Re: traffic shaping using pf
I take it from the silence that the answer is that pf lacks this functionality at the moment. Bother :) What would the overhead be of setting up a queue for every source address (1024 of them) ? Will this impact performance? R Russell Fulton wrote: Thanks for your response Paul (and Andrew). I had read this doc and if this is straight forward then I am clearly missing something (it would not be the first time ;). I can't see how to get individual child queues, each of 128Kbps for each active IP address on the inside with out defining them all in the pf.conf (in this case 1024 child queues). All the examples show static assignment of address blocks or ports to predefined queues. what we want to do is to allow throttled access to the Internet from our wireless network while allowing full speed access to the campus network. And we want the throttling to be on a per user basis not on an aggregate basis. ipfw does this by having a (src|dst)mask parameter which essentially creates a new queue for each unique value of the address mask.
Re: traffic shaping using pf
On Mon, Sep 03, 2007 at 10:22:53PM +1200, Russell Fulton wrote: I take it from the silence that the answer is that pf lacks this functionality at the moment. Bother :) Yes, that's correct. What would the overhead be of setting up a queue for every source address (1024 of them) ? Will this impact performance? I think the maximum number of classes is 256 for CBQ and 64 for HFSC, see sys/altq/altq_cbg.h CBQ_MAX_CLASSES and altq_hfsc.h HFSC_MAX_CLASSES. You can increase those, it looks like the worst effect is that the list/array is traversed linearly, so 1024 would be four times as costly as 256, i.e. I'd expect acceptable. Daniel
Re: traffic shaping using pf
Thanks for your response Paul (and Andrew). I had read this doc and if this is straight forward then I am clearly missing something (it would not be the first time ;). I can't see how to get individual child queues, each of 128Kbps for each active IP address on the inside with out defining them all in the pf.conf (in this case 1024 child queues). All the examples show static assignment of address blocks or ports to predefined queues. what we want to do is to allow throttled access to the Internet from our wireless network while allowing full speed access to the campus network. And we want the throttling to be on a per user basis not on an aggregate basis. ipfw does this by having a (src|dst)mask parameter which essentially creates a new queue for each unique value of the address mask. Cheers, Russell Paul Matlock wrote: On Fri, 2007-31-08 at 13:17 +1200, Russell Fulton wrote: Hi Folks We have a requirement where we want to limit each IP address to a set bandwidth. To be explicit we have a wireless network which is connected to our main network and the Internet through a firewall. We have things set up so that each user on the wireless network can send no more than 128Kb to the Internet while having unthrottled access to the campus network. Currently we are doing this with ipfw under freebsd and I would like to move this over to pf but I can't see any way of setting up dynamic queues. This should be rather trivial to do, check out the pf doc http://www.openbsd.org/faq/pf/queueing.html -Paul
Re: traffic shaping using pf
On Fri, 2007-31-08 at 13:17 +1200, Russell Fulton wrote: Hi Folks We have a requirement where we want to limit each IP address to a set bandwidth. To be explicit we have a wireless network which is connected to our main network and the Internet through a firewall. We have things set up so that each user on the wireless network can send no more than 128Kb to the Internet while having unthrottled access to the campus network. Currently we are doing this with ipfw under freebsd and I would like to move this over to pf but I can't see any way of setting up dynamic queues. This should be rather trivial to do, check out the pf doc http://www.openbsd.org/faq/pf/queueing.html -Paul
traffic shaping using pf
Hi Folks We have a requirement where we want to limit each IP address to a set bandwidth. To be explicit we have a wireless network which is connected to our main network and the Internet through a firewall. We have things set up so that each user on the wireless network can send no more than 128Kb to the Internet while having unthrottled access to the campus network. Currently we are doing this with ipfw under freebsd and I would like to move this over to pf but I can't see any way of setting up dynamic queues. Am I missing something? Russell.
Re: Exchange server traffic shaping using pf/altq
On Monday, Jul 7, 2003, at 12:47 US/Pacific, ALEX POPOV wrote: Here's the problem: Company has several branches, connected over VPN and a centr al Exchange server. Because of the slow connections to the internet and large nu mber of branches/users email is increadibly slow especially during morning hours . I was wondering if somebody have any ideas how altq could be used allocate bandw idth for email in this scenario. I can split the bandwidth for branches based on subnet addresses, but this will not separate exchange related trafic from, let' s say http or file transfer. Does anyone know which ports are used by Exchange or have any other ideas on thi s. A quick search revealed these two MSKB articles: http://support.microsoft.com/?kbid=155831 http://support.microsoft.com/?kbid=176466 Summary: POP3 and IMAP4 clients are easy, static ports; Outlook clients are a problem, due to dynamic ports. Exchange can be set to use a specific range of ports, and you can have pf/altq use those. Is there any reason you can't just use the Exchange server's IP address? It would be simpler (and more accurate) than chasing dynamic ports.
