We move on to another example, which I for all practical purposes swiped from the Swedish site unix.se. The queues are set up on the external interface. This is probably the more common approach, since the limitations on bandwidth are usually more severe on the external interface. In principle, however, allocating queues and running traffic shaping can be done on any network interface. Here, the setup includes a cbq queue for a total bandwidth of 640KB with six sub queues.
altq on $ext_if cbq bandwidth 640Kb queue { def, ftp, udp, http, \
ssh, icmp }
queue def bandwidth 18% cbq(default borrow red)
queue ftp bandwidth 10% cbq(borrow red)
queue udp bandwidth 30% cbq(borrow red)
queue http bandwidth 20% cbq(borrow red)
queue ssh bandwidth 20% cbq(borrow red) { ssh_interactive, ssh_bulk }
queue ssh_interactive priority 7 bandwidth 20%
queue ssh_bulk priority 0 bandwidth 80%
queue icmp bandwidth 2% cbqWe see the subqueue def with 18 percent of the bandwidth is designated as the default queue, that is any traffic not explicitly assigned to some other queue ends up here. The borrow and red keywords mean that the queue may 'borrow' bandwidth from its parent queue, while the system attempts to avoid congestion by applying the RED (Random Early Detection) algorithm. The other queues follow more or less the same pattern, up to the subqueue ssh, which itself has two subqueues with separate priorities.
In the ssh queue, again we see a variation of the ACK priority via subqueues scheme: Bulk SSH transfers, typically SCP file transfers, get transmitted with a ToS indicating normal delay, while interactive SSH traffic has the low delay bit set and skips ahead of the bulk transfers.
This scheme probably also helps the speed of SCP file transfers, since the SCP ACK packets will be assigned to the higher priority subqueue.
Finally, the pass rules which show which traffic gets assigned to the queues, and their criteria:
pass log quick on $ext_if proto tcp from any to any port 22 flags S/SA \
keep state queue (ssh_bulk, ssh_interactive)
pass in quick on $ext_if proto tcp from any to any port 20 flags S/SA \
keep state queue ftp
pass in quick on $ext_if proto tcp from any to any port 80 flags S/SA \
keep state queue http
pass out on $ext_if proto udp all keep state queue udp
pass out on $ext_if proto icmp all keep state queue icmpWe can reasonably assume that this allocation meets the site's needs.
The full description can be found at the Unix.se site as http://unix.se/Brandv%E4gg_med_OpenBSD