Hello everybody! Pleased to meet you, my name is Alex, I am a network analyst who lives in Brazil and I'm new here in the list of OpenBSD. I started working recently with the system and I must say I am very pleased with the performance and simplicity to perform configuration and system resources.
Congratulations to the development team for the excellent work! =D Well, do not know if this problem has already gone through the list and if anyone can help me: I am setting up a laboratory in OpenBSD 4.6 and my desire is to apply a QoS policy to control the consumption of bandwidth on a LAN. I set up a simple scenario using VMWare to test: Internal Network - Internet (NAT VMware) - WebServer (NAT VMWare) 192.168.20.0/24 - 192.168.86.130/24 - 192.168.86.132/24 Unfortunately I am struggling to limit the bandwidth by up to a maximum of 128 Kbps for the local network as a whole and restrict the use of HTTP connections by 20%. I read the OpenBSD documentation found at this link (http://www.openbsd.org/faq/pf/queueing.html) and set the PF firewall to work with the CBQ as follows: # NAT (vic0 is my external network interface card and vic1 is my internal network interface card) nat on vic0 from vic1:network to any -> vic0:0 # Qos Rules # I want to deliver only 16 kbytes per second to my internal network, divided in two groups on this test: # 20% to use of http (25,6 Kbps or 3.2 Kbytes per second) # 80% to all of another services (102,4 Kbps or 12.8 kbytes per second) # Eu nco quero que uma fila filha pegue a largura de banda disponmvel na rede para ela. altq on vic0 cbq bandwidth 128Kb queue {std, http} queue std bandwidth 80% cbq(default, red) queue http bandwidth 20% cbq(red) # First, i've released the access to internet on all ports from my internal network: pass in on vic1 inet proto tcp from vic1:network to any keep state # Second, applied the rule with quick rule to make sure this will apply the queue http to limit traffic to 3.2 kbytes on port 80. pass out quick on vic0 inet proto tcp from any to any port 80 keep state queue http # Third, i've released all traffic. Is just to test. pass # to establish keep-state The problem is that even applying the rule I notice that I can make downloads via http at rates of 500 kilobytes per second (5 Mbps), even notifying them they should not take the band borrowed from the main queue. Also, notice that he is exceeding the stipulated limit of 128 Kbps. I tried to monitor traffic queues with the command pfctl -sq -vvv in debug mode and it is actually falling in the rule: queue root_vic0 on vic0 bandwidth 128Kb priority 0 cbq( wrr root ) {std, http} [ pkts: 69477 bytes: 4349645 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 39.8 packets/s, 17.19Kb/s ] queue std on vic0 bandwidth 102.40Kb cbq( red default ) [ pkts: 2215 bytes: 382255 dropped pkts: 245 bytes: 24762 ] [ qlength: 0/ 50 borrows: 0 suspends: 47 ] [ measured: 0.0 packets/s, 0 b/s ] queue http on vic0 bandwidth 25.60Kb cbq( red ) [ pkts: 67262 bytes: 3967390 dropped pkts: 538162 bytes: 29273235 ] [ qlength: 26/ 50 borrows: 0 suspends: 2221 ] [ measured: 39.8 packets/s, 17.19Kb/s ] Has anyone experienced this problem and can give me a hand? ^^'' Best wishes to all!
