[TriLUG] bandwidth provisioning using Linux or BSD?
gwbrown1 at gmail.com
Fri Jul 18 15:48:08 EDT 2008
Ok, great, thanks Arron! Yeah, on the switch they'd be on a managed switch,
likely a Cisco of recent vintage, and I'd put them in seperate VLANs and
bind mac addresses to specific ports plus a bunch of other fun ways to keep
them all seperated.
Thanks, though, I'll give that a read.
On Fri, Jul 18, 2008 at 3:39 PM, Aaron Joyner <aaron at joyner.ws> wrote:
> scrub in on $ext_if all fragment reassemble
> I haven't written up a pf config from scratch in a few years, so I
> can't do it off the top of my head. Have a look here:
> specifically the examples at the end of the Queuing section, and you
> should be able to work it out from there. It's a remarkably clear and
> simple language. If you get stuck on a particular point, of don't get
> time to look at it by tomorrow, I'll see if I can cook up a config
> that'll be closer to what you need than the Examples in the man page
> (portions of which are pretty close).
> Keep in mind the practical caveat that if you dont' trust those hosts,
> and they're are on the same unmanaged L2 switch in the same broadcast
> domain, you'll also want to squelch down all traffic to/from other IPs
> in that subnet, to prevent them from changing IPs to avoid your
> filtering, and you'll want to consider hard coding ARP entries for
> them to prevent them from spoofing each other's IPs to steal from the
> other person's queue. The best solution of course is to use a managed
> switch and trunk the VLANs to the OpenBSD box so they present on
> different interfaces and you can authoritatively control bandwidth to
> each port. Of course, if you go that far, and your throughput rules
> remain that simple, most managed L2 switches will allow you to enforce
> that type of traffic filtering in the switch itself, if you were so
> Aaron S. Joyner
> On Fri, Jul 18, 2008 at 10:21 AM, Greg Brown <gwbrown1 at gmail.com> wrote:
> > Aaron,
> > Thanks for the info. For some reason I had it set in my mind that
> > was not capable of doing this kind of thing. Personally I'd prefer to go
> > with OpenBSD's pf. Can you provide a simple config for the following:
> > Assume: inbound and outbound bandwidth are both 10 meg 10/10
> > Gateway Interface: some routeable IP address
> > Internal network: 192.168.1.0/24
> > Internal Interface: 192.168.1.1 255.255.255.0
> > Server A: (connected to a L2 switch) 192.168.1.20
> > Server B: (connected to the same L2 switch) 192.168.1.21
> > I'd like to give both server A and server B 4 megs of bandwidth in and
> > but I'd like them to be able to burst to the full 10 meg if bandwidth
> > 4 meg is unused.
> > Does that all make sense?
> > Greg
> > On Fri, Jul 18, 2008 at 10:14 AM, Aaron Joyner <aaron at joyner.ws> wrote:
> >> You can readily do all this with OpenBSD's pf or Linux's iptables/tc.
> >> The former is relatively easy, the latter a good bit more complicated.
> >> Both do the job, but I suspect since you're asking about competitors
> >> to a specific product (which I know nothing about), I assume you're
> >> expecting an http or at least ncurses style guided interface. Neither
> >> of my suggestions have this, although there are possibly wrappers
> >> around them, I'm not familiar with any of them. If you need
> >> suggestions with pf or tc, ask away!
> >> Aaron S. Joyner
> >> On Fri, Jul 18, 2008 at 8:24 AM, Greg Brown <gwbrown1 at gmail.com> wrote:
> >> > Hey all. I'm in search for a Packeteer-like device that is OSS, or
> >> is
> >> > commercial yet runs on a Linux or BSD box (OSS greatly preferred).
> >> a
> >> > Packeteer I'd like to be able to define slices of available bandwidth
> >> > specific IP addresses (X meg guaranteed to device x.x.x.x with Y burst
> >> > bandwidth is available, etc) - and the complicated thing here is I'd
> >> to
> >> > use IPv6 for host addresses. But the the IPv6 thing aside I'd like to
> >> know
> >> > what the OSS competitors to Packeteer are and if you have used any I'd
> >> like
> >> > to know what you thought of the product.
> >> >
> >> > Greg
> >> > --
> >> > TriLUG mailing list :
> >> http://www.trilug.org/mailman/listinfo/trilug
> >> > TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >> >
> >> --
> >> TriLUG mailing list :
> >> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> > --
> > TriLUG mailing list :
> > TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG