netbsd-help: Re: ALTQ in firewall

Subject: Re: ALTQ in firewall
To: None <netbsd-help@NetBSD.org>
From: David Lord <netbsd@lordynet.org>
List: netbsd-help
Date: 08/24/2007 09:19:21
On 24 Aug 2007, at 7:53, Martti Kuparinen wrote:

> Hi,
> 
> Our house has a shared internet connection (4M/512k ADSL) and the firewall is 
> running NetBSD 3.1.1. Currently we are using the built-in IPF to perform all 
> filtering. We have one public address for the external interface and 64 public 
> addresses for the internal network.
> 
> Now, from time to time, some users overload our uplink by sending e.g. large 
> amount of digital photos to photo labs and this of course has negative effect 
> for all our users as the TCP traffic slows down even though our downlink is not 
> congested.
> 
> I'm aware that PF supports ALTQ in NetBSD 4.0 but that would mean upgrade and 
> I'd rather not upgrade because everything is very stable.
> 
> So, is anyone using IPF with ALTQ in NetBSD 3.x? What queueing discipline should 
> I use in this case? All real-life examples are welcome...

I'm using altq with 3.1 on a k6-400. I've tried various altq 
strategies but all seemed to make about the same difference which has 
been a considerable improvement in responsiveness. I've not touched 
it since Feb 23, and altq.conf indicates I tried hfsc, priq, fifoq 
and wfq and finished up with hfsc. I might have some traffic timings 
somewhere. I monitored uploads for latency and adjusted to greatly 
reduce the spike (my isp provides continuous line quality monitoring 
as a graph of lcp latency which made the job easy). I've no idea if 
settings used are optimum just that they made a very significant 
improvement.

adsl kbit/s  down = 2272  up = 288

### altq.conf
#
# HFSC # hfsc configuration for hierarchical sharing
#                        root ( 240K )
#                         |
#                   LG_class ( 90% 192K )
#                         |
#               +---------+---------+
#               |         |         |
#             LG_LP     LG_MP     LG_HP
#             (20%)     (60%)     (10%)
#           (42700)   (128000)    (21300)
#
# interface le0 bandwidth 240K tbrsize 300 hfsc
interface le0 bandwidth 240K tbrsize 1500 hfsc
    class hfsc le0 def_class root  pshare 10 default
    class hfsc le0 LG_class root   pshare 90 grate 192K
#
    class hfsc le0 LG_LP LG_class  pshare 20 grate  42700 
        filter le0 LG_LP 0   0 0 0 17

    class hfsc le0 LG_MP LG_class  pshare 60 grate 128000
        filter le0 LG_MP 0   0 0 0  6
#
    class hfsc le0 LG_HP LG_class  pshare 10 grate  21300
        filter le0 LG_HP 0 123 0 0  6
        filter le0 LG_HP 0 123 0 0 17
        filter le0 LG_HP 0  53 0 0  6
        filter le0 LG_HP 0  53 0 0 17
        filter le0 LG_HP 0  22 0 0  6
        filter le0 LG_HP 0   0 0 0  1


David