Altq on vlan

[mastier]

I just wanted to ask one thing. I understand I can't make a queue on vlan but if let's say all traffic is on vlan, no IPs on phy interface and I altq on em0. Will it still work ?

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
	ether 00:15:17:e7:29:25
	inet6 fe80::215:17ff:fee7:2925%em0 prefixlen 64 scopeid 0x1 
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
	ether 00:15:17:e7:29:24
	media: Ethernet autoselect
	status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
	inet 127.0.0.1 netmask 0xff000000 
vlan391: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:15:17:e7:29:25
	inet6 fe80::215:17ff:fee7:2925%vlan391 prefixlen 64 scopeid 0x4 
	inet 10.9.183.14 netmask 0xfffffff0 broadcast 10.9.183.15
	inet 79.110.190.249 netmask 0xfffffff8 broadcast 79.110.190.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 391 parent interface: em0
vlan666: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:15:17:e7:29:25
	inet6 fe80::215:17ff:fee7:2925%vlan666 prefixlen 64 scopeid 0x5 
	inet 10.7.215.254 netmask 0xffffff00 broadcast 10.7.215.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 666 parent interface: em0
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.9.183.1         UGS         0  1401706 vlan39
10.7.215.0/24      link#5             UC          0        1 vlan66
10.7.215.60        66:66:66:00:01:02  UHLW        1   129682 vlan66   1098
10.9.183.0/28      link#4             UC          0        0 vlan39
10.9.183.1         00:15:17:f6:dd:5d  UHLW        2        0 vlan39    403
79.110.190.248/29  link#4             UC          0        0 vlan39
79.110.190.254     00:15:17:f6:dd:5d  UHLW        1        0 vlan39    875
127.0.0.1          127.0.0.1          UH          0      483    lo0

If not, damn, it means I am left with ipfw traffic shaping + pf for filtering or giant leap to Linux. I can't live without vlans.

 

[Eldiemo]

Use a physical adapter for each vlan.
With that setup you can leave the vlan untagged on the switch and use pf with altq.

 

[aragon]

Maybe this is helpful?

http://lists.freebsd.org/pipermail/freebsd-net/2005-February/006456.html

 

[mastier]

Use a physical adapter for each vlan.
With that setup you can leave the vlan untagged on the switch and use pf with altq.

Not really, this messes up completely my whole network.

Maybe this is helpful?

http://lists.freebsd.org/pipermail/freebsd-net/2005-February/006456.html

Whoa, really, if that is working then I'm saved. Thank you I will check out that.

 

[mastier]

Oh right, boys and girls... I said girls... anyway ;-)

I made a lot of test a nd here are the results, the most stable appeared to be hfsc queueing, the cbq with similar configuration seems to have worse speeds with the same bandwidth configuration.

The wan and lan interface are both on the same physical one - em0 , but the the internat network hosts are sitting on vlan666 and the wan interfaces sits on vlan391, as specified above. The queues configuration looks like these rulesets. D at the name stands for Download and U for upload. em0def is a default queue.

altq on em0 hfsc bandwidth 1000Mb queue { TechnikD, TechnikU, em0def }
queue TechnikD bandwidth 1% hfsc (upperlimit 20480Kb)
queue TechnikU bandwidth 1% hfsc (upperlimit 1024Kb)
queue em0def bandwidth 4Mb hfsc (default realtime 1%)

Now the following lines for pass are presented with comment of how it was working well... or not.

# works well
pass quick on vlan666 from 10.7.215.60 to any queue TechnikD
pass quick on vlan391 from 10.7.215.60 to any queue TechnikU

#falls in download, big overhead (probably because upload and download are in the same queue)
#pass in quick on vlan666 from 10.7.215.60 to any queue TechnikD
#pass in quick on vlan391 from 10.7.215.60 to any queue TechnikU
#falls in download, big overhead (probably because upload and download are in the same queue)
#pass out quick on vlan666 from 10.7.215.60 to any queue TechnikD
#pass out quick on vlan391 from 10.7.215.60 to any queue TechnikU

# falss in download
#pass in quick on vlan666 from 10.7.215.60 to any queue TechnikD
#pass in quick on vlan391 from 10.7.215.60 to any queue TechnikU

# falls in upload
#pass out quick on vlan666 from 10.7.215.60 to any queue TechnikD
#pass out quick on vlan391 from 10.7.215.60 to any queue TechnikU

#doesnt fall in at all
#pass out/in/[] quick on vlan666 from any to 10.7.215.60 queue TechnikD
#pass out/in/[] quick on vlan391 from any to 10.7.215.60 queue TechnikU

Strange thing that direction "from any to ip" is actually not caught in any case. What does it mean ?

Beside if I give keep state flag will the return of the outbound traffic also put in the outgoing queue ?