|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Altq on multi wan and multi zone environment
Hi
I am using an OpenBSD 5.1 box with multible interfaces and Altq and I would like to have your thoughts about my design and configuration. Here is my setup My firewall has 4 Intel Gb interfaces. One interface is used for 2 Internet feeds (vlans) with Multi-Home BGP, 1 for Extranet (Web Servers, Mail Servers and DNS), 1 for DMZ (untrasted customer servers) and 1 for VoIP Services (SIP Proxy, RTP Proxy, Softswitch). What I would like to do is to give full priority to VoIP Service no matter what and have the other services run on best efford. So I have created one Altq for each interface. The two public internet interfaces 4Mb each have the following altq config Code:
altq on $bgp1_if hfsc bandwidth 3.9Mb queue { synq_voip_main, synq_other_main } queue synq_voip_main bandwidth 30% hfsc {synq_voip} queue synq_voip bandwidth 100% priority 6 qlimit 500 hfsc (realtime 110Kb) queue synq_other_main bandwidth 70% hfsc {synq_acks, synq_interactive, synq_web, synq_mail, synq_ftp, synq_default} queue synq_acks bandwidth 10% priority 7 qlimit 500 hfsc (realtime 5%) queue synq_interactive bandwidth 10% priority 5 qlimit 500 hfsc (realtime 5% upperlimit 2Mb) queue synq_web bandwidth 30% priority 4 qlimit 500 hfsc (realtime (50%, 10000, 10%) ecn upperlimit 3Mb) queue synq_mail bandwidth 20% priority 3 qlimit 500 hfsc (ecn upperlimit 3Mb) queue synq_ftp bandwidth 5% priority 2 qlimit 500 hfsc (ecn upperlimit 1Mb) queue synq_default bandwidth 25% priority 1 qlimit 500 hfsc (default ecn upperlimit 3Mb) Code:
altq on $voice_if hfsc bandwidth 900Mb queue {voiceq_out, voiceq_default} queue voiceq_out bandwidth 3.9Mb hfsc {voiceq_acks, voiceq_voip, voiceq_interactive, voiceq_web, voiceq_mail, voiceq_ftp} queue voiceq_acks bandwidth 20% priority 7 qlimit 500 hfsc (realtime 5%) queue voiceq_voip bandwidth 50% priority 6 qlimit 500 hfsc (realtime 110Kb) queue voiceq_interactive bandwidth 10% priority 5 qlimit 500 hfsc (realtime 5% upperlimit 2Mb) queue voiceq_web bandwidth 10% priority 4 qlimit 500 hfsc (realtime (20%, 10000, 10%) ecn upperlimit 3Mb) queue voiceq_mail bandwidth 5% priority 3 qlimit 500 hfsc (ecn upperlimit 3Mb) queue voiceq_ftp bandwidth 5% priority 2 qlimit 500 hfsc (ecn upperlimit 1Mb) queue voiceq_default bandwidth 896Mb priority 1 qlimit 500 hfsc (default) Example. Server 1 at Extranet starts downloding a file from web and get 4Mb speed, Server 2 at DMZ does the same so Server 2 will try to get 4Mb also and finally Server 3 at VoIP starts a callout. Moreover having 2x4Mb bandwidth with BGP I do not know from which interface the traffic will come in. Hence limiting the inbound queues to 4Mb instead of 8Mb I am using just the half of my feed. Any best practice on that o reference to read? Thank you in advance |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Multi-Path or Route-To? | SlyM | OpenBSD General | 25 | 1st July 2016 04:21 PM |
Managing multi platform accounts | bsdperson | FreeBSD General | 1 | 27th August 2010 11:46 AM |
Multi media designer forum? | Broodjegehaktmetmayo | Off-Topic | 0 | 11th April 2010 04:24 PM |
Multi-boot system with Mac | aleunix | Other BSD and UNIX/UNIX-like | 3 | 13th June 2008 12:16 AM |
NIS in a multi-system universe? | jimbus | FreeBSD General | 3 | 30th May 2008 03:57 AM |