[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

altq merged into pf



As you might have noticed, altq's functionality has been merged into pf.
This is a major piece of work started back in June. To make it as mature as
possible, we need your help with testing.
Here's how it works:
You enable altq on an interface in pf.conf, you define child queues, and 
assigh packets to queues on filter rules.
let's have a look at an example.
altq on dc0 scheduler cbq bandwidth 10Mb queue { std, http, mail, ssh }
queue	std bandwidth 10% cbq(default)
queue	http bandwidth 60% priority 2 cbq(borrow red) { employees, developers }
queue	 developers bandwidth 75% cbq(borrow)
queue	 employees bandwidth 15%
queue	mail bandwidth 10% priority 0 cbq(borrow ecn)
queue	ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk }
queue	 ssh_interactive bandwidth 100% priority 7
queue	 ssh_bulk bandwidth 100% priority 0
with "altq on <interface>" you enable altq for that interface. The only
scheduler supported right now is cbq (Class Based Queueing), others will
follow. with "queue { child1 child2 }" you specify the child queues.
The queues build a tree. The root queue you needed to specify in the old altq
is now created implicitely from the interface specification.
For each queue, you can specify the bandwidth - if you do it in % it is
relative to the parent queue -, a priority, and scheduler options.
Two scheduler options are of special interest:
default: all packets not assigned to another queue are assigned to this one. 
         You must have exactly one default queue.
borrow: The queue can borrow bandwidth from its parent as long as the parent
        has bandwidth available.
other scheduler options are explained in pf.conf(5).
you assign packets to a queue directly on the filter rules:
block return out on $ext_if inet all queue std
pass out on dc0 inet proto tcp from $developerhosts to any port 80 keep state \
	queue developers
pass out on dc0 inet proto tcp from $employeehosts to any port 80 keep state \
	queue employees
pass out on dc0 inet proto tcp from any to any port 22 tos 0x10 \
	keep state queue ssh_interactive #priority for interactive sessions
pass out on dc0 inet proto tcp from any to any port 22 tos 0x08 \
	keep state queue ssh_bulk        #less priority for scp/sftp/...
pass out on dc0 inet proto tcp from any to any port 25 keep state queue mail
We're doing something fance with ssh here. For interactive sessions, the Type
Of Service (tos) is set to 0x10, while it is 0x08 for non-interactive use
like scp and sftp. We use this to distinguish between them and assign a higher
priority to interactive sessions - obviously, delays are much more disturbing
there.
The queues loaded into the kernel can be viewed with pfctl -s queue.
You can seek for more information in pf.conf(5) as well as a sample ruleset
in /usr/share/pf/.
please test an report back. This is essential for OpenBSD 3.3 to become a
release of our usual high quality.