Contributed by jose on from the throttle dept.
"I would like to know if it is possible for me to use my openbsd firewall to dynamically limit bandwith on a per computer and/or time of the day basis, to effectively limit bandwith hogging that occurs with certain users/programs?While the altq daemon can be used to limit bandwidth, is there anything out there that dynamically responds to bandwidth consumption which is available for OpenBSD? Does anyone have a good introduction to setting up the altqd(8) process, as I recall it's configuration was pretty heavy.regards
Stephane"
(Comments are closed)
By Christopher () anub-deadly-20020925@open.mine.nu on mailto:anub-deadly-20020925@open.mine.nu
man altq.conf does give useful info. Its syntax is...unique, but certainly doable.
By Chris Wage () cwage@agenteight.com on http://chris.agenteight.com/
By Eric () seamoor@thedeepsky.com on mailto:seamoor@thedeepsky.com
If you want to run ALTQ on the internal interface, then you can pretty much do it, but I didn't want to throttle bandwidth on the internal lan.
Good luck.
-E
Comments
By Chris Wage () cwage@agenteight.com on http://chris.agenteight.com/
That's not entirely true. ALTQ is just what it sounds like.. it's queueing. You can queue traffic on any interface -- external or internal. If you queue on your external interface, you effectively rate-limit outgoing traffic.
Likewise, if you queue on an internal interface, you can *affect* incoming traffic. Packets will come to your external interface at the rate they come no matter what you do -- but if you queue packets going out the internal interface, you can slow the process down -- effectively simulating congestion and eventually slowing down the process.
Perhaps someone more experience with packet queueing and congestion can speak more specifically to what happens in this circumstance.
Comments
By Eric () seamoor@thedeepsky.com on mailto:seamoor@thedeepsky.com
The other big problem with running ALTQ on the interface that I didn't mention is that if you are on a 100MB lan, and you want high throughput (ie ~100MB for some traffic like between the firewall and the internal clients) for some ip/ports, but not others (ie. you want 'em alt-q'd), you can only go down to 1% of the interface's bandwidth for CBQ (which is 1Mb of a 100Mb connection). The problem with this is that 1Mb is more than most people have for their Internet connection.
-E
Comments
By Rafael Coninck Teigao () on http://safecore.net
For instance:
#
# cbq configuration for vx0 (10Mbps ether)
# give at least 40% to TCP
# other traffic goes into default class
#
interface vx0 bandwidth 10M cbq
#
class cbq vx0 root_class NULL priority 0 pbandwidth 100
class cbq vx0 def_class root_class borrow pbandwidth 95 default
class cbq vx0 tcp_class def_class borrow pbandwidth 40
filter vx0 tcp_class 0 0 0 0 6
class cbq vx0 csl_class tcp_class pbandwidth 10 red
filter vx0 csl_class 0 0 133.138.1.0 netmask 0xffffff00 80 6
filter vx0 csl_class 133.138.1.0 netmask 0xffffff00 0 0 80 6
This way, I think csl_class has only 10% of the tcp_class, that has only 40% of the default_class, that has only 95% of the root_class.
Not sure if this works how I think (haven't got time to test it), but I guess so.
[]'s.
By Anonymous Coward () on
Its completely driven by configuration -- you can easily throttle any interface/IP/network you want.
By Anonymous Coward () on
By RC () on
By Jacek Artymiak () on http://www.onlamp.com/pub/ct/58
Comments
By W () on
By stick () yli@wtwh.com.cn on mailto:yli@wtwh.com.cn
I don't find it on http://www.onlamp.com/pub/ct/58
?
can you tell me ?
By Anonymous Bastard () notme@nothere.com on mailto:notme@nothere.com
Sounds simple enough, but ALTQ makes Sendmail config files look like poetry :)
Comments
By W () on
tbrconfig your-nic 2M auto
man tbrconfig for more information.
Comments
By Anonymous Coward () on
By Dan () on
What I like the most is the fact that for TCP it not using queues at all. It change the windows size inside the packets and delays ack. With that method of doing QOS you can control the bandwith of incoming TCP packets!
Can altq do TCP shaping?
Comments
By Anonymous Coward () on
but it can do diffserv QoS, i.e. some packets are dropped in preference to others for a single application stream.
it also does very fine grain queuing using HFSC on output queues, which is how i use it.
and on a 2 NIC firewall, _all_ packets go through an output queue on one of the NICs. ALTQ has the facility to do input queue stuff - but I haven't tried that yet.
By stick () yli@wtwh.com.cn on mailto:yli@wtwh.com.cn
By stick () yli@wtwh.com.cn on mailto:yli@wtwh.com.cn
the first one is like yours . It seems that altqd of openbsd hasn't the function like linux that users who belong to one subnet can share band given dynamically . You must set for every user/IP and add a parameter 'borrow' to the rule ,then you can get the effort like in linux .
the second is :
I have one nic ,run altqd on it in a server machine . I test like this
a.download one file 100MB from the server machine in a client machine through ftp . It does work and the result is good.
b.upload one file 100MB to the server machine in a client machine through ftp. the rulees don't work. the bytes run into default rule.
c.downoad and upload run at same time .upload does work like just download and not upload . The upload has a very low band .
I don't know how to express the result .
I think maybe ,the altqd in openbsd is not complete and some places error .
the conf file is the following :
interface le1 bandwidth 1600k cbq
class cbq le1 root NULL pbandwidth 100
#
# meta classes
#
class cbq le1 ctl_class root pbandwidth 5 control
class cbq le1 default_class root borrow pbandwidth 15 default
class cbq le1 hostother root borrow pbandwidth 20
filter le1 hostother 0 0 0 0 6
filter le1 hostother 0 0 0 0 6
class cbq le1 host141 root borrow pbandwidth 20
filter le1 host141 10.1.1.141 0 0 0 6
filter le1 host141 0 0 10.1.1.141 0 6
class cbq le1 host195 root pbandwidth 15
filter le1 host195 name host1951 ruleno 1 10.1.1.195 0 0 0 6
filter le1 host195 name host1952 ruleno 2 0 0 10.1.1.195 0 6
class cbq le1 host17 root borrow pbandwidth 25
filter le1 host17 10.1.1.17 0 0 0 6
filter le1 host17 0 0 10.1.1.17 0 6
--------------------------------------------
how sb give me a RE ,3x£¡