altq on vlan

Max Laier max at love2party.net
Sun Jun 29 15:45:15 UTC 2008 

On Saturday 28 June 2008 13:14:27 . at babolo.ru wrote:
> [ Charset ISO-8859-1 unsupported, converting... ]
>
> > On Friday 27 June 2008 18:57:59 Alexandre Biancalana wrote:
> > > On 6/27/08, Max Laier <max at love2party.net> wrote:
> > > > You don't need a patch at all.  What you do is:  Queue on the
> > > > physical interface, classify on the vlan interface.  It is broken
> > > > to allow ALTQ on a virtual interface if you can do it otherwise.
> > > >
> > > >  in pf.conf speak:
> > > >
> > > >  If you have "ifconfig vlanX vlandev bge0 ..."
> > > >
> > > >  altq on bge0 .... queue { vlan0, vlan1, ... }
> > > >  queue vlan0 ... { vlan0_foo, vlan0_bar, ... }
> > > >  queue  vlan0_foo
> > > >  queue  vlan0_bar
> > > >  ...
> > > >
> > > >  pass on vlanX  ... queue vlanX_foobar
> > > >
> > > >  And there you go.  No patch - whatsoever - required here.
> > >
> > > But the patch simplify the cases where you need one queue per vlan.
> >
> > NO!  It is just wrong!  There is no relation between vlan queues on
> > the same physical interface and thus you can't guarantee anything! 
> > Can we please stop with this nonsense and not bring up the patch
> > every other month.
>
> Remember vlan anoter end.
>
> Vlan queues on the same physical interface has sense.
>
> Let see typical vlan use:
>                                +--------+ 100M untagged vlan1
>                                |        |--------------..
>         +---------+            |        | 100M untagged vlan2
>   1G    |         | 1G tagged  |        |----------------
> --------+ FreeBSD +------------+ switch | 100M untagged vlan3
>         |         |            |        |--------------..
>         +---------+            |        | 100M untagged vlanN
>                                |        |---------------
>                                +--------+
>
> There is noting interesting in common queue on 1G physical interface,
> the only right queues are that on vlans when number of
> vlans < 10.
>
> More of that, sum traffic on 1G tagged intervace is limited
> by incoming traffic from 1G external interface and
> so common queue on 1G tagged interface is not
> interesting even when number of vlans > 10.

Sorry, but you are completely off track here.  If you use one queue per 
vlan one vlan can easily DoS the rest, because once a packet has passed 
the queue in the vlan it falls into a common queue with all the others 
and - as you correctly point out - there is no guarantee that a 1G 
interface can really sent at 1G all the time.  The vlan queues, however, 
will not get any feedback from the parent about it's real send speed.

E.g. a vlan sending *a lot* of tiny packets will dominate the 1G link and 
thus DoS any other vlan that sends big packets.  This you can prevent 
with a common queue.

Now please ... let this die, it's stupid!

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the freebsd-net mailing list