Re: queueing question

Tue, 06 May 2014 09:39:31 -0700 

Hi, One thing worth mentioning..
Queuing only works on 'Egress', not ingress. So if you want to queue downstream traffic from the Internet, you need to queue it as it egresses the internal interfaces. 


If you have a LAN and a DMZ however and you queue on each interface you 
will have to slice your download bandwith up (5Mbit for LAN and 5Mbit 
for DMZ) as the queues cannot share bandwidth across interfaces.



The way around this is to have an 802.1Q trunk with all your internal 
networks, and you then apply the queues to that one trunk (meaning you 
have a single set of queues defining all of the download bandwith which 
can be shared across all of the VLAN's).



Here is an example using the old queuing system (we have many VLANs 
under the trunk including DMZ, LAN, VOIP, Accounts, Engineering, etc 
etc);

# Upstream queues
altq on $if_ext bandwidth 800Mb hfsc queue { _local, _wan }

   queue _local on $if_ext bandwidth 700Mb priority 4 hfsc(linkshare 
700Mb, upperlimit 700Mb) { _local_kernel, _local_data_pri, _local_data }
       queue _local_kernel on $if_ext bandwidth 1% qlimit 100 priority 
7 hfsc(realtime 1%, linkshare 1%)
       queue _local_data_pri on $if_ext bandwidth 10% qlimit 100 
priority 4 hfsc(realtime 10%, linkshare 10%)
       queue _local_data on $if_ext bandwidth 89% qlimit 100 priority 
0 hfsc(linkshare 89%)
   queue _wan on $if_ext bandwidth 63Mb priority 15 hfsc(linkshare 
63Mb, upperlimit 63Mb) { _wan_rt, _wan_int, _wan_pri, _wan_vpn, 
_wan_web, _wan_dflt, _wan_bulk }
       queue _wan_rt on $if_ext bandwidth 20% priority 7 qlimit 100 
hfsc(realtime(30%, 5000, 20%), linkshare 20%)
       queue _wan_int on $if_ext bandwidth 10% priority 5 qlimit 200 
hfsc(realtime 5%, linkshare 10%)
       queue _wan_pri on $if_ext bandwidth 20% priority 4 qlimit 200 
hfsc(realtime(20%, 2000, 5%), linkshare 20%)
       queue _wan_vpn on $if_ext bandwidth 10% priority 3 qlimit 300 
hfsc(realtime 5%, linkshare 10%, ecn)
       queue _wan_web on $if_ext bandwidth 10% priority 2 qlimit 500 
hfsc(realtime(10%, 3000, 5%), linkshare 10%, ecn)
       queue _wan_dflt on $if_ext bandwidth 20% priority 1 qlimit 100 
hfsc(realtime(10%, 5000, 10%), linkshare 20%, ecn, default)
       queue _wan_bulk on $if_ext bandwidth 5% priority 0 qlimit 100 
hfsc(linkshare 5%, upperlimit 30%, ecn)


# Downstream queues
altq on $if_trunk bandwidth 2700Mb hfsc queue { _local, _wan }

   queue _local on $if_trunk bandwidth 2500Mb priority 4 
hfsc(linkshare 2500Mb, upperlimit 2500Mb) { _local_kernel, 
_local_data_pri, _local_data }
       queue _local_kernel on $if_trunk bandwidth 1% qlimit 100 
priority 7 hfsc(realtime 1%, linkshare 1%)
       queue _local_data_pri on $if_trunk bandwidth 10% qlimit 100 
priority 4 hfsc(realtime 10%, linkshare 10%)
       queue _local_data on $if_trunk bandwidth 89% qlimit 100 
priority 0 hfsc(linkshare 89%)
   queue _wan on $if_trunk bandwidth 93Mb priority 15 hfsc(linkshare 
93Mb, upperlimit 93Mb) { _wan_rt, _wan_int, _wan_pri, _wan_vpn, 
_wan_web, _wan_dflt, _wan_bulk }
       queue _wan_rt on $if_trunk bandwidth 20% priority 7 qlimit 100 
hfsc(realtime(30%, 5000, 15%), linkshare 20%)
       queue _wan_int on $if_trunk bandwidth 10% priority 5 qlimit 200 
hfsc(realtime 5%, linkshare 10%)
       queue _wan_pri on $if_trunk bandwidth 10% priority 4 qlimit 300 
hfsc(realtime(10%, 2000, 5%), linkshare 10%)
       queue _wan_vpn on $if_trunk bandwidth 10% priority 3 qlimit 300 
hfsc(realtime 5%, linkshare 10%, ecn)
       queue _wan_web on $if_trunk bandwidth 20% priority 2 qlimit 500 
hfsc(realtime(10%, 3000, 5%), linkshare 20%, ecn)
       queue _wan_dflt on $if_trunk bandwidth 20% priority 1 qlimit 
100 hfsc(realtime(20%, 5000, 10%), linkshare 20%, ecn, default)
       queue _wan_bulk on $if_trunk bandwidth 5% priority 0 qlimit 100 
hfsc(linkshare 5%, upperlimit 30%, ecn)



NB; the use of the 'on $if_Ext' and 'on $if_trunk' statements is so you 
can use the same queue names making your rules much easier to write.



Hope this helps. I haven't yet tried the new queue system yet as I want 
to read up more about it as HFSC is very complex and has many subtle 
interactions, so want to understand how the new parameters map to the 
HFSC algorithm before I start pushing buttons.. :)


Cheers, Andy.


On Mon 05 May 2014 16:48:32 BST, Marko Cupać wrote:

Hi,

I have setup similar to this:

                   BOX1                       BOX2
Internet---($isp_if:::$dmz_if)--DMZ--($nat_if:::$int_if)---LAN

$isp_if: 10Mbit/s
$dmz_if: 1Gbit/s
$nat_if: 1Gbit/s
$int_if: 1Gbit/s

I would like to queue traffic for some services in DMZ for both Internet
and LAN clients ( web, ftp, dns, xmpp ), some services residing
directly on BOX2 for Internet clients ( pptp, openvpn)and some services
on LAN for Internet clients (redirected custom applications).

Besides this, I would like to queue outgoing traffic from LAN (high
priority dns, low priority p2p etc).

Should I queue on all the interfaces? Should I declare 1Gbit on non-isp
interfaces and 10Mbit on isp interface? Any other advices?

Thank you in advance.
























					Reply via email to