altq and IPsec - queue on incoming interface
- From: "igy" <igor.kos1@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 23 Nov 2006 11:48:34 +0100
ALTQ on incoming interface
Sometimes there is really need for ALTQ on incoming traffic:
--------
| SRV1 |
| ftp |
--------
|
| ------------ ------------
+------| |$ext_if | |
$int_if| BSD1 box |---IP sec only---| BSD2 box |----Clients
+------| | | |
| ------------ ------------
|
--------
| SRV2 |
| smtp |
--------
Example:
If ftp traffic to the client is large, then smtp traffic
will be blocked. There is obviously need to queue the
traffic in some a way. (All SRV, BSD and clients
are in company, they are not "strange" internet machines).
ALTQ on enc0 is not possible (it is well known).
There is problem on queue on $ext_if (it is only IP sec traffic).
Is there any Idea/Solution how to solve this?
My Idea is as follows: Use route-to loopback interface
on incoming traffic to internal interface.
Then apply queue on outgoing traffic from lo0.
Part of /etc/pf.conf is something like:
pass in on $int_if route-to lo0
pass out quick on lo0 from $SRV1 to any queue ftpque
pass out quick on lo0 from $DRV2 to any queue smtpque
pass out on lo0 all
Is it reasonable? Any comment will be appreciated.
Igor
.
- Follow-Ups:
- Re: altq and IPsec - queue on incoming interface
- From: Danilo Kempf
- Re: altq and IPsec - queue on incoming interface
- Prev by Date: Re: 3.6 to 4.0 and rsync data rate from cygwin tanks
- Next by Date: Re: Network perfomance ,comparison with linux
- Previous by thread: HDD ordering on 4.0
- Next by thread: Re: altq and IPsec - queue on incoming interface
- Index(es):
Relevant Pages
|
