[OT] name resolution... ( was Re: FreeBSD Traffic Shaping )
On Thu, 03 Apr 2008 15:55:05 +1100 Terry Sposato <[EMAIL PROTECTED]> wrote: > Norberto Meijome wrote: > > On Wed, 2 Apr 2008 14:43:20 +0200 > > Mel <[EMAIL PROTECTED]> wrote: > > > >> I think you'll find that bursts are best counteracted like this: > >> http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas > > > > Mel, can you please confirm this link / FQDN ? no NS defined for the > > domain... > > > > TIA, > > B > > > The above link works fine for me here. > [EMAIL PROTECTED] ~]$ host www.probsd.net > www.probsd.net has address 66.93.16.108 > i hear you :D It resolves ok when pointing against a US based Name server : $ nslookup www.probsd.net ns1.octantis.com.au Server: ns1.octantis.com.au Address:207.44.188.147#53 Non-authoritative answer: Name: www.probsd.net Address: 66.93.16.108 It doesn't work when using my machine's named, which relies on Root name servers to get the info. the US server also uses root servers for resolution. US box is linux based, mine is FBSD 7, in AU. I checked with wireshark and i never get any reply from their servers. they seem to reply if I use my ISP's dns... oh well _ {Beto|Norberto|Numard} Meijome "The only good bureaucrat is one with a pistol at his head. Put it in his hand and it's goodbye to the Bill of Rights." H.L. Mencken I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
Norberto Meijome wrote: On Wed, 2 Apr 2008 14:43:20 +0200 Mel <[EMAIL PROTECTED]> wrote: I think you'll find that bursts are best counteracted like this: http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas Mel, can you please confirm this link / FQDN ? no NS defined for the domain... TIA, B The above link works fine for me here. [EMAIL PROTECTED] ~]$ host www.probsd.net www.probsd.net has address 66.93.16.108 -- Regards, Terry Sposato [EMAIL PROTECTED] http://www.sucked-in.com GnuPG Key : 0xB7643BC8 Fingerprint: EE92 D9E1 C98E 759F 5991 DFF6 70CE 8936 B764 3BC8 signature.asc Description: OpenPGP digital signature
Re: FreeBSD Traffic Shaping
On Wed, 2 Apr 2008 14:43:20 +0200 Mel <[EMAIL PROTECTED]> wrote: > I think you'll find that bursts are best counteracted like this: > http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas Mel, can you please confirm this link / FQDN ? no NS defined for the domain... TIA, B _ {Beto|Norberto|Numard} Meijome "At times, to be silent is to lie." Miguel de Unamuno I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
> -Original Message- > From: Giorgos Keramidas [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 02, 2008 9:45 AM > To: Wojciech Puchar > Cc: Ted Mittelstaedt; [EMAIL PROTECTED]; > freebsd-questions@freebsd.org > Subject: Re: FreeBSD Traffic Shaping > > > On Wed, 2 Apr 2008 11:30:44 +0200 (CEST), Wojciech Puchar > <[EMAIL PROTECTED]> wrote: > >> The vast majority of people out there have asymmetrical bandwidth > >> limiting needs - that is, they have a pipe to the Internet and have a > >> lot more data coming from the Internet to them, than data going from > >> them to the Internet. Their desire is to somehow make it so that > >> certain kinds of incoming data meeting certain criteria are limited. > >> Their problem is that since they don't have control of the end > >> sending the data to them, they can't do this. > > > > but you ROUGHLY can do this with ipfw. > > by limiting at your end - the other end will slow down. > > Unless the sending endpoint just ignores your limited incoming pipe > characteristics and keeps flooding you with DNS or ICMP requests, until > you scream for help. > It's not just that. It's also stuff like kazza, and theres this shareware downloader out there I forget the name of which opens multiple connections to multiple sites, which also will not be limited. Oh and I also forgot online games too, some will ignore the limiters. (it's been my observation, that is) And, things like incoming e-mail spammers, the spam handshakes that their spam networks send are too short, and will come in full-bore. The other problem is that because the limiting works by delaying traffic so that the tcp sliding window is exceeded, if the sender and recipient put up large enough tcp receive windows they should be able to defeat it. This used to be standard advice for windows 2K and under as the registry could be modded to change those parameters. (since the defaults were too small for the Internet) Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, April 02, 2008 4:51 AM > To: freebsd-questions@freebsd.org > Subject: Re: FreeBSD Traffic Shaping > > > As far as I know, every carrier bills by 95th percentile. You