DragonFly users List (threaded) for 2013-04
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Dummynet + PF + vkernel
--089e0160b59841cef804da4747bb
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
I am very scared after reading this
https://wiki.freebsd.org/IpfwNg
how could I put my trust in something that could have so many edge cases?
I know that is a lot off topic, but what about Xen? May it be reliable to
run routers/gateways/firewalls over Xen?
On 13 April 2013 11:19, Raimundo Santos <raitech@gmail.com> wrote:
> Hi Antonio!
>
> Well, there is not much to miss ;) - it is an ISP which uses wireless to
> distribute internet, which in turns do not allow us to control the
> bandwidth limit over the medium in a trusted way. Therefore, we need to
> limit this traffic in some way, and the actual way is with linux(iptables=
+
> tc), but it is hard to maintain - and almost everything is manualy
> controled 0_o (I am new at this job)
>
> A really liked the PF syntax, it is clean and easy to read - even more
> within the match keyword that is new in OpenBSD >=3D 4.7. But the queuing
> methods implemented in PF do not let to share the bandwitdh in an
> overbooking fashion, which is crucial to an ISP. The only way is to divid=
e
> the queues to share bandwidth in a manner that do not surpass the total.
>
> By now, I am putting my chips in FreeBSD ipfw integration with ALTQ, in a
> way that the packets are limited by pipe and queued with HFSC in ALTQ. Bu=
t
> I really dislike the syntax of ipfw, it reminds me of iptables.
>
> Cheers!
>
>
> On 12 April 2013 18:13, Antonio Huete Jimenez <tuxillo@quantumachine.net>=
wrote:
>
>> **
>> Hi Raimundo,
>>
>> I don't think vkernels are up to the task currently. In my
>> experience/opinion they are not stable and fast enough now for what you =
are
>> intending to do.
>> Maybe I am just missing some details of your setup.
>>
>> Cheers,
>> Antonio Huete
>>
>> El 12 de abril de 2013 a las 17:14 Raimundo Santos <raitech@gmail.com>
>> escribi=F3:
>>
>> On 12 April 2013 02:58, Sepherosa Ziehau <sepherosa@gmail.com> wrote:
>>
>>
>> You could use ALTQ fairq w/ PF, which is similar to dummynet's WF2Q
>>
>> Best Regards,
>> sephe
>>
>> --
>> Tomorrow Will Never Die
>>
>>
>> Hum... but I need to do a hard limiting to all my customers. They have a
>> unique IP address, so I can decide about the bandwidth (here, we are abo=
ut
>> to implement RADIUS to do auth too). The ideia here is to
>>
>> 1. limit external in/out traffic
>> 2. do QoS over this limited traffic
>>
>> I have an average of 600 clients at the same time, so I think that FAIR=
Q
>> could be a good thing but not to hard limiting every IP.
>>
>> If I offer three kinds of bandwidth to my customers, may I define three
>> subclasses in FAIRQ and let the traffic of the right kinds go through th=
e
>> right queues? I think it does not work: if someone is hogging that queue=
,
>> what the others will end up with?
>>
>> --
>> --------------------------------------------
>> Raimundo A. P. Santos
>> Bacharelando em Inform=E1tica
>> ICMC - USP
>>
>>
>>
>>
>
>
>
> --
> --------------------------------------------
> Raimundo A. P. Santos
> Bacharelando em Inform=E1tica
> ICMC - USP
>
--=20
--------------------------------------------
Raimundo A. P. Santos
Bacharelando em Inform=E1tica
ICMC - USP
--089e0160b59841cef804da4747bb
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I am very scared after reading this<div><br></div><div><a =
href=3D"https://wiki.freebsd.org/IpfwNg";>https://wiki.freebsd.org/IpfwNg</a=
><br></div><div><br></div><div style>how could I put my trust in something =
that could have so many edge cases?</div>
<div style><br></div><div style>I know that is a lot off topic, but what ab=
out Xen? May it be reliable to run routers/gateways/firewalls over Xen?=A0<=
/div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On=
13 April 2013 11:19, Raimundo Santos <span dir=3D"ltr"><<a href=3D"mail=
to:raitech@gmail.com" target=3D"_blank">raitech@gmail.com</a>></span> wr=
ote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">Hi Antonio!<div><br></div><=
div>Well, there is not much to miss ;) - it is an ISP which uses wireless t=
