PF Shape bandwith per user.

Hello,

I am looking for some recipe to setup shape bandwith per user. I cant find nothing.
Does PF have that feature ?

Regards,
 
Hello,

I am looking for some recipe to setup shape bandwith per user. I cant find nothing.
Does PF have that feature ?

Regards,
Are you an Internet Service Provider (ISP)? Do you know that you can only do queuing of outgoing traffic? You have no control how quickly packets are arriving. FreeBSD comes with an ancient pseudo-fork of PF. It also has its own ALTQ which implemented several at that time research grade algorithms for queuing. ALTQ is not enabled in generic as never worked too good on FreeBSD. However ALTQ was a enabled in generic OpenBSD until 5.5 release (3 years ago) and was very stable and usable. In the mean time PF (I mean the real, OpenBSD one) got its native queuing as research ideas about queuing have crystallized (OpenBSD native queuing only includes some of the algorithms originally implemented in ALTQ). It is described in pf man pages of course (the real one)

http://man.openbsd.org/OpenBSD-6.1/pf

but sadly not in the official PF user guide (not applicable to FreeBSD pseudo-fork anyway)

https://www.openbsd.org/faq/pf/index.html

as there are still some sharp edges in very complicated case scenarios (please check misc@openbsd archive). However, Peter N. M. Hansteen of The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall fame regularly includes Traffic Shaping with Queuing in his BSD conference mini-course.

https://home.nuug.no/~peter/pf/newest/shaping.queues.prio.html

It is also well treated (whole chapter) in the 3rd edition of his book.

I know that this post will rub quite a few FreeBSD guys wrong way so I will try to finish on the positive note. I personally met at BSDCan quite a few people who are ISP and are swearing by FreeBSD (network output is definitely faster than OpenBSD and it already has implementation for much higher speeds 100Gigabit/s as oppose to 10-20 Gigabit per second of OpenBSD). I am really curious if any of those guys are lurking on this forum and if they can disclose some secrets. Some of them obviously are using native FreeBSD IPFW or even IPF (Juniper guys are you here?) but I know of at least few who use PF.
 
Thank you for your replay. Im not ISP but im looking some solutions for my server and users in jail. I want to restrict bandwidth for few applications and users as i mentioned. I agree with your statment about speed IPFW over PF becouse when i was looking for some answers on my questions i found lab research related speed of these firewalls (PF and IPFW). There were shown the same effect as you said.
 
Thank you for your replay. Im not ISP but im looking some solutions for my server and users in jail. I want to restrict bandwidth for few applications and users as i mentioned. I agree with your statment about speed IPFW over PF becouse when i was looking for some answers on my questions i found lab research related speed of these firewalls (PF and IPFW). There were shown the same effect as you said.
Irrelevant for home users unless you have $2000 for an entry level Netgear 10 Gigabit switch. Note also that motherboards with 10 Gigabit LAN controllers are not going to cost you less than $1000.
 
Back
Top