better call your carrier and confirm this. The last carrier we had in that did this did in fact NOT bill by peak, they billed by average. However, the contract language SEEMED to say peak. We were naturally concerned about this after the first month due to our graphs indicating that we had exceeded the peak. However, the carrier (AT&T) did not bill a surcharge. After that we regularly peaked over the designated MBs during the contract term with no billing surcharge. The last 2 months of the contract we got nailed with very high surcharge fees for the last 2 month use period. Needless to say we did not renew the contract and the matter is in litigation now. We never got a satisfactory answer from anyone there as to what calculation they used to determine how the surcharge was calculated. Of course it was our dumb fault. In the future if we ever sign any of those bandwidth contracts again we will require the carrier to supply in the contract the mathematical formula they use to calculate whether or not a surcharge applies. We will then read the formula and determine for ourself whether it means peak or average. > This particular server is colocated and the bandwidth average is > 2.35mbps while the 95th is 3.7mbps. > > I don't want my clients to have to compete for bandwidth - if 1000 > users share a 3mbps fixed pipe, they will each get 3k/sec -. Rather I > want to guarantee a fixed output for each client. This ensures > adequate speed for everyone AND flattens out my peaks. > Except that during the vallys of your utilization your clients will be limited as well - meaning that if for example your bandwidth from 2-3am is only .5Mbps, 3Mbps would be available - and if one of your clients happened to want to use 3Mps, his transfer will be pushed forward out of the 2-3am time period and into the 2-8am period. Meanwhile your carrier gets away scott-free because they didn't have to supply you with the 3.5Mbs during the night, even though you were entitled to it. Anyway, I'm sure your going to do what you feel like and damn the advice everyone is giving - hopefully it works out for you. I personally think these kinds of contracts are devices to make the carrier a windfall they don't deserve, and I hope that you manage to "beat" the contract and extract your last available byte without penalty - because the more people that manage to do this the less lurative these dumb contracts will be and the less incentive the carriers will have to offer them - but I think in your case your up against a telco who has a lot of experience screwing over customers, and they will find out some way to apply the surcharge no matter what you do. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, April 02, 2008 4:38 AM > To: freebsd-questions@freebsd.org > Subject: RE: FreeBSD Traffic Shaping > > > I can now confirm that these two commands do exactly what I mentioned > originally. > > All outbound connections towards any host port 80 will have a maximum > bandwidth of 100Kbit/s individually ( output ) > > ipfw pipe 2 config mask all bw 100Kbit/s > ipfw add 10 pipe 2 tcp from localip to any 80 > > Problem solved :) > Are you sure about this? If your serving webpages, your listening on port 80 The tcp initiator uses a source port randomly chosen above 80 and a destination port on your host of 80 Your host responds with traffic with a source port of 80 and a destination port of the initiator's choosing. You don't want to limit destination port 80 traffic since your not sending it. I would suggest after deployment that you carefully look at your access lists and keep an eye on your utilization graphs to make sure it's doing what you think it's supposed to be doing. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, April 02, 2008 4:22 AM > To: freebsd-questions@freebsd.org > Subject: Re: FreeBSD Traffic Shaping > > > I think you guys went a bit on a tangent here. What I am trying to do > is limit the outbound bandwidth of my services and this should be > perfectly possible as I control the output. > Considering you didn't say that in your original post I don't see why your complaining about a tangent. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