o distribute internet, which in turns do not allow us to control the bandwi=
dth limit over the medium in a trusted way. Therefore, we need to limit thi=
s traffic in some way, and the actual way is with linux(iptables + tc), but=
it is hard to maintain - and almost everything is manualy controled 0_o (I=
am new at this job)</div>
<div><br></div><div>A really liked the PF syntax, it is clean and easy to r=
ead - even more within the match keyword that is new in OpenBSD >=3D 4.7=
. But the queuing methods implemented in PF do not let to share the bandwit=
dh in an overbooking fashion, which is crucial to an ISP. The only way is t=
o divide the queues to share bandwidth in a manner that do not surpass the =
total.</div>
<div><br></div><div>By now, I am putting my chips in FreeBSD ipfw integrati=
on with ALTQ, in a way that the packets are limited by pipe and queued with=
HFSC in ALTQ. But I really dislike the syntax of ipfw, it reminds me of ip=
tables.</div>
<div><br></div><div>Cheers!</div></div><div class=3D"HOEnZb"><div class=3D"=
h5"><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On 12 Apr=
il 2013 18:13, Antonio Huete Jimenez <span dir=3D"ltr"><<a href=3D"mailt=
o:tuxillo@quantumachine.net" target=3D"_blank">tuxillo@quantumachine.net</a=
>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><u></u>
=20
<div>
=20
=20
=20
=20
<div>
Hi Raimundo,
</div>=20
<div>
=A0
</div>=20
<div>
I don't think vkernels are up to the task currently. In my experienc=
e/opinion they are not stable and fast enough now for what you are intendin=
g to do.
</div>=20
<div>
Maybe I am just missing some details of your setup.
</div>=20
<div>
=A0
</div>=20
<div>
Cheers,
</div>=20
<div>
Antonio Huete
</div>=20
<blockquote style=3D"margin-left:0px;padding-left:10px;border-left:solid =
1px blue" type=3D"cite">
El 12 de abril de 2013 a las 17:14 Raimundo Santos <<a href=3D"mailto=
:raitech@gmail.com" target=3D"_blank">raitech@gmail.com</a>> escribi=F3:
<br><div><div>
<br>=20
<div dir=3D"ltr">
On 12 April 2013 02:58, Sepherosa Ziehau=20
<span><<a href=3D"mailto:sepherosa@gmail.com"; target=3D"_blank">seph=
erosa@gmail.com</a>></span> wrote:
<br>=20
<div class=3D"gmail_extra">=20
<div class=3D"gmail_quote">=20
<blockquote style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;pad=
ding-left:1ex">=20
<div>
=A0
</div> You could use ALTQ fairq w/ PF, which is similar to dummynet&=
#39;s WF2Q
<br>=20
<br> Best Regards,
<br> sephe
<br>=20
<br> --
<br> Tomorrow Will Never Die
</blockquote>=20
</div>=20
<br>Hum... but I need to do a hard limiting to all my customers. They =
have a unique IP address, so I can decide about the bandwidth (here, we are=
about to implement RADIUS to do auth too). The ideia here is to
</div>=20
<div class=3D"gmail_extra">
=A0
</div>=20
<div class=3D"gmail_extra">
1. limit external in/out traffic
</div>=20
<div class=3D"gmail_extra">
2. do QoS over this limited traffic
</div>=20
<div class=3D"gmail_extra">
=A0
</div>=20
<div class=3D"gmail_extra">
I have an average of 600 clients at the same time, so I think that FAI=
RQ could be a good thing but not to hard limiting every IP.
</div>=20
<div class=3D"gmail_extra">
=A0
</div>=20
<div class=3D"gmail_extra">
If I offer three kinds of bandwidth to my customers, may I define thre=
e subclasses in FAIRQ and let the traffic of the right kinds go through the=
right queues? I think it does not work: if someone is hogging that queue, =
what the others will end up with?=A0
<br clear=3D"all">=20
<div>
=A0
</div> --=20
<br>--------------------------------------------
<br>Raimundo A. P. Santos
<br>Bacharelando em Inform=E1tica
<br>ICMC - USP
</div>=20
</div>=20
</div></div></blockquote>=20
<div>
<br>=A0
</div>
=20
</div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>------=
--------------------------------------<br>Raimundo A. P. Santos<br>Bacharel=
ando em Inform=E1tica<br>ICMC - USP
</div>
</div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=
--------------------------------------------<br>Raimundo A. P. Santos<br>Ba=
charelando em Inform=E1tica<br>ICMC - USP
</div>
--089e0160b59841cef804da4747bb--
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
