|
|
|||||||
| OpenBSD Security Functionally paranoid! |
|
|
Thread Tools | Display Modes |
26th May 2012
|
|||
|
|||
Altq on multi wan and multi zone environment
Hi
I am using an OpenBSD 5.1 box with multible interfaces and Altq and I would like to have your thoughts about my design and configuration. Here is my setup My firewall has 4 Intel Gb interfaces. One interface is used for 2 Internet feeds (vlans) with Multi-Home BGP, 1 for Extranet (Web Servers, Mail Servers and DNS), 1 for DMZ (untrasted customer servers) and 1 for VoIP Services (SIP Proxy, RTP Proxy, Softswitch). What I would like to do is to give full priority to VoIP Service no matter what and have the other services run on best efford. So I have created one Altq for each interface. The two public internet interfaces 4Mb each have the following altq config Code:
altq on $bgp1_if hfsc bandwidth 3.9Mb queue { synq_voip_main, synq_other_main }
queue synq_voip_main bandwidth 30% hfsc {synq_voip}
queue synq_voip bandwidth 100% priority 6 qlimit 500 hfsc (realtime 110Kb)
queue synq_other_main bandwidth 70% hfsc {synq_acks, synq_interactive, synq_web, synq_mail, synq_ftp, synq_default}
queue synq_acks bandwidth 10% priority 7 qlimit 500 hfsc (realtime 5%)
queue synq_interactive bandwidth 10% priority 5 qlimit 500 hfsc (realtime 5% upperlimit 2Mb)
queue synq_web bandwidth 30% priority 4 qlimit 500 hfsc (realtime (50%, 10000, 10%) ecn upperlimit 3Mb)
queue synq_mail bandwidth 20% priority 3 qlimit 500 hfsc (ecn upperlimit 3Mb)
queue synq_ftp bandwidth 5% priority 2 qlimit 500 hfsc (ecn upperlimit 1Mb)
queue synq_default bandwidth 25% priority 1 qlimit 500 hfsc (default ecn upperlimit 3Mb)
Code:
altq on $voice_if hfsc bandwidth 900Mb queue {voiceq_out, voiceq_default}
queue voiceq_out bandwidth 3.9Mb hfsc {voiceq_acks, voiceq_voip, voiceq_interactive, voiceq_web, voiceq_mail, voiceq_ftp}
queue voiceq_acks bandwidth 20% priority 7 qlimit 500 hfsc (realtime 5%)
queue voiceq_voip bandwidth 50% priority 6 qlimit 500 hfsc (realtime 110Kb)
queue voiceq_interactive bandwidth 10% priority 5 qlimit 500 hfsc (realtime 5% upperlimit 2Mb)
queue voiceq_web bandwidth 10% priority 4 qlimit 500 hfsc (realtime (20%, 10000, 10%) ecn upperlimit 3Mb)
queue voiceq_mail bandwidth 5% priority 3 qlimit 500 hfsc (ecn upperlimit 3Mb)
queue voiceq_ftp bandwidth 5% priority 2 qlimit 500 hfsc (ecn upperlimit 1Mb)
queue voiceq_default bandwidth 896Mb priority 1 qlimit 500 hfsc (default)
Example. Server 1 at Extranet starts downloding a file from web and get 4Mb speed, Server 2 at DMZ does the same so Server 2 will try to get 4Mb also and finally Server 3 at VoIP starts a callout. Moreover having 2x4Mb bandwidth with BGP I do not know from which interface the traffic will come in. Hence limiting the inbound queues to 4Mb instead of 8Mb I am using just the half of my feed. Any best practice on that o reference to read? Thank you in advance 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Multi-Path or Route-To? | SlyM | OpenBSD General | 21 | 10th November 2010 06:22 PM |
| Managing multi platform accounts | bsdperson | FreeBSD General | 1 | 27th August 2010 11:46 AM |
| Multi media designer forum? | Broodjegehaktmetmayo | Off-Topic | 0 | 11th April 2010 04:24 PM |
| Multi-boot system with Mac | aleunix | Other BSD and UNIX/UNIX-like | 3 | 13th June 2008 12:16 AM |
| NIS in a multi-system universe? | jimbus | FreeBSD General | 3 | 30th May 2008 03:57 AM |
Threaded Mode