On Wed, 2 Apr 2008 11:30:44 +0200 (CEST), Wojciech Puchar <[EMAIL PROTECTED]> wrote: >> The vast majority of people out there have asymmetrical bandwidth >> limiting needs - that is, they have a pipe to the Internet and have a >> lot more data coming from the Internet to them, than data going from >> them to the Internet. Their desire is to somehow make it so that >> certain kinds of incoming data meeting certain criteria are limited. >> Their problem is that since they don't have control of the end >> sending the data to them, they can't do this. > > but you ROUGHLY can do this with ipfw. > by limiting at your end - the other end will slow down. Unless the sending endpoint just ignores your limited incoming pipe characteristics and keeps flooding you with DNS or ICMP requests, until you scream for help. > but of course in case of say ping flood or similar things you can't Bingo. That's precisely one of the things Ted meant, when he wrote that `it cannot be done properly, unless you have dedicated T1 circuits whose endpoints *are* under your control' :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
As far as I know, every carrier bills by 95th percentile. This particular server is colocated and the bandwidth average is 2.35mbps while the 95th is 3.7mbps. I don't want my clients to have to compete for bandwidth - if 1000 users share a 3mbps fixed pipe, they will each get 3k/sec -. Rather I want to guarantee a fixed output for each client. This ensures adequate speed for everyone AND flattens out my peaks. Quoting Mel <[EMAIL PROTECTED]>: On Wednesday 02 April 2008 14:21:38 [EMAIL PROTECTED] wrote: Also, the reason for this need is that some services use burst-bandwidth and I have many peaks and lows throughout the day. This means that my carrier who bills me by the 95th percentile is having a field day. He bills by the second or average hour like most people? It's not as black and white as it seems - you also get higher average when the number of connections increases, not just the bandwidth they consume. I think you'll find that bursts are best counteracted like this: http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas This seperates 'downloads' from 'webpages', 'normal mails' from 'attachments' and you can then tune accordingly, if you have/get some graph. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
On Wednesday 02 April 2008 14:21:38 [EMAIL PROTECTED] wrote: > Also, the reason for this need is that some services use > burst-bandwidth and I have many peaks and lows throughout the day. > This means that my carrier who bills me by the 95th percentile is > having a field day. He bills by the second or average hour like most people? It's not as black and white as it seems - you also get higher average when the number of connections increases, not just the bandwidth they consume. I think you'll find that bursts are best counteracted like this: http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas This seperates 'downloads' from 'webpages', 'normal mails' from 'attachments' and you can then tune accordingly, if you have/get some graph. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
I can now confirm that these two commands do exactly what I mentioned originally. All outbound connections towards any host port 80 will have a maximum bandwidth of 100Kbit/s individually ( output ) ipfw pipe 2 config mask all bw 100Kbit/s ipfw add 10 pipe 2 tcp from localip to any 80 Problem solved :) Hmm, I've tried ipfw pipe 2 config mask all bw 100Kbit/s ipfw add 10 pipe 2 tcp from localip to any 80 it appears to be working but I don't have enough connections on right now to find out if it really gives 100kbit/sec to each or if it shares the bw will come back with an update :) I gave port 80 as an example but I need this configuration for limiting other services as well. If you have a 100mbps connection and only one client, you want him to only use 50kbps, not the full pipe. If you have 200 clients, they still get 50kbps each. Is this feature that I need so complicated that it can't be implemented easily into FreeBSD or is it that not many people need it ? It sounds quite useful to me :) I have personally tried that before and it did not worked as described, in fact it didn't work at all to limit anything on FBSD6. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart Sent: Tuesday, April 01, 2008 7:55 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Traffic Shaping [EMAIL PROTECTED] wrote: I am trying to limit the bandwidth available to some connections and I'm not sure FreeBSD can handle this. Maybe some of you can help. Here's what I need to have exactly. No matter what the number of connections, each connection should have at most/least 50kbps guaranteed outbound on port 80. I've tried dummynet but it doesn't do what I need because if I define a pipe with 1mbps and if I have 1000 connections, each connection will have less than 50kbps. Any way to do this in FreeBSD ? The ipfw(8) man page describes a "mask" configuration parameter. # /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s This creates a separate dynamic pipe per source ip address. Each pipe has a dedicated 56kbps. The man page implies that the mask can combine fields, so to uniquely identify "each connection", you would mask all bits of source and destination IP and ports. It looks like the "all" keyword might do just the trick. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
