I appeal to the PF masters for some education on how to do something, because if I can't work out how to do it using PF, I'll have to do it with iptables. Eep!
We are a small hosting company in a managed building, and we present ADSL/SDSL-like service over ethernet to other companies in the building, to capitalise on some of the spare capacity on our 10Mb leased line. What I want to do: Provide 2Mb down/256Kb up ADSL-like service, contended at 20 to one. Provide 2Mb down/2Mb up SDSL-like service, contended at 10 to one. By contention, I mean that to take the ADSL as the example, each client should be guaranteed 100Kbps downstream, and 13Kbps upstream, but then fights on an equal footing with everyone else in their group for the remainder of the 2Mb/256Kb. I have tried the following sort of configuration, but the clients never seem to successfully borrow up to the capacity of their contention block. I am aware that it is incomplete, lacks a default, etc, I'm just trying to give an idea of what I've done with the DSL bits. altq on $ext_if cbq bandwidth 9.1Mb queue { adsl_up, sdsl_up } altq on $client_if cbq bandwidth 9.1Mb queue { adsl_dn, sdsl_dn } queue adsl_up bandwidth 256Kb cbq queue adsl_dn bandwidth 2Mb cbq queue sdsl_up bandwidth 2Mb cbq queue sdsl_dn bandwidth 2Mb cbq queue adsl_client1_up bandwidth 13Kb cbq (borrow) queue adsl_client1_dn bandwidth 100Kb cbq (borrow) queue adsl_client2_up bandwidth 13Kb cbq (borrow) queue adsl_client2_dn bandwidth 100Kb cbq (borrow) queue sdsl_client1_up bandwidth 100Kb cbq (borrow) queue sdsl_client1_dn bandwidth 100Kb cbq (borrow) queue sdsl_client2_up bandwidth 100Kb cbq (borrow) queue sdsl_client2_dn bandwidth 100Kb cbq (borrow) #ADSL Clients pass in on $client_if from $adsl_client1_net to any queue adsl_client1_up pass out on $client_if from any to $adsl_client1_net queue adsl_client1_dn pass in on $client_if from $adsl_client2_net to any queue adsl_client2_up pass in on $client_if from any to $adsl_client2_net queue adsl_client2_dn And so on, I don't need to waste your time with a huge email of slightly different repeated lines :-) That's about it really. If I can get it to work, I can persuade the boss to let me keep running everything off OpenBSD. If not, I'll have to wrap my head round iptables syntax, as apparently the boss 'Used to do it on Red Hat and everything worked fine.' Eugh. -- Richard 'Dave' Wilson Systems Administrator Senokian Solutions Ltd. Business Innovation Centre, Binley Business Park, Coventry, United Kingdom CV3 2TX T: +44 (0)24 76 233 400 F: +44 (0)24 76 233 401