multiple vlans and altq

B. Cook bcook at poughkeepsieschools.org
Tue May 29 02:19:06 UTC 2007 

I am trying to figure out the best way to do this, and I am quite confused
about where I have to altq.  I am sure that I am the source of my own
confusion, but I can not seem to find anything to help myself. :)

I have a new box that we would like to use to replace our aging router
that currently does not do any traffic shaping.

I am using a P4 2G box w/ 256MB and two em cards running FreeBSD 6.2-p5
and Dell PowerConnects. I have all the vlan interfaces setup, and routing
properly in my test area; but I can not seem to figure out how to altq the
vlans logically.

The new router will have em0 as a /30 facing the provider and em1 will be
setup with vlans.

What I have is a 4mbit link symmetrical and what I would like to do is
make one parent queue on the external interface (cbq). Then split that
into three queues (25% servers(borrow), and 74% users and 1% other).  And
then split the users queue up into 4 queues 25% each that can also borrow.
(this is inferred from the 'Building Firewalls with OpenBSD and PF: second
edition (paper page211, pdf page225)

The mental problem I am having is how do the vlans work with respect to
the 4mbit link?  As in how can I give all the vlan networks ethernet
bandwith when going vlan to vlan?  Do I want not want to do that? (this
was the problem with our 3620 is that the vlans overwhelm the router when
there is too much traffic)  If I want to limit their upload ability to the
Internet would I have to do that on each vlan interface?  Or would I need
a second altq rule on the other interface em1?  Should I just let them
have free run of the ethernet - as this pc can handle it?

(I have also been reading the Absolute OpenBSD book from Michael Lucas, in
which he uses an example of a dmznet, localnet and a t1.  He subtracks the
bandwidth of the t1 from the ethernet and makes a local queue of the
difference of the two; I do not understand that.  This is what got me
confused and scared about all of this.)

I am not sure if I am helping myself by out thinking myself, or making
this harder on myself than it needs to be.

Can anyone tell me how to do this?  Or what I am thinking that is incorrect?

I have something like 20+ vlans that will be going into each of the 4
users queues, so I really need to know what I'm missing and why I think
this is so hard.

Thank you greatly,
 - Confused

More information about the freebsd-pf mailing list