Dummynet + PF + vkernel

Raimundo Santos raitech at gmail.com
Sat Apr 13 17:32:39 PDT 2013


I am very scared after reading this

https://wiki.freebsd.org/IpfwNg

how could I put my trust in something that could have so many edge cases?

I know that is a lot off topic, but what about Xen? May it be reliable to
run routers/gateways/firewalls over Xen?


On 13 April 2013 11:19, Raimundo Santos <raitech at gmail.com> wrote:

> Hi Antonio!
>
> Well, there is not much to miss ;) - it is an ISP which uses wireless to
> distribute internet, which in turns do not allow us to control the
> bandwidth limit over the medium in a trusted way. Therefore, we need to
> limit this traffic in some way, and the actual way is with linux(iptables +
> tc), but it is hard to maintain - and almost everything is manualy
> controled 0_o (I am new at this job)
>
> A really liked the PF syntax, it is clean and easy to read - even more
> within the match keyword that is new in OpenBSD >= 4.7. But the queuing
> methods implemented in PF do not let to share the bandwitdh in an
> overbooking fashion, which is crucial to an ISP. The only way is to divide
> the queues to share bandwidth in a manner that do not surpass the total.
>
> By now, I am putting my chips in FreeBSD ipfw integration with ALTQ, in a
> way that the packets are limited by pipe and queued with HFSC in ALTQ. But
> I really dislike the syntax of ipfw, it reminds me of iptables.
>
> Cheers!
>
>
> On 12 April 2013 18:13, Antonio Huete Jimenez <tuxillo at quantumachine.net>wrote:
>
>> **
>>  Hi Raimundo,
>>
>>  I don't think vkernels are up to the task currently. In my
>> experience/opinion they are not stable and fast enough now for what you are
>> intending to do.
>>  Maybe I am just missing some details of your setup.
>>
>>  Cheers,
>>  Antonio Huete
>>
>> El 12 de abril de 2013 a las 17:14 Raimundo Santos <raitech at gmail.com>
>> escribió:
>>
>>  On 12 April 2013 02:58, Sepherosa Ziehau <sepherosa at gmail.com> wrote:
>>
>>
>> You could use ALTQ fairq w/ PF, which is similar to dummynet's WF2Q
>>
>> Best Regards,
>> sephe
>>
>> --
>> Tomorrow Will Never Die
>>
>>
>> Hum... but I need to do a hard limiting to all my customers. They have a
>> unique IP address, so I can decide about the bandwidth (here, we are about
>> to implement RADIUS to do auth too). The ideia here is to
>>
>>  1. limit external in/out traffic
>>  2. do QoS over this limited traffic
>>
>>  I have an average of 600 clients at the same time, so I think that FAIRQ
>> could be a good thing but not to hard limiting every IP.
>>
>>  If I offer three kinds of bandwidth to my customers, may I define three
>> subclasses in FAIRQ and let the traffic of the right kinds go through the
>> right queues? I think it does not work: if someone is hogging that queue,
>> what the others will end up with?
>>
>> --
>> --------------------------------------------
>> Raimundo A. P. Santos
>> Bacharelando em Informática
>> ICMC - USP
>>
>>
>>
>>
>
>
>
> --
> --------------------------------------------
> Raimundo A. P. Santos
> Bacharelando em Informática
> ICMC - USP
>



-- 
--------------------------------------------
Raimundo A. P. Santos
Bacharelando em Informática
ICMC - USP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20130413/be218fb9/attachment.htm>


More information about the Users mailing list