diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-03-01 21:45:02 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-03-01 21:45:02 +0000 |
commit | 70c3e505a0cc84533c470a204899670dcafaba8d (patch) | |
tree | 4e8f3defac5b46062ba49cd54253fb35972a301a /en_US.ISO8859-1 | |
parent | d6df11597b7f58dc36acd13da1a96058a5bddf93 (diff) | |
download | doc-70c3e505a0cc84533c470a204899670dcafaba8d.tar.gz doc-70c3e505a0cc84533c470a204899670dcafaba8d.zip |
Add information on setting up ATLQ.
PR: docs/78096
Submitted by: Brad Davis <so14k@so14k.com>
Input from: mlaier, trhodes
Notes
Notes:
svn path=/head/; revision=23966
Diffstat (limited to 'en_US.ISO8859-1')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml | 70 |
1 files changed, 65 insertions, 5 deletions
diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml index df9a96922c..fd963406d5 100644 --- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml @@ -198,7 +198,8 @@ </sect1> <sect1 id="firewalls-pf"> - <title>The Packet Filter (PF) Firewall</title> + <title>The OpenBSD Packet Filter (PF) and + <acronym>ALTQ</acronym></title> <indexterm> <primary>firewall</primary> @@ -211,10 +212,12 @@ contained <acronym>PF</acronym> as an integrated part of the base system was &os; 5.3 in November 2004. <acronym>PF</acronym> is a complete, fully featured firewall - that contains <acronym>ALTQ</acronym> for bandwidth usage - management in a way similar to what DUMMYNET provides in - <acronym>IPFW</acronym>. The OpenBSD project does an - outstanding job of maintaining the PF users' guide that it will + that has optional support for <acronym>ALTQ</acronym> (Alternate + Queuing). <acronym>ALTQ</acronym> provides Quality of Service + (<acronym>QoS</acronym>) bandwidth shaping that allows + guaranteeing bandwidth to different services based on filtering + rules. The OpenBSD Project does an + outstanding job of maintaining the PF User's Guide that it will not be made part of this handbook firewall section as that would just be duplicated effort.</para> @@ -358,6 +361,63 @@ pflog_flags="" # additional flags for pflogd startup</programli <programlisting>gateway_enable="YES" # Enable as LAN gateway</programlisting> </sect2> + + <sect2> + <title>Enabling <acronym>ALTQ</acronym></title> + + <para><acronym>ALTQ</acronym> is only available by compiling the + options into the &os; Kernel. <acronym>ALTQ</acronym> is not + supported by all of the available network card drivers. Please + see the &man.altq.4; manual page for a list of drivers that are + supported in your release of &os;. The following options will + enable <acronym>ALTQ</acronym> and add additional functionality. + </para> + + <programlisting>options ALTQ +options ALTQ_CBQ # Class Bases Queuing (CBQ) +options ALTQ_RED # Random Early Detection (RED) +options ALTQ_RIO # RED In/Out +options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) +options ALTQ_PRIQ # Priority Queuing (PRIQ) +options ALTQ_NOPCC # Required for SMP build</programlisting> + + <para><literal>options ALTQ</literal> enables the + <acronym>ALTQ</acronym> framework.</para> + + <para><literal>options ALTQ_CBQ</literal> enables Class Based + Queuing (<acronym>CBQ</acronym>). <acronym>CBQ</acronym> + allows you to divide a connection's bandwidth into different + classes or queues to prioritize traffic based on filter + rules.</para> + + <para><literal>options ALTQ_RED</literal> enables Random Early + Detection (<acronym>RED</acronym>). <acronym>RED</acronym> is + used to avoid network congestion. <acronym>RED</acronym> does + this by measuring the length of the queue and comparing it to + the minimum and maximum thresholds for the queue. If the + queue is over the maximum all new packets will be dropped. + True to its name, <acronym>RED</acronym> drops packets from + different connections randomly.</para> + + <para><literal>options ALTQ_RIO</literal> enables Random Early + Detection In and Out.</para> + + <para><literal>options ALTQ_HFSC</literal> enables the + Hierarchical Fair Service Curve Packet Scheduler. For more + information about <acronym>HFSC</acronym> see: <ulink + url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>. + </para> + + <para><literal>options ALTQ_PRIQ</literal> enables Priority + Queuing (<acronym>PRIQ</acronym>). <acronym>PRIQ</acronym> + will always pass traffic that is in a higher queue + first.</para> + + <para><literal>options ALTQ_NOPCC</literal> enables + <acronym>SMP</acronym> support for <acronym>ALTQ</acronym>. + This option is required on <acronym>SMP</acronym> + systems.</para> + </sect2> </sect1> <sect1 id="firewalls-ipf"> |