Re: Dummynet Question

2006-09-26 Thread Nikos Vassiliadis 
On Tuesday 26 September 2006 05:00, Sushant Sharma wrote:
> Hi all,
> I have installed dummynet on a machine-2 which I am using to introduce
> delay between the packets that I'll be sending from machine-1 to machine-3.
> I am using ping to confirm that ICMP/TCP packets are getting delayed. I
> know both UDP/TCP fall under ip, so UDP packets should also be getting
> delayed but just to confirm, do you guys know of any utility that I can use
> to check if UDP packets are also getting delayed.

Use traceroute. Or you could run tcpdump on both ingress and egress
interfaces and check the timestamps. netcat can send udp packets,
bash can(if it's built this way) cat >/dev/udp/192.168.0.1/snmp for example

Or you could simply trust dummynet/ipfw. They work:)

HTH, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Dummynet Question

2006-09-25 Thread Sushant Sharma 
Hi all,
I have installed dummynet on a machine-2 which I am using to introduce delay
between the packets that I'll be sending from machine-1 to machine-3.
I am using ping to confirm that ICMP/TCP packets are getting delayed. I know
both UDP/TCP fall under ip, so UDP packets should also be getting delayed but
just to confirm, do you guys know of any utility that I can use to check if UDP
packets are also getting delayed.

ipfw shows pipe 1 and queue 1 as

pipe 1 ip from any to any
queue 1 ip from any to any

I am running linux on machine-1 and machine-3.

TIA
-Sushant

ps: please cc the reply to me also as I am not subscribed to the list.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Traffic Shapping (IPFW + DUMMYNET) Question

2005-04-15 Thread Chris Haulmark 
On Thu, 2005-04-14 at 09:53 -0400, Timothy Radigan wrote:
> Hi all,
> 
> I'm new to the entire idea of traffic shaping and I came up with some rules
> for my BSD firewall/router/VoIP gateway and I just wanted to make sure that
> what I am trying to accomplish is actually going to happen with these rules
> in place.  Currently, my broadband connection is a 4Mb down and 384Mb up
> pipe.  My VoIP service requires 90Kb up and down.  I have 3 separate
> internal networks at my house.  I have my wired 100Mb switched LAN
> (192.168.15.0/24), I have my IPSec enabled Wireless LAN (192.168.20.0/24),
> and I have my VoIP LAN (192.168.10.0/30).  What I want to do with these
> traffic shaping rules, is dedicate 100Kb up and down to the VoIP LAN, and
> then I want to have equally shared bandwidth (the remaining speeds of my
> broadband connection) for the wired and wireless LANs.  Here are the rules I
> have come up with so far:

Can you post your ifconfig output of your BSD box?

How about the output of this:

