[TriLUG] bandwidth provisioning using Linux or BSD?

Greg Brown gwbrown1 at gmail.com
Fri Jul 18 15:48:08 EDT 2008 

Ok, great, thanks Arron!  Yeah, on the switch they'd be on a managed switch,
likely a Cisco of recent vintage, and I'd put them in seperate VLANs and
bind mac addresses to specific ports plus a bunch of other fun ways to keep
them all seperated.

Thanks, though, I'll give that a read.

Greg

On Fri, Jul 18, 2008 at 3:39 PM, Aaron Joyner <aaron at joyner.ws> wrote:

> scrub in on $ext_if all fragment reassemble
>
> I haven't written up a pf config from scratch in a few years, so I
> can't do it off the top of my head.  Have a look here:
>
> http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
>
> specifically the examples at the end of the Queuing section, and you
> should be able to work it out from there.  It's a remarkably clear and
> simple language.  If you get stuck on a particular point, of don't get
> time to look at it by tomorrow, I'll see if I can cook up a config
> that'll be closer to what you need than the Examples in the man page
> (portions of which are pretty close).
>
> Keep in mind the practical caveat that if you dont' trust those hosts,
> and they're are on the same unmanaged L2 switch in the same broadcast
> domain, you'll also want to squelch down all traffic to/from other IPs
> in that subnet, to prevent them from changing IPs to avoid your
> filtering, and you'll want to consider hard coding ARP entries for
> them to prevent them from spoofing each other's IPs to steal from the
> other person's queue.  The best solution of course is to use a managed
> switch and trunk the VLANs to the OpenBSD box so they present on
> different interfaces and you can authoritatively control bandwidth to
> each port.  Of course, if you go that far, and your throughput rules
> remain that simple, most managed L2 switches will allow you to enforce
> that type of traffic filtering in the switch itself, if you were so
> inclined.
>
> Aaron S. Joyner
>
>
> On Fri, Jul 18, 2008 at 10:21 AM, Greg Brown <gwbrown1 at gmail.com> wrote:
> > Aaron,
> >
> > Thanks for the info.  For some reason I had it set in my mind that
> iptables
> > was not capable of doing this kind of thing.  Personally I'd prefer to go
> > with OpenBSD's pf.  Can you provide a simple config for the following:
> >
> > Assume: inbound and outbound bandwidth are both 10 meg 10/10
> > Gateway Interface: some routeable IP address
> > Internal network: 192.168.1.0/24
> > Internal Interface: 192.168.1.1 255.255.255.0
> > Server A: (connected to a L2 switch) 192.168.1.20
> > Server B: (connected to the same L2 switch) 192.168.1.21
> >
> > I'd like to give both server A and server B 4 megs of bandwidth in and
> out
> > but I'd like them to be able to burst to the full 10 meg if bandwidth
> above
> > 4 meg is unused.
> >
> > Does that all make sense?
> >
> > Greg
> >
> >
> > On Fri, Jul 18, 2008 at 10:14 AM, Aaron Joyner <aaron at joyner.ws> wrote:
> >
> >> You can readily do all this with OpenBSD's pf or Linux's iptables/tc.
> >> The former is relatively easy, the latter a good bit more complicated.
> >>  Both do the job, but I suspect since you're asking about competitors
> >> to a specific product (which I know nothing about), I assume you're
> >> expecting an http or at least ncurses style guided interface.  Neither
> >> of my suggestions have this, although there are possibly wrappers
> >> around them, I'm not familiar with any of them.  If you need
> >> suggestions with pf or tc, ask away!
> >>
> >> Aaron S. Joyner
> >>
> >>
> >> On Fri, Jul 18, 2008 at 8:24 AM, Greg Brown <gwbrown1 at gmail.com> wrote:
> >> > Hey all.  I'm in search for a Packeteer-like device that is OSS, or
> that
> >> is
> >> > commercial yet runs on a Linux or BSD box (OSS greatly preferred).
>  Like
> >> a
> >> > Packeteer I'd like to be able to define slices of available bandwidth
> to
> >> > specific IP addresses (X meg guaranteed to device x.x.x.x with Y burst
> if
> >> > bandwidth is available, etc) - and the complicated thing here is I'd
> like
> >> to
> >> > use IPv6 for host addresses.  But the the IPv6 thing aside I'd like to
> >> know
> >> > what the OSS competitors to Packeteer are and if you have used any I'd
> >> like
> >> > to know what you thought of the product.
> >> >
> >> > Greg
> >> > --
> >> > TriLUG mailing list        :
> >> http://www.trilug.org/mailman/listinfo/trilug
> >> > TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >> >
> >> --
> >> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> >> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >>
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list