid attention to the postfix logs in a while, but I don't seem to have any lost CONNECTION messages now. In the last month or so there was a posting on this list that described how state will go bad if your rules don't catch the start of the tcp connection. You might want to try adding flags S/SA keep state to your pf rules to make sure that you've no problems on that front. I'd expect it not to make a difference, unless you're not catching the beginning of the connection in which case the further restriction will block the problem connections entirely. Then at least you'll have something to look at. Regards, Karl [EMAIL PROTECTED] Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein
Re: Borrow isn't borrowing much
On Tuesday, May 30, 2006, at 08:22 US/Pacific, Karl O. Pinc wrote: On 05/29/2006 10:06:32 PM, Trevor Talbot wrote: hfsc(linkshare) is what the bandwidth setting controls. If hfc(linkshare) and bandwidth are the same thing, then what happens if you specify both? The hfsc(linkshare) value is used. Unless it's 0, in which case bandwidth is used.
