PF and ALTQ queue option.

Hi,

I am looking at using cbq to prioritise video conference
traffic over 
all of the rest of the traffic crossing our VPN.  I was just
wondering 
if the following configuration would to this (The vpn link
is 2Mbit, in 
I will be running pf+altq at both ends of the link).



altq on em0 cbq qbandwidth 2Mb queue { normal, vidconf }
queue normal bandwidth 1Mb priority 0 cbq(ecn)
queue vidconf bandwidth 1Mb priority 1 cbq(ecn)

pass in on em0 from 172.17.0.123 to 10.0.0.123 queue vidconf
pass out on em0 from 10.0.0.123 to 172.17.0.123 queue
vidconf

pass in on em0 from any to any queue normal
pass out on em0 from any to any queue normal

pass in quick on em0 from 172.17.0.0/16 to 10.0.0.0/16
pass out quick on em0 from 10.0.0.0/16 to 172.17.0.0/16


The main question I have is which queue will the traffic
between 
10.0.0.123 and 172.17.0.123.  In the pf world it would seem
it gets 
queued in normal, is this correct? if it is i guess i have
to invert the 
rules like so:

pass in on em0 from any to any queue normal
pass out on em0 from any to any queue normal

pass in on em0 from 172.17.0.123 to 10.0.0.123 queue vidconf
pass out on em0 from 10.0.0.123 to 172.17.0.123 queue
vidconf


Thanks

Tom
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"

Correct, you need use your second example.

Gilberto

2006/11/27, Tom Judge <tomtomjudge.com>:
> Hi,
>
> I am looking at using cbq to prioritise video
conference traffic over
> all of the rest of the traffic crossing our VPN.  I was
just wondering
> if the following configuration would to this (The vpn
link is 2Mbit, in
> I will be running pf+altq at both ends of the link).
>
>
>
> altq on em0 cbq qbandwidth 2Mb queue { normal, vidconf
}
> queue normal bandwidth 1Mb priority 0 cbq(ecn)
> queue vidconf bandwidth 1Mb priority 1 cbq(ecn)
>
> pass in on em0 from 172.17.0.123 to 10.0.0.123 queue
vidconf
> pass out on em0 from 10.0.0.123 to 172.17.0.123 queue
vidconf
>
> pass in on em0 from any to any queue normal
> pass out on em0 from any to any queue normal
>
> pass in quick on em0 from 172.17.0.0/16 to 10.0.0.0/16
> pass out quick on em0 from 10.0.0.0/16 to 172.17.0.0/16
>
>
> The main question I have is which queue will the
traffic between
> 10.0.0.123 and 172.17.0.123.  In the pf world it would
seem it gets
> queued in normal, is this correct? if it is i guess i
have to invert the
> rules like so:
>
> pass in on em0 from any to any queue normal
> pass out on em0 from any to any queue normal
>
> pass in on em0 from 172.17.0.123 to 10.0.0.123 queue
vidconf
> pass out on em0 from 10.0.0.123 to 172.17.0.123 queue
vidconf
>
>
> Thanks
>
> Tom
> _______________________________________________
> freebsd-pffreebsd.org mailing list
> 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"

Gilberto Villani Brito wrote:
> Correct, you need use your second example.
> 
> Gilberto
> 

Thanks,  I have another query, if the last rule does not
include a queue 
directive will the the traffic pass through altq or will it
just pass 
thought the system bypassing the queue (see example rules
below)?


Thanks

Tom

pass in on em0 from any to any queue normal
pass out on em0 from any to any queue normal

pass in on em0 from 172.17.0.123 to 10.0.0.123 queue vidconf
pass out on em0 from 10.0.0.123 to 172.17.0.123 queue
vidconf

pass in quick on em0 from 172.17.0.0/16 to 10.0.0.0/16
pass out quick on em0 from 10.0.0.0/16 to 172.17.0.0/16