I think you guys went a bit on a tangent here. What I am trying to do is limit the outbound bandwidth of my services and this should be perfectly possible as I control the output. Also, the reason for this need is that some services use burst-bandwidth and I have many peaks and lows throughout the day. This means that my carrier who bills me by the 95th percentile is having a field day. For the services that my server offers it's not imperative that they get rid of the client in 1 second instead of 5 for example. In this sense, stretching out 1MB of traffic over 10 seconds is more beneficial towards my 95th than if I stretch it over 2 seconds for example. Quoting Mel <[EMAIL PROTECTED]>: On Wednesday 02 April 2008 09:27:21 [EMAIL PROTECTED] wrote: I gave port 80 as an example but I need this configuration for limiting other services as well. If you have a 100mbps connection and only one client, you want him to only use 50kbps, not the full pipe. If you have 200 clients, they still get 50kbps each. Is this feature that I need so complicated that it can't be implemented easily into FreeBSD or is it that not many people need it ? It sounds quite useful to me :) It isn't as useful as you think. I can easily generate 200 clients being only one person. That's why the focus in bandwidth shapers lies on the type of traffic and the origin/destination rather then the state and they divide the bandwidth within those pipes between the states. Secondly - bit besides the point, but not many people think about it - if you have 100% available and limit a single person to 5%, you're more likely to end up at the 100%, simply because it takes more time for that person to get what he wants. So if there's no financial/legal issues involved, it's better to get rid of the clients as fast as possible. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
On Wednesday 02 April 2008 09:27:21 [EMAIL PROTECTED] wrote: > I gave port 80 as an example but I need this configuration for > limiting other services as well. > > If you have a 100mbps connection and only one client, you want him to > only use 50kbps, not the full pipe. If you have 200 clients, they > still get 50kbps each. > > Is this feature that I need so complicated that it can't be > implemented easily into FreeBSD or is it that not many people need it > ? It sounds quite useful to me :) It isn't as useful as you think. I can easily generate 200 clients being only one person. That's why the focus in bandwidth shapers lies on the type of traffic and the origin/destination rather then the state and they divide the bandwidth within those pipes between the states. Secondly - bit besides the point, but not many people think about it - if you have 100% available and limit a single person to 5%, you're more likely to end up at the 100%, simply because it takes more time for that person to get what he wants. So if there's no financial/legal issues involved, it's better to get rid of the clients as fast as possible. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
On Wednesday 02 April 2008 10:55:58 Ted Mittelstaedt wrote: > The vast majority of people out there have asymmetrical bandwidth > limiting needs - that is, they have a pipe to the Internet and > have a lot more data coming from the Internet to them, than data > going from them to the Internet. Their desire is to somehow make > it so that certain kinds of incoming data meeting certain criteria > are limited. Their problem is that since they don't have control of > the end sending the data to them, they can't do this. That's only true for locally generated traffic. Since you can limit the outgoing pipe of the internal interface, in a NAT situation, you can in practical terms limit/prioritize incoming traffic. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
loss and almost any other traffic stream (including P2P) with 1-10% loss. In short, the bandwidth limiting code really has little practical value when implemented in FreeBSD that is why few do it. :) i do on my 300 users network. works VERY well. i use queues to equally divide available bandwidth in both directions ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
