Add information on setting up ATLQ.

PR:		docs/78096
Submitted by:	Brad Davis <so14k@so14k.com>
Input from:	mlaier, trhodes

en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml

@@ -198,7 +198,8 @@
   </sect1>
 
   <sect1 id="firewalls-pf">
-    <title>The Packet Filter (PF) Firewall</title>
+    <title>The OpenBSD Packet Filter (PF) and
+      <acronym>ALTQ</acronym></title>
 
     <indexterm>
       <primary>firewall</primary>
@@ -211,10 +212,12 @@
       contained <acronym>PF</acronym> as an integrated part of the
       base system was &os;&nbsp;5.3 in November 2004.
       <acronym>PF</acronym> is a complete, fully featured firewall
-      that contains <acronym>ALTQ</acronym> for bandwidth usage
-      management in a way similar to what DUMMYNET provides in
-      <acronym>IPFW</acronym>.  The OpenBSD project does an
-      outstanding job of maintaining the PF users' guide that it will
+      that has optional support for <acronym>ALTQ</acronym> (Alternate
+      Queuing).  <acronym>ALTQ</acronym> provides Quality of Service
+      (<acronym>QoS</acronym>) bandwidth shaping that allows
+      guaranteeing bandwidth to different services based on filtering
+      rules.  The OpenBSD Project does an
+      outstanding job of maintaining the PF User's Guide that it will
       not be made part of this handbook firewall section as that would
       just be duplicated effort.</para>
 
@@ -358,6 +361,63 @@ pflog_flags=""                  # additional flags for pflogd startup</programli
       <programlisting>gateway_enable="YES"            # Enable as LAN gateway</programlisting>
 
     </sect2>
+
+    <sect2>
+      <title>Enabling <acronym>ALTQ</acronym></title>
+
+      <para><acronym>ALTQ</acronym> is only available by compiling the
+	options into the &os; Kernel.  <acronym>ALTQ</acronym> is not
+	supported by all of the available network card drivers.	 Please
+	see the &man.altq.4; manual page for a list of drivers that are
+	supported in your release of &os;.  The following options will
+	enable <acronym>ALTQ</acronym> and add additional functionality.
+	</para>
+
+      <programlisting>options         ALTQ
+options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
+options         ALTQ_RED        # Random Early Detection (RED)
+options         ALTQ_RIO        # RED In/Out
+options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
+options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
+options         ALTQ_NOPCC      # Required for SMP build</programlisting>
+
+      <para><literal>options ALTQ</literal> enables the
+	<acronym>ALTQ</acronym> framework.</para>
+
+      <para><literal>options ALTQ_CBQ</literal> enables Class Based
+	Queuing (<acronym>CBQ</acronym>).  <acronym>CBQ</acronym>
+	allows you to divide a connection's bandwidth into different
+	classes or queues to prioritize traffic based on filter
+	rules.</para>
+
+      <para><literal>options ALTQ_RED</literal> enables Random Early
+	Detection (<acronym>RED</acronym>).  <acronym>RED</acronym> is
+	used to avoid network congestion.  <acronym>RED</acronym> does
+	this by measuring the length of the queue and comparing it to
+	the minimum and maximum thresholds for the queue.  If the
+	queue is over the maximum all new packets will be dropped.
+	True to its name, <acronym>RED</acronym> drops packets from
+	different connections randomly.</para>
+
+      <para><literal>options ALTQ_RIO</literal> enables Random Early
+	Detection In and Out.</para>
+
+      <para><literal>options ALTQ_HFSC</literal> enables the
+	Hierarchical Fair Service Curve Packet Scheduler.  For more
+	information about <acronym>HFSC</acronym> see: <ulink
+	  url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>.
+	</para>
+
+      <para><literal>options ALTQ_PRIQ</literal> enables Priority
+	Queuing (<acronym>PRIQ</acronym>).  <acronym>PRIQ</acronym>
+	will always pass traffic that is in a higher queue
+	first.</para>
+
+      <para><literal>options ALTQ_NOPCC</literal> enables
+	<acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.
+	This option is required on <acronym>SMP</acronym>
+	systems.</para>
+    </sect2>
   </sect1>
 
   <sect1 id="firewalls-ipf">