Hello, not an answer but a little input below...
[email protected] (J Doe), 2023.01.14 (Sat) 00:09 (CET): > I have a question regarding queuing and priorities in pf.conf on > OpenBSD 7.2. > > I have a basic gateway configuration - a PC with two NIC's (em0, em1). One > interface is connected to the LAN and one interface is connected to the > Internet with a public IP and with a bandwidth of approximately 60 Mbps down > and 10 Mbps up. I perform NAT on the gateway. > > In terms of queuing, I'd like to make use of the following: > > ** Queue using HFSC for all outbound traffic > > ** Flow manager for the queue for fair queue utilization > > ** For TCP traffic I would like to use two priorities - one for TCP data > packets and one for TCP ACKs (as mentioned in Peter Hansteen's "Book of pf > 3rd edition" in chapter 7) > > Current configuration pf.conf: > > ext_if = "em0" > int_if = "em1" > > set skip on lo0 > > queue rootq on $ext_if bandwidth 55M max 55M > queue dataq parent rootq bandwidth 55M max 55M flows 1024 \ > qlimit 1024 default > > match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0) > > block all > > match in on $int_if inet tag LAN > match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET > > pass in quick on $int_if tagged LAN > pass out quick on $ext_if tagged INTERNET In this message https://marc.info/?l=openbsd-misc&m=164521874319122 sthen@ said The queue is attached to a firewall state and all packets matching that state will pick it up. So if you have a named queue present on em0 but not em1, and match with "pass out on em1 set queue foo", packets transmitted on em1 will not be queued, but packets matching that state (return packets via em0) _will_ be queued. Marcus > My question are: > > 1. For better utilization of TCP traffic I have two priorities assigned to > the queue. Do I require more than one sub queue for this to work ? I don't > intend to subdivide my traffic up (i.e. a SSH queue, and HTTP/S queue, > etc.), I just want all my TCP traffic to benefit from better utilization > with the two priorities. > > 2. If this configuration is currently correct, are they any other changes I > should make for better queuing (ie: better bandwidth utilization) ? > > 3. Given the importance of time keeping, would it be a good idea to have > another queue for NTP traffic and use the highest priority of 7 for it ? > > Thanks, > > - J