On Wed, Apr 02, 2008 at 12:55:58AM -0800, Ted Mittelstaedt wrote: > It is that it's impossible to limit INCOMING bandwidth from the > Internet. The fact is you can limit incoming TCP with little to no packet loss and almost any other traffic stream (including P2P) with 1-10% loss. > In short, the bandwidth limiting code really has little > practical value when implemented in FreeBSD that is why few do > it. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
The vast majority of people out there have asymmetrical bandwidth limiting needs - that is, they have a pipe to the Internet and have a lot more data coming from the Internet to them, than data going from them to the Internet. Their desire is to somehow make it so that certain kinds of incoming data meeting certain criteria are limited. Their problem is that since they don't have control of the end sending the data to them, they can't do this. but you ROUGHLY can do this with ipfw. by limiting at your end - the other end will slow down. but of course in case of say ping flood or similar things you can't ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, April 01, 2008 11:27 PM > To: freebsd-questions@freebsd.org > Subject: RE: FreeBSD Traffic Shaping > > > I gave port 80 as an example but I need this configuration for > limiting other services as well. > > If you have a 100mbps connection and only one client, you want him to > only use 50kbps, not the full pipe. If you have 200 clients, they > still get 50kbps each. > > Is this feature that I need so complicated that it can't be > implemented easily into FreeBSD or is it that not many people need it > ? It sounds quite useful to me :) > It isn't that it's complicated or cannot be implemented easily. It is that it's impossible to limit INCOMING bandwidth from the Internet. The vast majority of people out there have asymmetrical bandwidth limiting needs - that is, they have a pipe to the Internet and have a lot more data coming from the Internet to them, than data going from them to the Internet. Their desire is to somehow make it so that certain kinds of incoming data meeting certain criteria are limited. Their problem is that since they don't have control of the end sending the data to them, they can't do this. The fewer number of people not in this boat are quite often looking to run bandwidth restrictions on private T1s - and the routers needed for these kinds of circuits usually have limiting code built in. Since they have control of both ends of the pipe they can use the limit code. And the people not falling into these groups are mostly website hosters looking to restrict outbound bandwidth - and for that, they use an apache mod file (bandwidth_mod, http://www.ivn.cl/apache/ for example) that works much better. In short, the bandwidth limiting code really has little practical value when implemented in FreeBSD that is why few do it. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
Hmm, I've tried ipfw pipe 2 config mask all bw 100Kbit/s ipfw add 10 pipe 2 tcp from localip to any 80 it appears to be working but I don't have enough connections on right now to find out if it really gives 100kbit/sec to each or if it shares the bw will come back with an update :) I gave port 80 as an example but I need this configuration for limiting other services as well. If you have a 100mbps connection and only one client, you want him to only use 50kbps, not the full pipe. If you have 200 clients, they still get 50kbps each. Is this feature that I need so complicated that it can't be implemented easily into FreeBSD or is it that not many people need it ? It sounds quite useful to me :) I have personally tried that before and it did not worked as described, in fact it didn't work at all to limit anything on FBSD6. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart Sent: Tuesday, April 01, 2008 7:55 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Traffic Shaping [EMAIL PROTECTED] wrote: I am trying to limit the bandwidth available to some connections and I'm not sure FreeBSD can handle this. Maybe some of you can help. Here's what I need to have exactly. No matter what the number of connections, each connection should have at most/least 50kbps guaranteed outbound on port 80. I've tried dummynet but it doesn't do what I need because if I define a pipe with 1mbps and if I have 1000 connections, each connection will have less than 50kbps. Any way to do this in FreeBSD ? The ipfw(8) man page describes a "mask" configuration parameter. # /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s This creates a separate dynamic pipe per source ip address. Each pipe has a dedicated 56kbps. The man page implies that the mask can combine fields, so to uniquely identify "each connection", you would mask all bits of source and destination IP and ports. It looks like the "all" keyword might do just the trick. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
