Thank you for the reply, Giancarlo. There are some things I'm not quite sure about from your response, however.
prio sounds great on paper, but I'm pretty sure they are a per-interface priority queue. Could it still prioritize packets from the Asterisk vlan above those from other vlans? Also, I was fairly sure from the pf.conf man page that queues were on the outbound interface, not the inbound. Is that wrong? On Mon, Aug 04, 2014 at 07:01:06PM -0300, Giancarlo Razzolini wrote: > On 04-08-2014 18:09, Eric Dilmore wrote: > > I just set up a new OpenBSD 5.5 gateway for a small nonprofit. The > > gateway has one external interface and one internal, with the internal > > network split into several VLANs: one for secure traffic, one for > > guests, one for internal phones, and one for our external Asterisk phone > > server. > Vlans work, but they add complexity. I'd prefer physical interfaces > separating the networks, both for performance and security reasons. > > > > I'm trying to use queues to set up QoS for the Asterisk server. There is > > limited bandwidth in our location, and we would like to ensure that the > > Asterisk server has priority over other traffic. I would prefer a > > bandwidth specification over a simple priority, but either would be > > fine. > I suggest you first try prio, and only if it doesn't work, use queues. > I've used queues, but recently, I've been using only prio. It almost > always does the job. > > > > However, I believe that pf queues are tied to an outbound interface. > > None of the rules I have attempted on the internal interface have > > matched at all. I can specify each vlan explicitly, but the internal > > interface itself doesn't seem to match any packets. tcpdump shows > > traffic passing both in and out when I specify the internal interface. > The most indicated way is to queue your downloads on the internal > interface and your uploads on the external interface. If I'm not > mistaken, you need to set the queues on each vlan if. > > > > I am confused about the relationship between the physical interface and > > the vlan interfaces in pf. I would also like to know if there are any > > suggestions for how to set up the queues in order to provide QoS for > > phone traffic. > When using VLAN you'll almost always only filter on the vlan interfaces. > As I already mentioned, you'll mostly get away with prio. > > > > My current pf.conf is hosted in a gist here: > > https://gist.github.com/geppettodivacin/8fc8dc044b122154d137 > I've took a quick look and you are on the right direction. You'll just > need to invert your queues. As I mentioned, use your queues on the vlans > for connections initiated by your networks. And queue on the external > interface connections coming from the internet. > > Cheers, > > -- > Giancarlo Razzolini > GPG: 4096R/77B981BC
