一般來說這種頻寬控管的rule都很像,先把水管大小訂出來,然後再配合firewall的rule,決定哪些packet要走哪條水管。例如下面就訂了兩條水管:
altq on $extdev cbq bandwidth 3Mb queue {def_ext, www_limit}
queue def_ext cbq(default)
queue www_limit bandwidth 300Kb cbq(red)
在$extdev上面先定一條3Mb的水管,下面再分了兩條水管:def_ext、www_limit,www_limit限流300Kb,def_ext沒有限制。altq支援兩種queue scheduler:CBQ和PRIQ,CBQ可以定頻寬寬度,PRIQ則是定封包的優先權。queue下面還可以再分多個queue,這邊只分了兩個queue。
From:
http://www.openbsd.org/faq/pf/queueing.html
http://blog.dhchen.com/2005/03/27/83
水管OK了,接下來就是決定哪些packet要丟到那個queue去,如果沒指定的話會走default queue:
pass in quick on $extdev inet proto tcp from any to $ext_ip port 80 flags S/SA keep state queue www_limit pass in all keep state pass out all keep state
這邊就是把其他人連到對外ip port 80的traffic丟到blog_limit這個queue裡面去。
通常 rule 的寫法:
queue name [on interface] bandwidth bw [priority pri] [qlimit qlim]
scheduler ( sched_options ) { queue_list }
* name - the name of the queue. This must match the name of one of the queues defined in the altq on directive's queue_list. For cbq it can also match the name of a queue in a previous queue directive's queue_list. Queue names must be no longer than 15 characters.
* interface - the network interface that the queue is valid on. This value is optional, and when not specified, will make the queue valid on all interfaces.
* bw - the total amount of bandwidth available to the queue. This may be specified as an absolute value using the suffixes b, Kb, Mb, and Gb to represent bits, kilobits, megabits, and gigabits per second, respectively or as a percentage of the parent queue's bandwidth. This parameter is only applicable when using the cbq scheduler. If not specified, the default is 100% of the parent queue's bandwith.
* pri - the priority of the queue.(優先權:數字越高越優先,預設為1) For cbq the priority range is 0 to 7 and for priq the range is 0 to 15. Priority 0 is the lowest priority. When not specified, a default of 1 is used.
* qlim - the maximum number of packets to hold in the queue. When not specified, a default of 50 is used.
* scheduler - the scheduler being used, either cbq or priq. Must be the same as the root queue.
* sched_options - further options may be passed to the scheduler to control its behavior:
default - defines a default queue where all packets not matching any other queue will be queued. Exactly one default queue is required.
red - enables Random Early Detection (RED) on this queue.
rio - enables RED with IN/OUT. In this mode, RED will maintain multiple average queue lengths and multiple threshold values, one for each IP Quality of Service level.
ecn - enables Explicit Congestion Notification (ECN) on this queue. Ecn implies red.
borrow - the queue can borrow bandwidth from its parent. This can only be specified when using the cbq scheduler.
* queue_list - a list of child queues to create under this queue. A queue_list may only be defined when using the cbq scheduler.
範例:
altq on fxp0 cbq bandwidth 2Mb queue { std, ssh, ftp }
queue std bandwidth 50% cbq(default)
queue ssh bandwidth 25% { ssh_login, ssh_bulk }
queue ssh_login bandwidth 25% priority 4 cbq(ecn)
queue ssh_bulk bandwidth 75% cbq(ecn)
queue ftp bandwidth 500Kb priority 3 cbq(borrow red)
