On 2013-06-03, Chris Cappuccio <ch...@nmedia.net> wrote: > Andy [a...@brandwatch.com] wrote: >> Hi, >> >> We're really looking forward to improvements in ALTQ too. >> >> And we are /really/ hoping that the queues can either be shared across >> interfaces (so your WAN downstream bandwidth doesn't have to be sliced >> up and divided up across all the internal interfaces), or that you can >> create queues on the external interface's 'ingress' flow. >> >> I know this opens a can of worms as many say you can't theoretically >> shape inbound bandwidth as you've already received the packets, however >> we do shape inbound bandwidth and it works brilliantly! But you have to >> do it on each of the internal interfaces egress (hence having to slice >> up the total downstream), so connections receiving too many downstream >> packets are slowed by dropping some of the already received TCP packets >> (not perfect but it works).
You're still not shaping *inbound* bandwidth, you're shaping *outbound* bandwidth. It happens to be "bandwidth coming in to your router and then getting sent out to another host" but from the point of view of the router, this is still *outbound*. (You are also relying on flow control mechanisms within the protocols i.e. you may be *influencing* the rate of packets sent to you, but there's no absolute control, if someone sends a bunch of UDP at you then queueing outbound won't do anything to throttle incoming traffic). > You should post your ruleset. It sounds like you may be able to get some > better performance without new functionality. If using vlans, then creating queues on the physical interface rather than the vlan interfaces might do the trick. >> Also whilst I'm wishing, also looking forward to the day that the >> FQ_Codel algorithms etc which significantly improve buffer-bloat are >> soon in OpenBSD (now in Linux 3.7 :) > > Honestly, who cares about buffer bloat? Just because it's a > popular issue in some circles does not mean that anything you do > on your openbsd firewall is going to affect the problem one way or > another. It may well be a problem if you're using medium/large altq buffers or if you raise net.inet.ip.ifq.maxlen too high..
