PF + ALTQ/HFSC - Queuing Problems - BSD

This is a discussion on PF + ALTQ/HFSC - Queuing Problems - BSD ; Hello, Today I tried to clean up my network's pf.conf. It's a small lan that covers around 20 flats and uses ADSL (8mbps in, 1mbps out) as a network gateway. I wanted to grant each flat an equal guaranteed bandwidth, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: PF + ALTQ/HFSC - Queuing Problems

  1. PF + ALTQ/HFSC - Queuing Problems

    Hello,

    Today I tried to clean up my network's pf.conf. It's a small lan that
    covers around 20 flats and uses ADSL (8mbps in, 1mbps out) as a network
    gateway.

    I wanted to grant each flat an equal guaranteed bandwidth, and also have
    a separate group of VIP addresses that would have much faster access.
    This is the pf.conf of mine:

    *** PF.CONF ***

    # GWDUMP pf.conf

    ext_if="xl0" # INTERNET: DSL @ 3Com
    int_if="em0" # 3Com: Intel eepro/1000
    internal_net="10.48.1.0/24" # LAN
    external_addr="69.69.69.2" # /29, Routed via 69.69.69.1

    # Options: tune the behavior of pf, default values are given.
    set timeout { interval 10, frag 30 }
    set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
    set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
    set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
    set timeout { icmp.first 20, icmp.error 10 }
    set timeout { other.first 60, other.single 30, other.multiple 60 }
    set timeout { adaptive.start 0, adaptive.end 0 }
    set limit { states 10000, frags 5000 }
    set loginterface none
    set optimization normal
    set block-policy drop
    set require-order yes
    set fingerprints "/etc/pf.os"

    # Normalization: reassemble fragments and resolve or reduce traffic
    ambiguities.
    scrub in all

    # ALTQ - HFSC

    altq on $int_if bandwidth 1000Mb hfsc(linkshare 800Kb upperlimit 1000Mb)
    queue { nusers_out, vusers_out, lan_out }

    queue nusers_out bandwidth 170Kb hfsc(linkshare 170Kb upperlimit 700Kb)
    { no_3, no_4, no_5, no_6, no_7, no_8, no_9, no_11, no_13, no_14, no_15,
    no_16, no_17, no_19, no_24, no_27, no_0 }
    queue no_3 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_4 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_5 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_6 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_7 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_8 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_9 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_11 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_13 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_14 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_15 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_16 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_17 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_19 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_24 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_27 bandwidth 10Kb priority 5 hfsc(realtime 10Kb upperlimit 200Kb)
    queue no_0 bandwidth 10Kb priority 5 hfsc(default realtime 10Kb
    upperlimit 200Kb)
    queue vusers_out bandwidth 630Kb priority 3 hfsc(realtime 100Kb
    linkshare 630Kb upperlimit 800Kb)
    queue lan_out bandwidth 999Mb

    altq on $ext_if bandwidth 8192Kb hfsc(linkshare 7192Mb upperlimit
    8192Mb) queue { int_nusers_in, int_vusers_in }

    queue int_nusers_in bandwidth 1000Kb priority 5 hfsc(default, ecn)
    queue int_vusers_in bandwidth 7192Kb priority 3 hfsc(ecn)

    # (BI)NAT

    nat on $ext_if from $internal_net to any -> 69.69.69.2
    binat on $ext_if from 10.48.1.3 to any -> 69.69.69.3
    binat on $ext_if from 10.48.1.4 to any -> 69.69.69.4
    binat on $ext_if from 10.48.1.5 to any -> 69.69.69.5
    binat on $ext_if from 10.48.1.6 to any -> 69.69.69.6
    rdr on $ext_if proto tcp from any to any port 4899 -> 10.48.1.81 port 4899


    # Filtering: the implicit first two rules are
    pass in all
    pass out all

    # QUEUES

    table { 10.48.1.0/24, !10.48.1.3, !10.48.1.4, !10.48.1.5,
    !10.48.1.6, !10.48.1.115, !10.48.1.116, !10.48.1.215, 69.69.69.2 }
    table { 10.48.1.103 }
    table { 10.48.1.104 }
    table { 10.48.1.105 }
    table { 10.48.1.106 }
    table { 10.48.1.107 }
    table { 10.48.1.108 }
    table { 10.48.1.109 }
    table { 10.48.1.111 }
    table { 10.48.1.213, 10.48.1.223 }
    table { 10.48.1.114 }
    table { 10.48.1.115, 10.48.1.215 }
    table { 10.48.1.116 }
    table { 10.48.1.117, 10.48.1.201, 10.48.1.211 }
    table { 10.48.1.119 }
    table { 10.48.1.124 }
    table { 10.48.1.127 }
    table { 10.48.1.99 }
    table { 0.0.0.0/0, !10.48.1.0/24 }
    table { 10.48.1.3, 10.48.1.4, 10.48.1.5, 10.48.1.6,
    10.48.1.115, 10.48.1.116, 10.48.1.215, 69.69.69.3, 69.69.69.4,
    69.69.69.5, 69.69.69.6 }

    pass out on $int_if from to queue no_3
    pass out on $int_if from to queue no_4
    pass out on $int_if from to queue no_5
    pass out on $int_if from to queue no_6
    pass out on $int_if from to queue no_7
    pass out on $int_if from to queue no_8
    pass out on $int_if from to queue no_9
    pass out on $int_if from to queue no_11
    pass out on $int_if from to queue no_13
    pass out on $int_if from to queue no_14
    pass out on $int_if from to queue no_15
    pass out on $int_if from to queue no_16
    pass out on $int_if from to queue no_17
    pass out on $int_if from to queue no_19
    pass out on $int_if from to queue no_24
    pass out on $int_if from to queue no_27
    pass out on $int_if from to queue no_0

    pass out on $ext_if from any to queue int_nusers_in
    pass out on $ext_if from any to queue int_vusers_in

    *** /PF.CONF ***

    My plan was to start with the outgoing connections and if that worked I
    wanted to add another set of queues (ni_3, ni_4, ..., ni_27) for the
    incoming ones (and also put it on int_if).

    The problem is that assigning packets to appropriate queues doesn't work
    at all. Everything simply goes into default ones.

    Any ideas what I'm doing wrong?

    Regards,
    --
    Tomasz Pawełek - tompaw@tompaw.pl

  2. Re: PF + ALTQ/HFSC - Queuing Problems

    Problem solved. I used tagging on internal interface and queuing on
    external one.

    --
    Tomasz Pawełek - tompaw@tompaw.pl

+ Reply to Thread