> 2006/11/27, Tom Judge <tomtomjudge.com>:
>> Hi,
>>
>> I am looking at using cbq to prioritise video
conference traffic over
>> all of the rest of the traffic crossing our VPN.  I
was just wondering
>> if the following configuration would to this (The
vpn link is 2Mbit, in
>> I will be running pf+altq at both ends of the
link).
>>
>>
>>
>> altq on em0 cbq qbandwidth 2Mb queue { normal,
vidconf }
>> queue normal bandwidth 1Mb priority 0 cbq(ecn)
>> queue vidconf bandwidth 1Mb priority 1 cbq(ecn)
>>
>> pass in on em0 from 172.17.0.123 to 10.0.0.123
queue vidconf
>> pass out on em0 from 10.0.0.123 to 172.17.0.123
queue vidconf
>>
>> pass in on em0 from any to any queue normal
>> pass out on em0 from any to any queue normal
>>
>> pass in quick on em0 from 172.17.0.0/16 to
10.0.0.0/16
>> pass out quick on em0 from 10.0.0.0/16 to
172.17.0.0/16
>>
>>
>> The main question I have is which queue will the
traffic between
>> 10.0.0.123 and 172.17.0.123.  In the pf world it
would seem it gets
>> queued in normal, is this correct? if it is i guess
i have to invert the
>> rules like so:
>>
>> pass in on em0 from any to any queue normal
>> pass out on em0 from any to any queue normal
>>
>> pass in on em0 from 172.17.0.123 to 10.0.0.123
queue vidconf
>> pass out on em0 from 10.0.0.123 to 172.17.0.123
queue vidconf
>>
>>


_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"

<quote who="Tom Judge">
> Gilberto Villani Brito wrote:
>> Correct, you need use your second example.
>>
>> Gilberto
>>
>
> Thanks,  I have another query, if the last rule does
not include a queue
> directive will the the traffic pass through altq or
will it just pass
> thought the system bypassing the queue (see example
rules below)?

You can define default queue in your config and all rules
without queue will be linked to this default queue on
egress interface:

 altq on em0 cbq qbandwidth 2Mb queue { normal, vidconf }
 queue normal bandwidth 1Mb priority 0 cbq(ecn default)
 queue vidconf bandwidth 1Mb priority 1 cbq(ecn)



>
>
> Thanks
>
> Tom
>
> pass in on em0 from any to any queue normal
> pass out on em0 from any to any queue normal
>
> pass in on em0 from 172.17.0.123 to 10.0.0.123 queue
vidconf
> pass out on em0 from 10.0.0.123 to 172.17.0.123 queue
vidconf
>
> pass in quick on em0 from 172.17.0.0/16 to 10.0.0.0/16
> pass out quick on em0 from 10.0.0.0/16 to 172.17.0.0/16
>
>
>
>> 2006/11/27, Tom Judge <tomtomjudge.com>:
>>> Hi,
>>>
>>> I am looking at using cbq to prioritise video
conference traffic over
>>> all of the rest of the traffic crossing our
VPN.  I was just wondering
>>> if the following configuration would to this
(The vpn link is 2Mbit, in
>>> I will be running pf+altq at both ends of the
link).
>>>
>>>
>>>
>>> altq on em0 cbq qbandwidth 2Mb queue { normal,
vidconf }
>>> queue normal bandwidth 1Mb priority 0 cbq(ecn)
>>> queue vidconf bandwidth 1Mb priority 1 cbq(ecn)
>>>
>>> pass in on em0 from 172.17.0.123 to 10.0.0.123
queue vidconf
>>> pass out on em0 from 10.0.0.123 to 172.17.0.123
queue vidconf
>>>
>>> pass in on em0 from any to any queue normal
>>> pass out on em0 from any to any queue normal
>>>
>>> pass in quick on em0 from 172.17.0.0/16 to
10.0.0.0/16
>>> pass out quick on em0 from 10.0.0.0/16 to
172.17.0.0/16
>>>
>>>
>>> The main question I have is which queue will
the traffic between
>>> 10.0.0.123 and 172.17.0.123.  In the pf world
it would seem it gets
>>> queued in normal, is this correct? if it is i
guess i have to invert
>>> the
>>> rules like so:
>>>
>>> pass in on em0 from any to any queue normal
>>> pass out on em0 from any to any queue normal
>>>
>>> pass in on em0 from 172.17.0.123 to 10.0.0.123
queue vidconf
>>> pass out on em0 from 10.0.0.123 to 172.17.0.123
queue vidconf
>>>
>>>
>
>
> _______________________________________________
> freebsd-pffreebsd.org mailing list
> 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
>


-- 
           Sincerely yours,
                            Artyom Viklenko.
-------------------------------------------------------
artemaws-net.org.ua | http://www.aws-net.o
rg.ua/~artem
FreeBSD: The Power to Serve   -  http://www.freebsd.org


_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"