I gave port 80 as an example but I need this configuration for limiting other services as well. If you have a 100mbps connection and only one client, you want him to only use 50kbps, not the full pipe. If you have 200 clients, they still get 50kbps each. Is this feature that I need so complicated that it can't be implemented easily into FreeBSD or is it that not many people need it ? It sounds quite useful to me :) I have personally tried that before and it did not worked as described, in fact it didn't work at all to limit anything on FBSD6. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart Sent: Tuesday, April 01, 2008 7:55 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Traffic Shaping [EMAIL PROTECTED] wrote: I am trying to limit the bandwidth available to some connections and I'm not sure FreeBSD can handle this. Maybe some of you can help. Here's what I need to have exactly. No matter what the number of connections, each connection should have at most/least 50kbps guaranteed outbound on port 80. I've tried dummynet but it doesn't do what I need because if I define a pipe with 1mbps and if I have 1000 connections, each connection will have less than 50kbps. Any way to do this in FreeBSD ? The ipfw(8) man page describes a "mask" configuration parameter. # /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s This creates a separate dynamic pipe per source ip address. Each pipe has a dedicated 56kbps. The man page implies that the mask can combine fields, so to uniquely identify "each connection", you would mask all bits of source and destination IP and ports. It looks like the "all" keyword might do just the trick. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: FreeBSD Traffic Shaping
I have personally tried that before and it did not worked as described, in fact it didn't work at all to limit anything on FBSD6. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart Sent: Tuesday, April 01, 2008 7:55 PM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD Traffic Shaping [EMAIL PROTECTED] wrote: > I am trying to limit the bandwidth available to some connections and > I'm not sure FreeBSD can handle this. Maybe some of you can help. > Here's what I need to have exactly. > > No matter what the number of connections, each connection should have > at most/least 50kbps guaranteed outbound on port 80. > > I've tried dummynet but it doesn't do what I need because if I define > a pipe with 1mbps and if I have 1000 connections, each connection will > have less than 50kbps. > > Any way to do this in FreeBSD ? The ipfw(8) man page describes a "mask" configuration parameter. # /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s This creates a separate dynamic pipe per source ip address. Each pipe has a dedicated 56kbps. The man page implies that the mask can combine fields, so to uniquely identify "each connection", you would mask all bits of source and destination IP and ports. It looks like the "all" keyword might do just the trick. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
[EMAIL PROTECTED] wrote: > I am trying to limit the bandwidth available to some connections and I'm > not sure FreeBSD can handle this. Maybe some of you can help. Here's what I > need to have exactly. > > No matter what the number of connections, each connection should have at > most/least 50kbps guaranteed outbound on port 80. > > I've tried dummynet but it doesn't do what I need because if I define a > pipe with 1mbps and if I have 1000 connections, each connection will have > less than 50kbps. > > Any way to do this in FreeBSD ? The ipfw(8) man page describes a "mask" configuration parameter. # /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s This creates a separate dynamic pipe per source ip address. Each pipe has a dedicated 56kbps. The man page implies that the mask can combine fields, so to uniquely identify "each connection", you would mask all bits of source and destination IP and ports. It looks like the "all" keyword might do just the trick. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley pgp5KnNOvP2bP.pgp Description: PGP signature
Re: FreeBSD Traffic Shaping
