June, 12 2003
For all who are interested: I've put together some graphs about my testing with prioritizing empty ACKs with pf and ALTQ on a tun0 pppoe interface.
There was quite some discussion on the pf mailing list concerning this topic the last weeks. Please look at the mailing list's archives for more information.
The first testing showed me, that queueing on tun0 seemed to work, that is I could configure it, there were no error messages and the packets got queued as supposed. But after some testing, I had to share the experience with other users, that despite the fact that the queues were both filled it had no effect on the behaviour of the gateway machine.
Then I applied Trevor Talbot's patch to the tun0 interface and things changed impressingly.
As I'm not the only one with successful testing, Henning Brauer wrote that he would get this patch into -current soonish. No chance to get it in -stable, though if you're using release or stable you have to apply the patch manually and rebuild your kernel.
The testing I did was very rudimentary: I downloaded a file with about 14 MB size from a known good ftp-server nearby. In the second run I started an upload of a file with about 600 KB to a different server via scp while the download was half completed.
In the tests without the patch I used a pfstat query intervall of 1 minute which showed to be to long, so I changed this for the "patch" tests to 5 seconds. Therefore, the graphics without the patch are not very meaningful but I think they show that queueing on a tun interface without the patch doesn't make a great difference.
Ok, here are the graphics:
Test without the patch and without queueing:
Test without the patch and with queueing enabled:
Test with the patch applied and without queueing:
Test with the patch applied and with queueing enabled:
Test machine was an old P 133 machine with 64 MB RAM and OpenBSD 3.3 release.
I have the "standard" german TDSL account with 768kb/s downstream and 128kb/s upstream.
If you have any questions and you thing I might be of more help than the pf mailing list you are seriously wrong. But if this statement doesn't impress you at all, here is my email address: openbsd at secspace dot de.
Volker Kindermann