sysctl -a | grep net.inet.ip.fw.one_pass

Chris


> 
> <--- (START) /etc/ipfw.rules >
> 
> # flush all rules
> ipfw -f flush
> 
> # configure the pipe main pipes - have 4000kbits/s down 384kbits/s up
> 
> # define 200kbits/s for the voip pipes
> ipfw pipe 1 config bw 100Kbits/s
> ipfw pipe 2 config bw 100Kbits/s
> 
> # wired / wifi lans - get all but 100kbits/s for both up and down
> ipfw pipe 3 config bw 3900Kbits/s
> ipfw pipe 4 config bw 284Kbits/s
> 
> # wired/wifi LAN internal transmission
> ipfw pipe 5 config bw 100Mbits/s mask dst-ip 0x
> ipfw pipe 6 config bw 100Mbits/s mask dst-ip 0x
> ipfw pipe 7 config bw 100Mbits/s mask dst-ip 0x
> ipfw pipe 8 config bw 100Mbits/s mask dst-ip 0x
> 
> # make sure the voip gets all of the bandwidth for the pipes
> ipfw add 1 pipe 1 ip from 192.168.10.2 to any
> ipfw add 1 pipe 2 ip from any to 192.168.10.2
> 
> # make sure the wired and wifi lans get all of the bandwidth for those pipes
> ipfw add 2 pipe 5 ip from 192.168.15.0/24 to 192.168.0.0/16
> ipfw add 2 pipe 6 ip from 192.168.0.0/16 to 192.168.15.0/24
> ipfw add 3 pipe 7 ip from 192.168.20.0/24 to 192.168.0.0/16
> ipfw add 3 pipe 8 ip from 192.168.0.0/16 to 192.168.20.0/24
> 
> # the wired / wifi lans will split the up and down pipes
> ipfw queue 3 config weight 50 pipe 3 mask dst-ip 0x00ff
> ipfw queue 4 config weight 50 pipe 3 mask dst-ip 0x00ff
> ipfw queue 5 config weight 50 pipe 4 mask dst-ip 0x00ff
> ipfw queue 6 config weight 50 pipe 4 mask dst-ip 0x00ff
> 
> # add inbound/outbound queues for the wired lan
> ipfw add 100 queue 3 ip from any to 192.168.15.0/24
> ipfw add 105 queue 5 ip from 192.168.15.0/24 to any
> 
> # add inbound/outbound queues for the wifi lan
> ipfw add 200 queue 4 ip from any to 192.168.20.0/24
> ipfw add 205 queue 6 ip from 192.168.20.0/24 to any
> 
> < (END) /etc/ipfw.rules ->
> 
> Does this seem like it will perform as I am thinking it will?
> 
> Thanks
> --Tim
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Traffic Shapping (IPFW + DUMMYNET) Question

2005-04-15 Thread RW 
On Thursday 14 April 2005 14:53, Timothy Radigan wrote:
> Hi all,
>
> I'm new to the entire idea of traffic shaping and I came up with some rules
> for my BSD firewall/router/VoIP gateway 
>
>...
>
> Does this seem like it will perform as I am thinking it will?

I've not tried this kind of thing myself, but I wouldn't be very optimistic 
about what you are trying to do. AFAIK dummynet works through IP packet 
queueing. That means that it can do a good job of shaping outgoing traffic,  
but the only control it has on incoming traffic is through dropping packets 
that have already been received, which isn't very efficient. 

To achieve what you want would really need some something that can hook into 
the tcp/ip stack and affect tcp window sizes. I dont know of anything that 
would do that.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Traffic Shapping (IPFW + DUMMYNET) Question

2005-04-14 Thread Timothy Radigan 
Hi all,

I'm new to the entire idea of traffic shaping and I came up with some rules
for my BSD firewall/router/VoIP gateway and I just wanted to make sure that
what I am trying to accomplish is actually going to happen with these rules
in place.  Currently, my broadband connection is a 4Mb down and 384Mb up
pipe.  My VoIP service requires 90Kb up and down.  I have 3 separate
internal networks at my house.  I have my wired 100Mb switched LAN
(192.168.15.0/24), I have my IPSec enabled Wireless LAN (192.168.20.0/24),
and I have my VoIP LAN (192.168.10.0/30).  What I want to do with these
traffic shaping rules, is dedicate 100Kb up and down to the VoIP LAN, and
then I want to have equally shared bandwidth (the remaining speeds of my
broadband connection) for the wired and wireless LANs.  Here are the rules I
have come up with so far:

<--- (START) /etc/ipfw.rules >

# flush all rules
ipfw -f flush

# configure the pipe main pipes - have 4000kbits/s down 384kbits/s up

# define 200kbits/s for the voip pipes
ipfw pipe 1 config bw 100Kbits/s
ipfw pipe 2 config bw 100Kbits/s

# wired / wifi lans - get all but 100kbits/s for both up and down
ipfw pipe 3 config bw 3900Kbits/s
ipfw pipe 4 config bw 284Kbits/s

# wired/wifi LAN internal transmission
ipfw pipe 5 config bw 100Mbits/s mask dst-ip 0x
ipfw pipe 6 config bw 100Mbits/s mask dst-ip 0x
ipfw pipe 7 config bw 100Mbits/s mask dst-ip 0x
ipfw pipe 8 config bw 100Mbits/s mask dst-ip 0x

