Hi,
I think I was very unclear defining my requirements... I now try to explain it
better ;-)
Here is a snipper of my pf.conf (this machine is a bridge firewall):
[...]
table <PIANO_SECONDO> { 10.103.12.0/24, 10.113.14.0/24, 10.113.15.0/24, 10.113.16.0/24, 10.113.17.0/24, 10.113.18.0/24, 10.113.19.0/24, 10.113.20.0/24,
10.113.21.0/24 }
[...]
altq on em0 bandwidth 60Mb hfsc queue { up_pick, up_cli, up_buo, up_buo2,
up_1, up_2, up_T, up_sl, up_pl }
queue up_pick bandwidth 5% priority 7 qlimit 50 hfsc ( rio, realtime 3%
)
queue up_buo bandwidth 30% priority 6 qlimit 30 hfsc ( rio, realtime 30%
)
queue up_pl bandwidth 3% priority 5 qlimit 30 hfsc ( rio, realtime
3%, upperlimit 80% )
queue up_T bandwidth 15% priority 4 qlimit 30 hfsc ( rio, realtime
12%, upperlimit 80% )
queue up_1 bandwidth 15% priority 4 qlimit 30 hfsc ( rio, realtime
12%, upperlimit 80% )
queue up_2 bandwidth 15% priority 4 qlimit 30 hfsc ( rio, realtime
12%, upperlimit 80% )
queue up_sl bandwidth 2% priority 2 qlimit 15 hfsc ( red, realtime
2%, upperlimit 40%, default )
[...]
pass quick on em0 from <PIANO_TERRA> queue up_T label "pt up"
pass quick on em0 from <PIANO_PRIMO> queue up_1 label "p1 up"
pass quick on em0 from <PIANO_SECONDO> queue up_2 label "p2 up"
[...]
With this setup I know that all IPs of <PIANO_SECONDO> share a minimum bandwidth of 12% and at any given time all that IPs (cumulatively) cannot use more than
80% (of 60Mbit/s).
Suppose one IP of <PIANO_SECONDO> starts a p2p software that consumes all the
80%. All other IPs of that table shares that 80% so they experience bad connectivity.
What I need is to able to write something like this:
queue up_2 bandwidth 15% priority 4 qlimit 30 hfsc ( rio, realtime 12%,
upperlimit 80%, ip-bandwidth(upperlimit (100%, 60, 20%) ) )
where ip-bandwidth(upperlimit (100%, 60, 20%) ) tells PF that every single source IP have an upperlimit of 100% for the first minute and of 20% from the 61th
second. 100 and 20 % refers to the "shared" upperlimit already specified in that queue. (more precisely: every ip connection matched by rules that use that queue)
I think that now (with the actual implementation of PF) I'd have to define a
separate queue for each IP to achive such an upperlimit.
Hope that this makes sense to you and gives you a clearer idea of what I need.
p.s.: my subject have a typo. Is "maximum", not "minimum" !
Thanks again,
Leonardo
On 19/05/2011 15:03, Gilbert Fernandes wrote:
I would suggest CBQ (class based queuing) with RED (random early dropping)
dhcpd server giving "static ips" according to MAC, and then enforcing bandwidth
using ALTQ. Defining a CBQ with bandwidth, some bandwidht reserved for some
IP and not forgetting to create a default class to have all others without
reserved
bandwith fall inside of it, with a specific/maximal bandwidth allowed.
CBQ is easy to use. with a single line you can define a CBQ on an interface,
and declare how much bandwith the whole link has. then, you create classes
(according to IP or any other scrub that is adapted to your case). not setting
borrow is advised, to make sure reserved bandwidth is immediatly available.
last time i extensively used ALTQ was in 2000/2001 and at that time, altq and
pf were in two separate files i think, i'm not sure. fading memory from that
era.
send you in private a more detailed explanation.
