QoS with DragonFlyBSD PF/ALTQ

Introduction

This is just a PoC to validate QoS. UDP vs. TCP is just easy to test with iperf3. Ideally I would want to prioritize other things of course.

The UDP bandwidth test goes 1Mbit/s max for no know reason. This is why we are testing a queue at 500Kbits/s instead of 10Mbit/s, so we check that UDP is prioritized over TCP.

As for ICMP, the test was not successful, there is probably even a lower default rate hard-coded somewhere on Netfilter or GNS3.

DragonFly does not have any kernel parameter for ECN, hopefully it’s enabled by default.

Network architecture

Nevermind the NATs, it was just to install iperf3 on the leaf nodes and then open a few remote shells for the stress tests.

route delete default
route add default gw 192.168.122.1
cat /etc/resolv.conf
ping -c1 opendns.com
apt update && apt install iperf3 -y
ifdown eth0
ifup eth0

IMAGE HERE

Network preparation

10.0.0.1                dfly1   # gw 10.0.0.2
10.1.1.254              dfly1

10.0.0.2                dfly2   # gw 10.0.0.1
10.2.2.254              dfly2

10.1.1.1                buster1 # gw 10.1.1.254
192.168.122.201         buster1

10.2.2.1                buster2 # gw 10.2.2.254
192.168.122.202         buster2

enable routing

sysctl -a | grep forward
sysctl -a | grep ecn # none on dfly

sysctl -w net.inet.ip.forwarding=1
sysctl -w net.inet6.ip6.forwarding=1

mv -i /etc/sysctl.conf /etc/sysctl.conf.dist
vi /etc/sysctl.conf

net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

check buster1 reaches buster2 through the pipeline

ping 10.1.1.254
ping 10.0.0.2
ping 10.2.2.1

Prioritize ICMP over UDP over TCP

mv -i /etc/pf.conf /etc/pf.conf.dist
vi /etc/pf.conf

ext_if="vtnet0"
int_if="vtnet1"

altq on $ext_if priq bandwidth 500Kb queue { extq_icmp, extq_udp, extq_def }
    queue extq_icmp priority 7
    queue extq_udp  priority 6
    queue extq_def  priority 1 priq(default)

    altq on $int_if priq bandwidth 500Kb queue { intq_icmp, intq_udp, intq_def }
            queue intq_icmp priority 7
            queue intq_udp  priority 6
            queue intq_def  priority 1 priq(default)

pass out on $ext_if inet  proto icmp    from $ext_if to any keep state queue extq_icmp
pass out on $ext_if inet6 proto icmp6   from $ext_if to any keep state queue extq_icmp
pass out on $ext_if proto udp       from $ext_if to any keep state queue extq_udp
pass out on $ext_if proto tcp       from $ext_if to any keep state queue extq_def

    pass out on $int_if inet  proto icmp    from $ext_if to any keep state queue intq_icmp
    #pass out on $int_if inet6 proto icmp6  from $ext_if to any keep state queue intq_icmp
    pass out on $int_if proto udp       from $ext_if to any keep state queue intq_udp
    pass out on $int_if proto tcp       from $ext_if to any keep state queue intq_def

apply

pfctl -nf /etc/pf.conf
echo pf=YES >> /etc/rc.conf
/etc/rc.d/pf restart
#/etc/rc.d/pf reload

Acceptance

we’re starting two servers on the right-hand leaf-node and flooding TCP vs UDP vs ICMP from the left-hand node.

buster2

iperf3 -s
iperf3 -s -p 5202

buster1

test UDP vs. TCP – SUCCESS

iperf3 -c 10.2.2.1 --format m
iperf3 -c 10.2.2.1 --udp -p 5202 --format m
# --sctp

test ICMP vs. UDP – FAIL

iperf3 -c 10.2.2.1 --udp -p 5202 --format m
ping -f 10.2.2.1

Resources

QoS with DragonFlyBSD PF/ALTQ

Introduction

Network architecture

Network preparation

Prioritize ICMP over UDP over TCP

Acceptance

Resources

prio

queues

pf/altq – priq

pf/altq – cbq

pf/altq – hfsc

moar

troubles