If a TCP flow is egressing an interface at 2000k/s (17-18mbps), it might
be causing as much as 300kbps of "ACK" traffic. That traffic really
doesn't get queued on return at the same inteface it's egressing.
However, I have noticed that, if a traffic flow is passing through a
router (say, the same flow as before, egressing an "upstream inteface" at
2000k/s) and a rule set exists on the interface the flow is inressing from
(on it's way through to the previously mentioned egress interface), the
ACK traffic will get queued leaving that "sender facing interface", on its
way back to the sender.
So really, keep state has no impact?
~BAS
On Fri, 21 Oct 2005, Henning Brauer wrote:
well, I did numerous times in the past.
th emisunderstanding most of you have is that queue assignment and th
actual queueing are sepearate things.
you assign a queue with the name X somewhere, be it by a rule in the
inbound path or the outbound, or a state in either direction, and when
we hit the enqueuing on the outbound interface we check wether the
packet in question is tagged to be put in a specific queue. if so, and
a queue by the desired name exists on the given interface, we do so,
otherwise it goes to the default queue.
* Brian A. Seklecki <[EMAIL PROTECTED]> [2005-10-21 17:59]:
I was just curious if any of the developers (or experts) would care to
articulate officially >:}
~BAS
On Wed, 19 Oct 2005, William Bloom wrote:
The PF queueing FAQ page at http://www.openbsd.org has a wealth of info that
seems to nicely clarify the pf.conf man page. I recall that the FAQ contains an
example much as you describe (as I recall, specifying a queue for -incoming-
traffic will indeed cause that traffic to be processed through the named queue
as it is -outgoing-).
Bill
Brian A. Seklecki wrote:
Would anyone like to elaborate on the impacts of using "keep state" on
conjunction with pass rules that assign traffic to queues?
One might assume that inverted traffic flows would also be queued,
however that would break the "traffic can only be queued egress an
interface" rule...
There should be some remarks on this in pf.conf(5)
TIA,
~BAS
--
William Bloom| Snr Systems Engineer|M P H A S I S Architecting Value | Eldorado
Computing
5353 North 16th Street, Suite 400 Phoenix, Az 85016 | Direct: +11-602-604-3100 |
Fax: +11-602-604-3115| http://www.eldocomp.com
-- CONFIDENTIALITY NOTICE --
Information transmitted by this e-mail is proprietary to MphasiS and/or its
Customers and is intended for use only by the individual or entity to which it
is addressed, and may contain information that is privileged, confidential or
exempt from disclosure under applicable law. If you are not the intended
recipient or it appears that this mail has been forwarded to you without proper
authority, you are notified that any use or dissemination of this information
in any manner is strictly prohibited. In such cases, please notify us
immediately at [EMAIL PROTECTED] and delete this mail from your records.
l8*
-lava
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
l8*
-lava
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
