Altq ruleset for use with Vonage

OpenBSD 3.3 and later incorporate altq in pf. Following are the additions I made to my existing pf ruleset to prioritize Vonage traffic over local websurfing and web/mail server traffic. Additionally, as I am on ADSL, I added a ruleset to send empty TCP ACK traffic before other traffic; this is documented here.

First, I added the following lines:

# Queueing: rule-based bandwidth control.
altq on $ext_if priq bandwidth 242Kb queue { std_out, phil_out, vonage_out, tcp_ack_out }
queue vonage_out priority 15 priq
queue tcp_ack_out priority 10 priq(red)
queue std_out priority 5 priq(red default)
queue phil_out priority 1 priq(red)

These define my outbound connection speed and set up the queues. Std is used for the local area network, and phil is the web/mail server. Altq prioritization works from 1-15 with 15 being the highest priority, thus in the above segement vonageout is the highest priority traffic, and so on down to phil_out, which is low man on the totem pole.

Next, I setup outbound traffic rules and assign traffic to the various queues($wiIPs is a set defining all local area network addresses except the Cisco ATA186 for Vonage and the mail/web server; if0 is the name of the outbound interface):

#setup outbound traffic and queues
pass out on $ext_if inet proto { tcp, udp, icmp } from $wiIPs to any keep state queue std_out
pass out on $ext_if inet proto tcp from (if0) to any flags S/SA \
keep state queue tcp_ack_out
pass out on $ext_if inet proto udp from vonage-ip-addr/32 to any keep state queue vonage_out
pass out on $ext_if from phil-ip-addr/32 to any keep state queue phil_out

This could be customized/refined considerably, for instance queueing SIP traffic directly, but I find queueing as such functional for my needs. Also, altq has the ability to reserve a certain amount of bandwidth for the various queues, but I felt no need to do so, simply prioritizing Vonage traffic over the rest was sufficient. Note that if you set this up and wish to check it real-time, the command pfctl -s queue -v will create a 5second poll of queue usage, this is helpful when troubleshooting rulesets to verify operation. Also note that if you have a pre-existing pf ruleset with keep state functionality on the Vonage device you will need to flush state tables before the queueing will take effect..

Comments and suggestions are welcome, send 'em to me here

13 April 2006 Removed RED from vonage queue, as packet loss is not desired, and changed tcp ack priority to be lower than vonage, thanks to George William McCammon Jr. for the correction.