

OpenBSD's traffic shaping changing in future releases - zdw
http://bsdly.blogspot.com/2011/07/anticipating-post-altq-world.html

======
JoachimSchipper
Peter Hansteen also wrote "The Book of pf" (<http://nostarch.com/pf2.htm>),
which is supposed to be quite good.

~~~
m0nastic
I haven't picked up the 2nd edition yet, but I can attest that the first
edition at least, was indeed very good.

------
EricBurnett
Can I get a translation please? I read the article, but all I really got out
of it was that there is a different way to configure traffic shaping now. No
real clue how it's different, better, or why I should be interested.

Am I correct in saying that this is a minor feature change, only of interest
to people using traffic shaping in BSD already?

~~~
thaumaturgy
If you aren't already familiar with or using OpenBSD's pf, then you're right,
it probably won't be very interesting to you.

(It has been a while since I've gotten armpit deep into a gnarly pf config
file, so I might get part of the following a little bit wrong. I welcome
corrections.)

pf has two different packet shaping mechanisms: CBQ, and prio. CBQ allowed you
to allocate amounts of bandwidth, but didn't include prioritization. So, you
could, say, set aside X Mb/s for ssh, Y for http, and so on, with lots of
borrows and congestion management and other neat stuff.

With prio, you had to give up allocation, but you got to say instead that a
particular rule always got bandwidth priority over other rules. So, if your
web server is getting hammered, and you have ssh prio 7, you can still get
into your machine no problem.

To use either scheduler, you had to specifically "turn it on" in your config
file and essentially build a little structure for it. It _sounds like_ \--
having just glanced at Henning's messages and patches -- the "turn it on" and
structuring steps have been eliminated for prio. Although on the surface that
looks like a small change (and user-wise it probably is), it's still a pretty
big change in the pf internals.

What I _hope_ \-- and can't tell yet -- is that this is going to get us a step
closer to being able to use both scheduling mechanisms. They are complementary
systems and it sucked a little to have to choose the features from only one or
the other.

Either way, this is the kind of news that makes me really really miss working
with pf. I prefer it, a lot, over iptables, which makes me grouchy on a
regular basis.

