Re: ALTQ(32bit)

Tue, 04 Jun 2013 03:48:29 -0700 

Hi Stuart,

On 04/06/13 09:32, Stuart Henderson wrote:

On 2013-06-03, Chris Cappuccio <ch...@nmedia.net> wrote:

Andy [a...@brandwatch.com] wrote:

Hi,

We're really looking forward to improvements in ALTQ too.

And we are /really/ hoping that the queues can either be shared across
interfaces (so your WAN downstream bandwidth doesn't have to be sliced
up and divided up across all the internal interfaces), or that you can
create queues on the external interface's 'ingress' flow.

I know this opens a can of worms as many say you can't theoretically
shape inbound bandwidth as you've already received the packets, however
we do shape inbound bandwidth and it works brilliantly! But you have to
do it on each of the internal interfaces egress (hence having to slice
up the total downstream), so connections receiving too many downstream
packets are slowed by dropping some of the already received TCP packets
(not perfect but it works).

You're still not shaping *inbound* bandwidth, you're shaping *outbound*
bandwidth. It happens to be "bandwidth coming in to your router and then
getting sent out to another host" but from the point of view of the router,
this is still *outbound*.

Absolutely :)


(You are also relying on flow control mechanisms within the protocols
i.e. you may be *influencing* the rate of packets sent to you, but there's
no absolute control, if someone sends a bunch of UDP at you then queueing
outbound won't do anything to throttle incoming traffic).

And their in-lies the DDOS principle. Damn DOSers..

You should post your ruleset. It sounds like you may be able to get some
better performance without new functionality.

If using vlans, then creating queues on the physical interface rather
than the vlan interfaces might do the trick.
Have just sent a message with full details of our logic. I learn from the experience and comments of others so forgive me if I've made some stupid mistakes.. 
Also whilst I'm wishing, also looking forward to the day that the
FQ_Codel algorithms etc which significantly improve buffer-bloat are
soon in OpenBSD (now in Linux 3.7 :)

Honestly, who cares about buffer bloat? Just because it's a
popular issue in some circles does not mean that anything you do
on your openbsd firewall is going to affect the problem one way or
another.

It may well be a problem if you're using medium/large altq buffers
or if you raise net.inet.ip.ifq.maxlen too high..


It is.. :)

Reply via email to