Erinevus lehekülje "Freebsd traffic shaping" redaktsioonide vahel

Allikas: Kuutõrvaja
11. rida: 11. rida:
  
 
Ametlik ALTQ koduleht http://www.sonycsl.co.jp/person/kjc/kjc/software.html
 
Ametlik ALTQ koduleht http://www.sonycsl.co.jp/person/kjc/kjc/software.html
 +
Ning põhjalikku juttu ja näiteid leiab OpenBSD packet filteri lehelt http://www.openbsd.org/faq/pf/queueing.html
  
 
Pakette ALTQ's paigutatakse järjekordadesse (Queue). Järjekordadega
 
Pakette ALTQ's paigutatakse järjekordadesse (Queue). Järjekordadega

Redaktsioon: 13. aprill 2008, kell 11:06

Sissejuhatus

FreeBSD ja ALTQ

Nagu nimi juba ütleb on ALTQ ALTernate Queueing framework BSD unixitele. Loodud on see algselt OpenBSD's kuid hiljem porditud ka NetBSD ja FreeBSDle.

ALTQ lihtsamalt öeldes pakub võrguteenuste kontrollvõimalusi ,et suurendada teatud teenuste töökindlust ja tähtsamale liiklusele tagada kõrgemaid prioriteete ning samas piirata mitmet laadi ebasobivat liiklust võrkudes.

Ametlik ALTQ koduleht http://www.sonycsl.co.jp/person/kjc/kjc/software.html Ning põhjalikku juttu ja näiteid leiab OpenBSD packet filteri lehelt http://www.openbsd.org/faq/pf/queueing.html

Pakette ALTQ's paigutatakse järjekordadesse (Queue). Järjekordadega tegeleb omakorda scheduler. Võimalik on kasutada kolme tüüpi algoritme scheduleris mis otsustavad milliseid pakette peatada, kustutada või koheselt edastada.


cbq Class Based Queueing.

Queues attached to an interface build a tree, thus each queue can have further child queues. Each queue can have a priority and a bandwidth assigned. Priority mainly controls the time packets take to get sent out, while bandwidth has primarily effects on throughput.

priq Priority Queueing.

Queues are flat attached to the interface, thus, queues cannot have further child queues. Each queue has a unique priority assigned, ranging from 0 to 15. Packets in the queue with the highest priority are processed first.

hfsc Hierarchical Fair Service Curve.

Queues attached to an interface build a tree, thus each queue can have further child queues. Each queue can have a priority and a bandwidth assigned. Priority mainly controls the time packets take to get sent out, while bandwidth has primarily effects on throughput.


Näide 1

Daniel Hartmeier's ADSL - prioritizing ACKs to improve up/download over asymmetric link

ext_if="kue0" 

altq on $ext_if priq bandwidth 100Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)

pass out on $ext_if proto tcp from $ext_if to any flags S/SA keep state queue (q_def, q_pri)
pass in  on $ext_if proto tcp from any to $ext_if flags S/SA keep state queue (q_def, q_pri)

http://www.benzedrine.cx/ackpri.html

allocation by percentage

altq on $ext_if cbq bandwidth 640Kb queue { def, ftp, udp, http, ssh, icmp }
queue def bandwidth 18% cbq(default borrow red)
queue ftp bandwidth 10% cbq(borrow red)
queue udp bandwidth 30% cbq(borrow red)
queue http bandwidth 20% cbq(borrow red)
queue ssh bandwidth 20% cbq(borrow red) { ssh_interactive, ssh_bulk }
queue ssh_interactive priority 7
queue ssh_bulk priority 0
queue icmp bandwidth 2% cbq

pass log quick on $ext_if proto tcp from any to any port 22 flags S/SA keep state queue (ssh_bulk, ssh_interactive)
pass in quick on $ext_if proto tcp from any to any port 20 flags S/SA  keep state queue ftp
pass in quick on $ext_if proto tcp from any to any port 80 flags S/SA keep state queue http

pass out on $ext_if proto udp all keep state queue udp
pass out on $ext_if proto icmp all keep state queue icmp


handling unwanted traffic


  queue q_default cbq(default)
  queue q_web (...) 

   ## all mail limited to 1Mb/sec
   queue q_mail bandwidth 1Mb { q_mail_windows }
   ## windows mail limited to 56Kb/sec
   queue q_mail_windows bandwidth 56Kb

   pass in quick proto tcp from any os "Windows" to $ext_if port 25 keep state queue q_mail_windows
   pass in quick proto tcp from any to $ext_if port 25 label "smtp" keep state queue q_mail

Näide 2

Näide pf altq traffic shapingust koos tulemüüriga. Piiratakse nii download kui uploadi. Iga hosti kohta saab määrata erineva uploadi ja downloadi, samuti selle ip tähtsuse võrreldes teistega ehk leveli.

Näites on kolm klienti

192.168.1.1
192.168.1.2
192.168.1.3

Milledel downloadi piirame 512kb peale ja uploadi 256kb/s


ext_if="fxp1"
int_if="fxp0"

sourcetrack="keep state"
set optimization aggressive

192.168.1.0/24 download
altq on $int_if cbq bandwidth 100Mb queue if1
queue if1 bandwidth 100% cbq(rio ecn default) { a1, a2, a3 }
queue a1 bandwidth 512Kb cbq(rio ecn) 3
queue a2 bandwidth 512Kb cbq(rio ecn) 4
queue a3 bandwidth 512Kb cbq(rio ecn) 5

192.168.1.0/24 upload
altq on $ext_if cbq bandwidth 100Mb queue eif1
queue eif1 bandwidth 100% cbq(rio ecn default) { b1, b2, b3 }
queue b1 bandwidth 256Kb cbq(rio ecn) 7
queue b2 bandwidth 256Kb cbq(rio ecn) 4
queue b3 bandwidth 256Kb cbq(rio ecn) 5

192.168.1.0/24-nat
nat on $ext_if from 192.168.1.1 to any tag pc1 -> ($ext_if)
nat on $ext_if from 192.168.1.2 to any tag pc2 -> ($ext_if)
nat on $ext_if from 192.168.1.3 to any tag pc3 -> ($ext_if)

block log all label "blocked"
pass quick on lo0 all

192.168.1.0/24 sisemiste interfacede ip'ni piiramatul kiirusel traffic
pass quick all tagged intnat keep state
pass quick from 192.168.1.0/24 to $int_if keep state
pass quick from $int_if to 192.168.1.0/24 keep state

download
pass in quick from 192.168.1.1 to any $sourcetrack queue a1 label 192_168_1_1_down
pass in quick from 192.168.1.2 to any $sourcetrack queue a2 label 192_168_1_2_down
pass in quick from 192.168.1.3 to any $sourcetrack queue a3 label 192_168_1_3_down

upload
pass out quick tagged pc1 $sourcetrack queue b1 label 192_168_1_1_up
pass out quick tagged pc2 $sourcetrack queue b2 label 192_168_1_2_up
pass out quick tagged pc3 $sourcetrack queue b3 label 192_168_1_3_up

pass in inet proto icmp all keep state
pass out inet proto icmp all keep state
  
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
pass out on $ext_if proto { tcp, udp } all keep state