Quoting Tom Uffner <t...@uffner.com>:
eculp wrote:
I don't remember why but for some reason I have the idea that
pf+altq is not bidirectional. Am I mistaken?
no solution that does not involve cooperation from your upstream
connection(s) is truly bidirectional. it is easy to limit/shape
your outbound traffic. on the other hand it is difficult if not
impossible to unilaterally control the amount or sources of inbound
data arriving at your border router(s) on it's way to various
applications (mail servers, for example).
you can _pretend_ to by dropping, queuing or otherwise limiting it
once inside your network, but you cannot meaningfully prevent it from
using your downlink bandwidth and potentially crowding out other,
possibly more desirable, inbound data.
Hi, Tom.
Thanks for responding. As I read your answer and my question. I'm
pretty sure that I probably didn't ask the question properly. What I
need to do is be intermediary between my upstream ISP's and my
customers and would like to control the bandwidth hogs.
Basically, I want certain outgoing traffic based on port to go to ISP1
and all other, not blocked, ports to go to the other while limiting
the available internal bandwidth to each downstream client say to 64k
if and if borrowing is possible when traffic is low, great. I did
something like this with IPFW and dummynet maybe 6 or more years ago
and as I remember, worked and solved an immediate problem of
downstream demand not being distributed adequately or equitably. The
major differences were connection speed and there was only one isp.
I've looked at:
http://www.openbsd.org/faq/pf/pools.html
It ether doesn't do what I want or I don't understand how to make it
do what I want. I am considering going back to IPFW and dummynet but
now that I'm using PF, I am a bit lazy to try and integrate what I
have in pf to IPFW.
Thanks for any help, advice, configuration examples, etc.
ed
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
