pf: default queue issues

Fri, 10 Dec 2010 13:59:47 -0800 

[sorry if I posted this twice but I haven't see it show up ]

I have an openbsd box doing queuing for 200+ users, each with their own cbq
queue to limit bandwidth on a per-client basis. My issue is that I'm seeing
a good 60-80% of the traffic on the client-facing interface going into the
default queue, rather than it going into the individual client queues.

my queuing is set up thusly:

altq on $cus cbq bandwidth 100Mb queue { cusdefqrx, resqrx, torrqrx }
queue cusdefqrx bandwidth 10% priority 1 cbq(borrow,ecn,default)
queue torrqrx bandwidth 1%  priority 0 cbq(ecn)
queue resqrx bandwidth 89% priority 5 cbq(borrow,ecn) { 0000493qrx,
0000026qrx, 0000025qrx,
0000024qrx, 0000023qrx, 0000502qrx, ....etc }

and the client queues:

queue 0000493qrx bandwidth 1013Kb priority 1
queue 0000026qrx bandwidth 5940Kb priority 6
queue 0000025qrx bandwidth 2475Kb priority 1
queue 0000024qrx bandwidth 2475Kb priority 1
queue 0000023qrx bandwidth 1013Kb priority 1
queue 0000502qrx bandwidth 1013Kb priority 1
...etc

and then there are a bunch of rules that assign traffic to each queue:

x0000493="{ 192.168.4.136/32 }"
        pass out quick on $cus from any to $x0000493 label 0000493rx queue
0000493qrx flags any no state
        pass in  quick on $cus from $x0000493 to any label 0000493tx flags
any no state

...etc, for every IP address in use, such that all traffic on the interface
is assigned to a queue.

but pftop -s 1 -v queue shows:

root_fxp1         100M cbq    0  731630 771766K       0       0    0     0
  0  893  952K
 cusdefqrx         10M cbq       426563 519181K       0       0    0     0
  0  513  737K
 torrqrx          1000K cbq    0       0      0       0       0    0     0
  0    0     0
 resqrx             89M cbq    5       0      0       0       0    0     0
  0    0     0

The problem is that queuing for each client doesn't seem to be working - or
does for some traffic. tcpdump shows traffic to a particular client which is
not being assigned to their queue. What really odd is that the labels for
that rule ARE working, so that traffic is hitting that rule.

Is there a way to see what packets are going into the default queue?
 Logging won't work because traffic that goes into the default queue
(supposedly)  doesn't match a rule.

thanks for any insight.

Reply via email to