Hi, I have a FreeBSD 8.2 four-ethernet gateway with PF but I have problem with rules to send download traffic at a destination to a queue.
em0 and em1 are for internet connection called $ext1 and $ext2. em2 is a $server and is connected to the switch with all my servers. em3 is for hosts using the internet and called $lan. I want to prioritise some hosts on $ext1 and unprioritise some others (the ones that download too much), on $ext2, I only want to unprioritise some hosts (the ones that download too much).
I don't use round-robin for the two internet connections, I simply use em0 as default gw and use policy routing for a subnet to route them to em1.
pi = "pass in"
po = "pass out"
Here my queues:
Here my NAT rules:
Here my policy routing rule:
allow rule for server that come after this one will let those user acces server without matching this rule.
Now my rule to send traffic on each queue:
The problem is that those last rules to send traffic in each queue don't seem to work. If I use pftcl -vvsq, I only see taffic in def_ext1 and a just a little traffic in def_ext2.
Even when the are around 50 to 60 Mpbs on internet2 when I look at our ISP web panel, it still shows the same result. Also, if I disable all $po rules, it's still the same result so those rules are not working but every example I have seen is using similar rules to send taffic into queues so I really don't understand where the problem is.
em0 and em1 are for internet connection called $ext1 and $ext2. em2 is a $server and is connected to the switch with all my servers. em3 is for hosts using the internet and called $lan. I want to prioritise some hosts on $ext1 and unprioritise some others (the ones that download too much), on $ext2, I only want to unprioritise some hosts (the ones that download too much).
I don't use round-robin for the two internet connections, I simply use em0 as default gw and use policy routing for a subnet to route them to em1.
pi = "pass in"
po = "pass out"
Here my queues:
Code:
altq on $lan1 hfsc bandwidth 950Mb qlimit 750 queue { voip, serveur, complus, def_ext1, depri_ext1, def_ext2, depri_ext$
# serveur
queue pbx on $lan1 bandwidth 15Mb qlimit 100 priority 6 hfsc(realtime 10Mb upperlimit 98Mb red)
queue serveur on $lan1 bandwidth 99Mb qlimit 100 priority 2 hfsc(upperlimit 500Mb red)
# INTERNET1
queue pri_ext1 on $lan1 bandwidth 1Mb qlimit 100 priority 4 hfsc(upperlimit 96Mb red)
queue def_ext1 on $lan1 bandwidth 1Mb qlimit 100 priority 2 hfsc(upperlimit 96Mb red default)
queue unpri_ext1 on $lan1 bandwidth 1Mb qlimit 250 priority 0 hfsc(upperlimit 96Mb red)
# INTERNET2
queue def_ext2 on $lan1 bandwidth 1Mb qlimit 100 priority 2 hfsc(upperlimit 96Mb red)
queue unpri_ext2 on $lan1 bandwidth 1Mb qlimit 250 priority 0 hfsc(upperlimit 96Mb red)
Code:
nat on $ext1 from <ipnat> to any -> $ext1
nat on $ext2 from <ipnat> to any -> $ext2
Here my policy routing rule:
Code:
$pi on $lan1 route-to ($ext2 $ext2_gw) from <internet2>
allow rule for server that come after this one will let those user acces server without matching this rule.
Now my rule to send traffic on each queue:
Code:
$po on $lan1 from any to <unpri_ext1> queue unpri_ext1
$po on $lan1 from any to <internet2> queue def_ext2
$po on $lan1 from any to <unpri_ext2> queue unpri_ext2
$po on $lan1 from any to <pri_ext1> queue pri_ext1
$po on $lan1 from <serveur> to any queue serveur
$po on $lan1 from $pbx to any queue pbx
The problem is that those last rules to send traffic in each queue don't seem to work. If I use pftcl -vvsq, I only see taffic in def_ext1 and a just a little traffic in def_ext2.
Code:
queue root_em3 on em3 bandwidth 950Mb priority 0 qlimit 750 {pbx, serveur, pri_ext1, def_ext1, unpri_ext1, def_ext2, unpri_ext2}
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/750 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue pbx on em3 bandwidth 15Mb priority 6 qlimit 100 hfsc( red realtime 10Mb upperlimit 98Mb )
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/100 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue serveur on em3 bandwidth 99Mb priority 2 qlimit 100 hfsc( red upperlimit 500Mb )
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/100 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue pri_ext1 on em3 bandwidth 1Mb priority 4 qlimit 100 hfsc( red upperlimit 96Mb )
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/100 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue def_ext1 on em3 bandwidth 1Mb priority 2 qlimit 100 hfsc( red default upperlimit 96Mb )
[ pkts: 106025 bytes: 81894475 dropped pkts: 6 bytes: 3653 ]
[ qlength: 0/100 ]
[ measured: 6287.7 packets/s, 38.69Mb/s ]
queue unpri_ext1 on em3 bandwidth 1Mb priority 0 qlimit 250 hfsc( red upperlimit 96Mb )
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/250 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue def_ext2 on em3 bandwidth 1Mb priority 2 qlimit 100 hfsc( red upperlimit 96Mb )
[ pkts: 40879 bytes: 5296149 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/100 ]
[ measured: 2439.9 packets/s, 2.53Mb/s ]
queue unpri_ext2 on em3 bandwidth 1Mb priority 0 qlimit 250 hfsc( red upperlimit 96Mb )
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/250 ]
[ measured: 0.0 packets/s, 0 b/s ]
Even when the are around 50 to 60 Mpbs on internet2 when I look at our ISP web panel, it still shows the same result. Also, if I disable all $po rules, it's still the same result so those rules are not working but every example I have seen is using similar rules to send taffic into queues so I really don't understand where the problem is.