Contributed by jose on from the speedier-downloads dept.
"If you're using an ADSL connection, this little article might be useful to you (it certainly is for me). Otherwise it shows some of the new ALTQ syntax in pf.conf, and there are nice graphs, too :)"Daniel and PF kick butt, that is all. I first found this via a message to the PF list from Daniel on the subject.
(Comments are closed)
By grey () on
Yet again - pf pulls through. Whenever the hint-dropped failover implementation comes (is 3.4 too hopeful?) I think pf will be ready to wipe the mat.
Kudos to Henning, Daniel et al - yet again!
Comments
By Philipp () pb@ on mailto:pb@
think about anchors and tables and your own daemon
checking if the service is *really* still
available.. it already works ;)
an in-kernel check via ping or tracking tcp
handshakes is only bloat and wont really gain
anything wrt reliability..
pb
By Anonymous Coward () on
http://lartc.org/
http://lartc.org/wondershaper/
I'm not trolling, I'm just glad this is going to be in 3.3. I really didn't want to switch back to using linux on my firewall/router.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By matt ostiguy () matt at ostiguy.com on mailto:matt at ostiguy.com
By Anonymous Coward () on
For educational purpose i'll post the script. Author unknown. Here it is:
#!/usr/local/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
# (EDIT THESE)
DOWNLINK=1024
UPLINK=256
DEV=random
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
###### uplink
# install root CBQ
tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class
tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit
allot 1500 prio 5 bounded isolated
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit
allot 1600 prio 1 avpkt 1000
# bulk and default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit
allot 1600 prio 2 avpkt 1000
# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32
match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 12 u32
match ip protocol 6 0xff
match u8 0x05 0x0f at 0
match u16 0x0000 0xffc0 at 2
match u8 0x10 0xff at 33
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
tc filter add dev $DEV parent 1: protocol ip prio 13 u32
match ip dst 0.0.0.0/0 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
Comments
By Anonymous Coward () on
By Anonymous Coward () on
You are real QoS expert (tm)
Comments
By Anonymous Coward () on
2) read the fucking comments (tm)
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Troll () on
By ac () on
http://lartc.org/wondershaper/
By Anonymous Coward () on
Comments
By Henning () henning@cvs.openbsd.org on mailto:henning@cvs.openbsd.org
Comments
By IIorT () on
By Anonymous Coward () on
Comments
By IIorT () on
By Henning () henning@cvs.openbsd.org on mailto:henning@cvs.openbsd.org
By Andy () on
Comments
By Daniel Hartmeier () daniel@benzedrine.cx on http://www.benzedrine.cx/pf.html
So the reason for the 'pass in ... keep state queue (...)' rule is to enqueue the outgoing replies for incoming connections.
Comments
By Robert Mooney () on
Comments
By Daniel Hartmeier () daniel@benzedrine.cx on http://www.benzedrine.cx/pf.html
In -current, there's a port under ports/net/pfstat.
By Henning () henning@cvs.openbsd.org on mailto:henning@cvs.openbsd.org
HOWEVER... in the typical case where you are forwarding, inbound on $ext_if means outbound on $int_if, and you can do the assignment to queues living on $int_if with rules on $ext_if.
also keep in mind we are stateful.
thus,
pass in on $ext_if keep state queue blah
might not have effect on the incoming packets, including and expecially the one(s) that create the state, but on the outbound packets matching the state entry created from this rule.
By AC () on
Comments
By Sam () on
By Anonymous Coward () on
interface bandwidth K wfq
needs kernel rebuild (GENERIC will not do)
a bit different but works most of the time ie - automagically assigns ack queue a fair share of resources and slows tcp data output to reasonable speed to efficiently use all of data channel
By Anonymous Coward () on
interface (interface) bandwidth (subscribed)K wfq
By Anonymous Coward () on
Yes, you can do other traffic shaping now, but not what you want.
if you want to know more about what you can do in 3.2, run "man altq".
By Henning () henning@cvs.openbsd.org on mailto:henning@cvs.openbsd.org
By Anonymous Coward () on
It seems pf has gotten way better than I would've ever dared to dream :)
Can't hardly wait for 3.3 :)
Comments
By Jason Dixon () jwdixon1@yahoo.com on http://www.jasondixon.net
-J.
By thebiMbo () on
Have you evere looked at that one !?
Regards
By Mark () mark@hornclan.com on mailto:mark@hornclan.com
Can someone describe a test for me that would demonstrate the problem? I've tried uploading a large file while downloading another large file, and been able to max the bandwidth in both directions.
What am I missing?
Comments
By Anonymous Coward () on
there is nothing by default.
some providers do queuing and you will not notice any problem whatsoever.
you need at least two downloads or two uploads to spot difference.
By jakennedy () on
Comments
By Henning () henning@cvs.openbsd.org on mailto:henning@cvs.openbsd.org
Comments
By jakennedy () on
By jakennedy () on