# make sure the voip gets all of the bandwidth for the pipes
ipfw add 1 pipe 1 ip from 192.168.10.2 to any
ipfw add 1 pipe 2 ip from any to 192.168.10.2

# make sure the wired and wifi lans get all of the bandwidth for those pipes
ipfw add 2 pipe 5 ip from 192.168.15.0/24 to 192.168.0.0/16
ipfw add 2 pipe 6 ip from 192.168.0.0/16 to 192.168.15.0/24
ipfw add 3 pipe 7 ip from 192.168.20.0/24 to 192.168.0.0/16
ipfw add 3 pipe 8 ip from 192.168.0.0/16 to 192.168.20.0/24

# the wired / wifi lans will split the up and down pipes
ipfw queue 3 config weight 50 pipe 3 mask dst-ip 0x00ff
ipfw queue 4 config weight 50 pipe 3 mask dst-ip 0x00ff
ipfw queue 5 config weight 50 pipe 4 mask dst-ip 0x00ff
ipfw queue 6 config weight 50 pipe 4 mask dst-ip 0x00ff

# add inbound/outbound queues for the wired lan
ipfw add 100 queue 3 ip from any to 192.168.15.0/24
ipfw add 105 queue 5 ip from 192.168.15.0/24 to any

# add inbound/outbound queues for the wifi lan
ipfw add 200 queue 4 ip from any to 192.168.20.0/24
ipfw add 205 queue 6 ip from 192.168.20.0/24 to any

< (END) /etc/ipfw.rules ->

Does this seem like it will perform as I am thinking it will?

Thanks
--Tim

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

[with additional question] Re: ipfw//dummynet question

2004-02-25 Thread Nathan Kinkade 
On Wed, Feb 25, 2004 at 06:47:30AM +0100, Hugo (6s-gaming.com) wrote:
> Hi list,
> 
> Say I want to limit the bandwidth from all inside my lan to the outside.
> I'd create the pipes and make 2 rules to pipe any traffic (in&out). My
> question is, would creating these 2 rules make all traffic be promptly
> accepted, or would they be accepted or blocked based on the rest of the
> ruleset? If they're accepted upon the pipe rule, how to make they be piped
> BUT only accepted if they match any of the rules on the ruleset? Do I need
> to create pipe rules for _everything_ ?
> 
> Regards,
> 
> Hugo

If I understand your question, you can have any number of rules that all
use a single pipe.  For example, you could have something like:

ipfw add pipe 1 ip from 10.0.0.0/24 to any dst-port 
ipfw add pipe 1 ip from 10.0.0.0/24 to www.somedomain.com
ipfw add pipe 1 ip from 10.0.1.50 to any

And maybe pipe 1 is configured as such:
pipe 1 config bw 50Kbyte/s

This actually brings me to a question of my own.  The ipfw manpage talks
about making sure to keep in mind that packets are checked both 'in' and
'out'.  I see that some people have implemented bandwidth rules using 2
separate rules for in and out.  I have a setup that uses a 'keep-state'
on a single 'in' rule and it seems to work fine.  What is the effective
or functional difference between using two separate rules for in and out
or a single rule using a keep-state?  Is one more efficient than
another, or would the two do totally different things?

Thanks,
Nathan
-- 
gpg --keyserver pgp.mit.edu --recv-keys D8527E49


pgp0.pgp
Description: PGP signature

ipfw//dummynet question

2004-02-24 Thread Hugo (6s-gaming.com) 
Hi list,

Say I want to limit the bandwidth from all inside my lan to the outside.
I'd create the pipes and make 2 rules to pipe any traffic (in&out). My
question is, would creating these 2 rules make all traffic be promptly
accepted, or would they be accepted or blocked based on the rest of the
ruleset? If they're accepted upon the pipe rule, how to make they be piped
BUT only accepted if they match any of the rules on the ruleset? Do I need
to create pipe rules for _everything_ ?

Regards,

Hugo


-- 
http://www.6s-gaming.com - your online store!

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"