altq is looking at kilobits per second and you're probably looking at kiloBytes
per second
(237Kb/sec / 8bits/Byte=29KB/sec)
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
> Hi everyone,
>
> Problem:
> Bandwidth management is not working as expected; instead of streaming data
> inbound with 237 Kb/sec without bandwidth management, it drops to 29 Kb/sec
> (tendency falling) with enabled bandwidth management
>
> Test environment:
> OpenBSD 3.7 or 3.8 (both tested); Pentium 3 or
> Athlon XP (both tested), PF, ALTQ, PPPOE-Interface,
> DSL 2000
>
> Guessed fault:
> ALTQ wasn't understood by me?!?
>
> Story:
> I'm trying to get bandwidth management to work with openbsd
> for 6 weeks now. I read several posts, howtos and manuals.
> I tried all supported schedulers. To isolate the problem I reduced
> my original complexity to priq as scheduler. (Afterwards this
> should change.) The Isolation brought the assumption the problem could
> be me and my understanding about altq. So I'm asking you now.
>
> pf.conf:
> ---pf.conf---
> ### MACROS & TABLES ###
> #
> #Define all interfaces
> #
> ext_if="pppoe0"
> int_if="pcn0"
>
> #
> #Define privileged network address sets
> #
> nets_priv = "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }"
>
> ### OPTIONS ###
> #
> #Default behavior
> #
> ##Define default response for block filters
> set block-policy drop
> ##Define statistics logging on
> set loginterface $ext_if
>
> ### TRAFFIC NORMALIZATION ###
> #
> #Filter traffic for unusual packets
> #
> scrub in all
>
> ### QUEUEING ###
> #
> #Bandwidth management
> #
> ##Define upstream parent queue (24Kb * 0,95 Overhead)
> altq on $ext_if priq bandwidth 22Kb queue { up_default up_web up_quick }
> ##Define downstream parent queue (256Kb * 0,95 Overhead)
> altq on $int_if priq bandwidth 243Kb queue { dn_default dn_quick }
>
> ##Define upstream child queues
> queue up_default priq(default)
> queue up_quick priority 7 priq
>
> ##Define downstream child queues
> queue dn_default priq(default)
> queue dn_quick priority 7 priq
>
> ### TRANSLATION ###
> #
> #NAT for the external traffic
> #
> nat on $ext_if from $int_if:network to any -> ($ext_if)
>
> #
> #Redirections
> #
> ##Redirect FTP clients to FTP proxy WITHOUT FIREWALL
> rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
>
> ### PACKET FILTERING ###
> #
> #Default filter
> #
> block log all
>
> #
> #Loopback interface traffic
> #
> pass quick on lo0 all
>
> #
> #Filter and queue external interface traffic
> #
> ##Deny incoming or outgoing priviliged network address sets
> block in quick on $ext_if from $nets_priv to any
> block out quick on $ext_if from any to $nets_priv
> ##Allow incoming traffic to ftp proxy; keep the state
> pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
> ##Allow incoming ping request to router; keep the state
> pass in on $ext_if inet proto icmp from any to $ext_if icmp-type 8 code 0
> keep state
> ##Assign upstream traffic to queues; keep the state
> pass out on $ext_if keep state queue(up_default up_quick)
>
> #
> #Filter and queue internal interface traffic
> #
> ##Allow incoming traffic from internal network; do not keep the state
> pass in on $int_if from $int_if:network to any
> ##Assign outgoing traffic from other interfaces to queues for downstream; do
> not keep the state
> pass out on $int_if from any to $int_if:network queue(dn_default dn_quick)
>
> #
> #Deny spoofing
> #
> antispoof for $ext_if
> antispoof for $int_if
> ---pf.conf---
>
> Thank you for your assistance,
> Benjamin
>
> --
> 10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
> +++ GMX - die erste Adresse f|r Mail, Message, More +++
--
"Attacks always get better; they never get worse."
-- "Old NSA saying"
