|
|||
I need help setting up queues.
I have a T1 and I am breaking it down into 4 parts Ack, voip, mail, and bulk(everything else). The main problem we face is people downloading steaming videos or are even downloading large files. I know that portion of altq doesn't work as well because you can't stop the other person from sending data. It should help by allowing the router to at least see that mail or VOIP is coming though and allow it priority right?
External interface Code:
altq on $extif bandwidth 1.5Mb hfsc queue {e_ack, e_voip, e_network} queue e_ack bandwidth 1% priority 7 qlimit 50 hfsc (realtime (450Kb, 10000, 225Kb)) queue e_voip bandwidth 1% priority 6 qlimit 50 hfsc (realtime (300Kb, 20000, 190Kb)) queue e_network bandwidth 1% priority 5 qlimit 50 hfsc (realtime 450Kb linkshare (1200Kb, 20000, 500Kb)) {e_mail, e_bulk} queue e_mail bandwidth 40% priority 7 qlimit 50 hfsc (linkshare (40%, 15000, 25%)) queue e_bulk bandwidth 40% priority 6 qlimit 50 hfsc (linkshare 40% default) Code:
altq on $intif bandwidth 1Gb hfsc queue {ext, int} queue ext bandwidth 1.5Mb hfsc {i_ack, i_voip, network } queue i_ack bandwidth 1% priority 7 qlimit 50 hfsc (realtime (400Kb, 10000, 225Kb)) queue i_voip bandwidth 1% priority 6 qlimit 50 hfsc (realtime (300Kb, 20000, 190Kb)) queue network bandwidth 1% priority 5 qlimit 50 hfsc (realtime 450Kb linkshare (1200Kb, 20000, 500Kb)) {i_mail, i_bulk} queue i_mail bandwidth 40% priority 7 qlimit 50 hfsc (linkshare (180Kb, 15000, 112Kb)) queue i_bulk bandwidth 40% priority 6 qlimit 50 hfsc (linkshare (180Kb, 15000, 112Kb ) default) queue int bandwidth 997Mb hfsc Code:
match out on $extif proto tcp from $mailserver port 25 to any queue (e_mail, e_ack) match out on $intif proto tcp from any to $mailserver port 25 queue (i_mail, i_ack) Code:
rule 24/(match) pass in on em1: 192.168.5.20.39098 > 209.85.223.42.25: S 1692899968:1692899968(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) Let me know if you need more information about the setup. |
|
|||
The other post can probably be deleted and moved here or something but looking at your previous post.
Code:
altq on $external_nic cbq bandwidth 2Mb queue {std-out, torrent-out} queue std-out on $external_nic bandwidth 1Mb cbq (borrow, default) queue torrent-out on $external_nic bandwidth 1Mb cbq (borrow,ecn) altq on $internal_nic cbq bandwidth 100Mb queue {std-in, torrent-in} queue std-in on $internal_nic bandwidth 94Mb cbq (borrow, default) queue torrent-in on $internal_nic bandwidth 6Mb cbq (borrow, ecn) Code:
match in proto {tcp udp} from any to any port $tor-low queue torrent-in match out proto {tcp udp} from any port $tor-low to any queue torrent-out match in proto {tcp udp} from any to any port $tor-high queue torrent-in match out proto {tcp udp} from any port $tor-high to any queue torrent-out pass in log quick on $external_nic proto {tcp udp} from any to any port $tor-low \ rdr-to 192.168.1.42 port $tor-low pass in log quick on $external_nic proto {tcp udp} from any to any port $tor-high \ rdr-to 192.168.1.42 port $tor-high Now lets say you have a mail server and there are no states yet. So some mail server begins to transmit information to you it is forwarded to the the server and the state is created. While we are still receiving data from this server lets say a user sends this server a message does this create another state with that server or does it use the existing one? |
|
||||
A -state- is a communication between two IP addresses and, for TCP/UDP, the ports associated with both ends. If a different IP address is used, it is a different state. If a different port is used, it is a different state.
TCP is stateful, the state is established with a 3-way hand shake and remains until termination. UDP is stateless, the state is established by traffic, and maintained by PF according to a timeout setting. Other IP protocols (see /etc/protocols) are either stateful or stateless, and are managed by PF in similar fashion. Quote:
As I've said before, set all queues to shape -outbound- traffic. Not outword from your network, but rather, from the router's -- and PF's -- perspective. Note my queues: "std-in" and "torrent-in" are -outbound- queues that happen to be on the -internal- NIC. ----- To shape traffic, you must understand that traffic. For SMTP, as an example, the -destination- port is 25. The initiating port number from a remote server (or mail client) is random. |
|
|||
I think it finally clicked.
In the case with SMTP I can only work with the destination port because like you said the source port is random. I really do understand that you can only work with the outbound on the interface. Like if you are downloading something it is coming in the external interface and exits on the internal interface while the return traffic would be sent into the internal interface and out the external interface but it would be riding on the state the was created by the first connection. Which in my case I want to control the rate at which someone downloads I would create a rule that looks at the return traffic on either the external interface and add it to the correct queue? So for my example to add smtp to the queue I would do. Code:
match in on $extif proto tcp from any to any port 25 queue (i_mail, i_ack) match out on $extif proto tcp from any to any port 25 queue (e_mail, e_ack) Last edited by MarcRiv; 11th November 2009 at 10:02 PM. Reason: Horrible spelling errors |
|
||||
Well, I'm not sure about the use of multiple queue names and HFSC, as I mentioned above.
But yes, in general, you've got it. The pass or match rule applies the queue name, as an attribute, to the state. The altq rules describe how the queue is then applied, on outbound traffic. To better understand existing states, use the states screen in systat(8). |
|
||||
Quote:
Code:
pass in on $extif inet proto tcp \ from any to ($extif:0) port 25 \ keep state queue(i_mail,i_ack)
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience. |
Tags |
altq, hfsc, pf traffic shaping, queue |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Setting up nameservers | paran0iaX | OpenBSD General | 11 | 13th March 2009 12:16 PM |
getting and setting time from router | michaelrmgreen | General software and network | 1 | 5th February 2009 01:58 PM |
help for setting ezjail? | bgobs | FreeBSD General | 13 | 15th June 2008 10:50 AM |
Setting Up MPD | benjgvps | FreeBSD General | 0 | 21st May 2008 12:20 PM |
thanks for setting this up | DraconianTimes | Off-Topic | 8 | 5th May 2008 08:14 AM |