pf change state's altq queue

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

pf change state's altq queue

Ted Unangst-6
Here's the background.  My cable ISP has this "turbo boost" thing
where the first ~2 seconds of a connection download at 50Mbps, then
it's throttled back to 20Mbps.  I want to do this in pf (differentiate
casual web browsing from long downloads).

My first thought is I need to set up two altq queues, one full speed
and one half speed.  Something like this:

pass out queue fast
pass out tagged download queue slow

I suspect that will work, but I need to set the tags.  Are tags
attached to rules or states?  It's not clear from the man page,
probably because it doesn't make any difference right now.  But then
there's the question of whether the queue is attached to the state, or
whether the queue is picked per packet.

Basically, if I add an edit state ioctl, what do I need to change?
The tag or the queue?  (The plan was to have an external program
monitor pf states and when a state passed a certain amount of traffic,
it would be moved to another queue.  I don't expect pf to do that for
me.)

Alternatively, any way to accomplish the same thing would be good.

Reply | Threaded
Open this post in threaded view
|

Re: pf change state's altq queue

Simon Perreault-2
Le 2012-09-17 11:57, Ted Unangst a écrit :
> Here's the background.  My cable ISP has this "turbo boost" thing
> where the first ~2 seconds of a connection download at 50Mbps, then
> it's throttled back to 20Mbps.  I want to do this in pf (differentiate
> casual web browsing from long downloads).
>
> My first thought is I need to set up two altq queues, one full speed
> and one half speed. [...]
>
> Alternatively, any way to accomplish the same thing would be good.

I probably have missed something obvious... Why don't you just use hfsc?

Simon

Reply | Threaded
Open this post in threaded view
|

Re: pf change state's altq queue

Ted Unangst-6
In reply to this post by Ted Unangst-6
On Mon, Sep 17, 2012 at 12:24, Simon Perreault wrote:

> Le 2012-09-17 11:57, Ted Unangst a écrit :
>> Here's the background.  My cable ISP has this "turbo boost" thing
>> where the first ~2 seconds of a connection download at 50Mbps, then
>> it's throttled back to 20Mbps.  I want to do this in pf (differentiate
>> casual web browsing from long downloads).
>>
>> My first thought is I need to set up two altq queues, one full speed
>> and one half speed. [...]
>>
>> Alternatively, any way to accomplish the same thing would be good.
>
> I probably have missed something obvious... Why don't you just use hfsc?

I want the queue to change based on the length of time (or data) the
connection has been around.  All of my traffic is going to be coming
from port 80, so there's way to identify to long connections vs short
connections in pf.

Reply | Threaded
Open this post in threaded view
|

Re: pf change state's altq queue

Simon Perreault-2
Le 2012-09-17 13:19, Ted Unangst a écrit :
>> I probably have missed something obvious... Why don't you just use hfsc?
>
> I want the queue to change based on the length of time (or data) the
> connection has been around.  All of my traffic is going to be coming
> from port 80, so there's way to identify to long connections vs short
> connections in pf.

Isn't that the point of hfsc? From pf.conf(5):

>      The hfsc scheduler supports some additional options:
>
>         linkshare <sc>      The bandwidth share of a backlogged queue.
>         realtime <sc>       The minimum required bandwidth for the queue.
>         upperlimit <sc>     The maximum allowed bandwidth for the queue.
>
>      <sc> is an abbreviation for service curve.
>
>      The format for service curve specifications is (m1, d, m2).  m2 controls
>      the bandwidth assigned to the queue.  m1 and d are optional and can be
>      used to control the initial bandwidth assignment.  For the first d
>      milliseconds the queue gets the bandwidth given as m1, afterwards the
>      value given in m2.

Just define m1, d, and m2 according to your needs...

I must be missing something obvious...

Simon

Reply | Threaded
Open this post in threaded view
|

Re: pf change state's altq queue

Ted Unangst-6
In reply to this post by Ted Unangst-6
On Mon, Sep 17, 2012 at 13:23, Simon Perreault wrote:
> Le 2012-09-17 13:19, Ted Unangst a écrit :
>>> I probably have missed something obvious... Why don't you just use hfsc?
>>
>> I want the queue to change based on the length of time (or data) the
>> connection has been around.  All of my traffic is going to be coming
>> from port 80, so there's way to identify to long connections vs short
>> connections in pf.
>
> Isn't that the point of hfsc? From pf.conf(5):

oh, hmm, i guess it is.  not a good day for reading.  thanks. :)

Reply | Threaded
Open this post in threaded view
|

Re: pf change state's altq queue

Stuart Henderson
In reply to this post by Simon Perreault-2
On 2012-09-17, Simon Perreault <[hidden email]> wrote:

> Le 2012-09-17 11:57, Ted Unangst a écrit :
>> Here's the background.  My cable ISP has this "turbo boost" thing
>> where the first ~2 seconds of a connection download at 50Mbps, then
>> it's throttled back to 20Mbps.  I want to do this in pf (differentiate
>> casual web browsing from long downloads).
>>
>> My first thought is I need to set up two altq queues, one full speed
>> and one half speed. [...]
>>
>> Alternatively, any way to accomplish the same thing would be good.
>
> I probably have missed something obvious... Why don't you just use hfsc?

I needed something like this for public wifi running over a handful
of ADSLs which usually struggled to get more than 2-3Mb each.
From what I've seen in my attempts at using hfsc for this, the
limits are for the queue, not per-state.

If you have a separate queue for every IP address then maybe you
could do something like this on a per-user basis, but given a large
enough dhcp range on the network that people turning up and playing
with lladdr random don't quickly run you out of space, the queue
config is insane (plus then you can only do this per-user, rather
than allow a fast burst on *every* connection and then throttle it
back).

Closest I came to what I wanted was using squid as a transparent
proxy on port 80 with delay pools, most ports other than 22/80 got
throttled right back (plus I pushed a few critical things like
dns/ntp/voip over a dedicated line). It has most of the desired
effect but it's a lot heavier-weight than I was really after and
of course the main effect is http only.