Dummynet + PF + vkernel

Raimundo Santos raitech at gmail.com
Sat Apr 13 07:19:07 PDT 2013

Hi Antonio!

Well, there is not much to miss ;) - it is an ISP which uses wireless to
distribute internet, which in turns do not allow us to control the
bandwidth limit over the medium in a trusted way. Therefore, we need to
limit this traffic in some way, and the actual way is with linux(iptables +
tc), but it is hard to maintain - and almost everything is manualy
controled 0_o (I am new at this job)

A really liked the PF syntax, it is clean and easy to read - even more
within the match keyword that is new in OpenBSD >= 4.7. But the queuing
methods implemented in PF do not let to share the bandwitdh in an
overbooking fashion, which is crucial to an ISP. The only way is to divide
the queues to share bandwidth in a manner that do not surpass the total.

By now, I am putting my chips in FreeBSD ipfw integration with ALTQ, in a
way that the packets are limited by pipe and queued with HFSC in ALTQ. But
I really dislike the syntax of ipfw, it reminds me of iptables.


On 12 April 2013 18:13, Antonio Huete Jimenez <tuxillo at quantumachine.net>wrote:

> **
>  Hi Raimundo,
>  I don't think vkernels are up to the task currently. In my
> experience/opinion they are not stable and fast enough now for what you are
> intending to do.
>  Maybe I am just missing some details of your setup.
>  Cheers,
>  Antonio Huete
> El 12 de abril de 2013 a las 17:14 Raimundo Santos <raitech at gmail.com>
> escribió:
>  On 12 April 2013 02:58, Sepherosa Ziehau <sepherosa at gmail.com> wrote:
> You could use ALTQ fairq w/ PF, which is similar to dummynet's WF2Q
> Best Regards,
> sephe
> --
> Tomorrow Will Never Die
> Hum... but I need to do a hard limiting to all my customers. They have a
> unique IP address, so I can decide about the bandwidth (here, we are about
> to implement RADIUS to do auth too). The ideia here is to
>  1. limit external in/out traffic
>  2. do QoS over this limited traffic
>  I have an average of 600 clients at the same time, so I think that FAIRQ
> could be a good thing but not to hard limiting every IP.
>  If I offer three kinds of bandwidth to my customers, may I define three
> subclasses in FAIRQ and let the traffic of the right kinds go through the
> right queues? I think it does not work: if someone is hogging that queue,
> what the others will end up with?
> --
> --------------------------------------------
> Raimundo A. P. Santos
> Bacharelando em Informática

Raimundo A. P. Santos
Bacharelando em Informática
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20130413/a78993ba/attachment-0002.htm>

More information about the Users mailing list