|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
PF w/ ALTQ - Queue errors exceeding bandwidth
Hello all,
I've been trying to get PF ALTQ setup and for the life of me I cannot figure out what the errors below are meaning, or at least what they are asking me to change. I have tried playing around with the values with no luck! I'm hoping someone here can assist with setting this up. Before I get into the errors I will first outline what I am trying to accomplish with ALTQ. I have chosen to work with HFSC as it seemed like the best option for VOIP. If this was an incorrect choice please let me know. My ALTQ is supposed to help reduce network congestion as I am using both time sensitive and non-time sensitive services. However I would have preferred my total bandwidth to be shared by all the queues (borrow w/ CBQ) as I do not really care if one queue takes up most or all of the bandwidth as long as it gives it back when something like VOIP needs it. VOIP vs bittorent basically. So I am looking to firstly prioritize VOIP over everything so my calls still work while also making sure traffic still flows (even if it is slower) and finally I am trying to optimize the flow of Ack's as I am on an ADSL line. My ALTQ Section: Code:
altq on $ext_if bandwidth 600Kb hfsc queue { ack, dns, ssh, webftp, bitt, voip, rdpvnc, general } queue ack priority 7 qlimit 500 hfsc (realtime 20% red ecn) Note: I am not sure how much I should devote to ACK packets --comments? queue voip priority 6 qlimit 500 hfsc (realtime 65% red enc) queue dns priority 5 qlimit 500 hfsc (realtime 5% red ecn) queue ssh priority 4 qlimit 500 hfsc (realtime 2% red ecn) {ssh_login, ssh_bulk} queue ssh_login priority 4 qlimit 500 queue ssh_bulk priority 3 qlimit 500 rdpvnc priority 4 qlimit 500 hfsc (realtime 3% red ecn) webftp priority 4 qlimit 500 hfsc (upperlimit 70% red ecn) games priority 2 qlimit 500 hfsc (upperlimit 70% red ecn) bitt priority 3 qlimit 500 hfsc (upperlimit 80% red enc) general priority 1 qlimit 500 hfsc (upperlimit 75% red ecn default) Code:
pfctl: linkshare sc exceeds parent's sc /etc/pf.conf:34: errors in queue definition pfctl: the sum of the child bandwidth higher than parent "root_fxp0" pfctl: linkshare sc exceeds parent's sc /etc/pf.conf:35: errors in queue definition parent ssh not found for ssh_login /etc/pf.conf:36: errors in queue definition Line 35 as an example is the start of my SSH queue ....and on and on... Code:
pass out quick on $ext_if inet proto udp from any to any port 5060 keep state queue (voip, ack) pass out quick on $ext_if inet proto udp from any to any port domain keep state queue (dns, ack) pass out quick on $ext_if inet proto tcp from any to any port ssh modulate state queue (ssh_bulk, ssh_login) pass out quick on $ext_if inet proto (tcp, udp) from any to any keep state queue (general, ack) and I have one for each queue... Anyway hope someone can help! |
Tags |
altq, openbsd 4.3, pf |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PF-queue | ultranothing | OpenBSD Security | 3 | 1st September 2009 05:24 PM |
Webserver email queue | Yuka | FreeBSD General | 5 | 12th November 2008 12:52 AM |
ALTQ Question regarding | RudiK | FreeBSD Security | 4 | 23rd July 2008 01:59 PM |
[PF] Problem with ftp and ALTQ | gotian | FreeBSD Security | 1 | 22nd July 2008 11:25 PM |
Queuing with PF and ALTQ | Weaseal | FreeBSD Security | 1 | 22nd July 2008 05:18 PM |