PF throttle bandwidth

Matthew Dillon dillon at apollo.backplane.com
Thu May 1 08:53:49 PDT 2008 

:...
:hour and then suddenly I'm banned for 24 hours. So I set up a nifty
:script to switch pf.conf files and restart pf when I near 13Gb of usage.
:My question now is what can really give me a cap of 56Kb (modem speed)?
:Currently I'm using
:
:altq on $ext_if fairq bandwidth 112Kb queue { hi lo }
:queue hi priority 2 bandwidth 56Kb fairq (buckets 64, default) qlimit 50
:queue lo priority 1 bandwidth 56Kb fairq (buckets 64) qlimit 50
:
:This works temporarily, sort of.. because some connections get slower,
:but only because they're bursty, as opposed to really being capped to
:56Kb. So does anyone know how to hard-cap a connection to a certain
:speed? Doesn't even have to be pf, can be a secret magic sysctl :)
:
:-- 
:Robert Luciani

    Well, specifying the cap in th altq line would do the trick.
    That ought to limit your overall bandwidth.  You should still be able
    to keep the hi and lo queue lines intact, remember that the bandwidth
    specification for the fairq lines are minimums, not maximums.  All
    you really need to do is make sure your low priority queue gets
    a little bandwidth
 
altq on $ext_if fairq bandwidth 56Kb queue { hi lo }
queue hi priority 2 bandwidth 40Kb fairq (buckets 64, default) qlimit 50
queue lo priority 1 bandwidth 16Kb fairq (buckets 64) qlimit 50

    Another option is to use IPFW + DUMMYNET (which can be done in parallel
    with PF, I think), and create a bandwidth-limited pipe explicitly for
    your torrents.

    PF also has other queueing types which can be used to create service
    curves with hard bandwidth limits.  However, you would not be able to
    use fairq in that situation.

    It might be possible to use bridging + PF to route certain types of
    traffic through another interface, and then apply a different queue to
    that interface while maintaining the FAIRQ on your primary external
    interface.  I've never tried doing it so it would take a lot of
    experimentation, but it might be possible to do with lo1, lo2, etc.

    In anycase, what you are doing now... reloading pf.conf, is probably
    unavoidable.  PF has no concept of 'daily limits' (not even the queues
    with service curves can do that on their own), and some sort of 
    external intelligence would definitely be needed.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>

More information about the Users mailing list