On Wednesday 02 April 2008 00:18:36 [EMAIL PROTECTED] wrote: > I've tried dummynet but it doesn't do what I need because if I define > a pipe with 1mbps and if I have 1000 connections, each connection will > have less than 50kbps. > > Any way to do this in FreeBSD ? No, unfortunately your ISP gives you bandwidth, not FreeBSD. You can give yourself the illusion of guarenteed bandwidth using HFSC and pf altq, but at 500% of max bandwidth it is nothing more then an illusion. That's aside from the fact that HFSC only allows 75% of capacity to be designated as 'realtime'. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping
On Tue, 1 Apr 2008, [EMAIL PROTECTED] wrote: I am trying to limit the bandwidth available to some connections and I'm not sure FreeBSD can handle this. Maybe some of you can help. Here's what I need to have exactly. No matter what the number of connections, each connection should have at most/least 50kbps guaranteed outbound on port 80. I've tried dummynet but it doesn't do what I need because if I define a pipe with 1mbps and if I have 1000 connections, each connection will have less than 50kbps. Any way to do this in FreeBSD ? I can't think of any way to dynamically allocate a new pipe for each individual connection with any firewall software I've used. Have you considered getting your web server to do the limiting for you? I think "mod_bandwidth" for Apache is designed to do what you're asking, but I've never used it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
On Fri, 6 Feb 2004, Dan Pelleg wrote: > Vincent Poy writes: > > > >That's the part where it becomes difficult since even though I > > have 8 IP's, it's still on a /24 mask so only the 8 IP's in that /24 are > > actually local. > > Use a /27 mask. a /27 would work except it'll be 32 IP's with 24 of them that would need the traffic shaping. So hopefully this would work: ipfw add queue 1 ip from any to any out xmit xl0 or just ipfw add queue 1 followed by: ipfw pipe 1 config bw 384Kbit/s ipfw queue 1 config pipe 1 weight 30 mask all ipfw pass from 192.168.0.0/16 to any ipfw pass from 209.204.138.224 to any ipfw pass from 209.204.138.225 to any ipfw pass from 209.204.138.226 to any ipfw pass from 209.204.138.227 to any ipfw pass from 209.204.138.228 to any ipfw pass from 209.204.138.229 to any ipfw pass from 209.204.138.230 to any ipfw pass from 209.204.138.231 to any ipfw queue 1 from any to any Now just have to figure out how to make it so that ack's would have priority. Thanks! Cheers, Vince - [EMAIL PROTECTED] - Vice President __ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[] [EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
Vincent Poy writes: > > That's the part where it becomes difficult since even though I > have 8 IP's, it's still on a /24 mask so only the 8 IP's in that /24 are > actually local. > Use a /27 mask. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
On 6 Feb 2004, Dan Pelleg wrote: > Vincent Poy <[EMAIL PROTECTED]> writes: > > > > > After reading ipfw(8), I hope I have it correct that it's > > like this: > > > > ipfw add queue 1 ip from any to any out xmit xl0 > > Shouldn't "ipfw add queue 1" be enough? Don't know, that was what I was told to do by Luigi many years ago except it was for PPPoE so I didn't have a static IP at all as that one was interface specific. > > ipfw pipe 1 config bw 384Kbit/s > > ipfw queue 1 config pipe 1 weight 30 mask all > > > > Now I'm just confused how to do the IP portion so that: > > > > 192.168.0.0 255.255.0.0 > > 209.204.138.224-231 > > are not included > > > > but everything else in 209.204.x.x is as well as any undefined IP. > > the first match wins. So: > > pass from 192.168.0.0/16 to any > pass from 209.204.138.224/29 to any > queue 1 from any to any > > alternatively, use a "skipto" rule. Whatever fits in your ruleset better. A question on the /29 one, as my ISP seems to give the 8 IP's from a /24 netmask, wouldn't the /29 actually filter out .224 and .231 from working or does it basically excluse that range. Cheers, Vince - [EMAIL PROTECTED] - Vice President __ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[] [EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
On 6 Feb 2004, Dan Pelleg wrote: > Vincent Poy <[EMAIL PROTECTED]> writes: > > > On 6 Feb 2004, Dan Pelleg wrote: > > > > > Vincent Poy <[EMAIL PROTECTED]> writes: > > > > > > > Greetings all: > > > > > > > > I have a ADSL connection where the upstream pipe is smaller than > > > > the downstream with it at 1.5Mbps/384kbps now and will be upgrading to > > > > 6Mbps/608kbps soon. The issue I'm having is that whenever I upload, it > > > > fills the upstream to full capacity and the downstream would lag as the > > > > ACKs can't be send back in time. I was told that with traffic shaping or > > > > fair queue routing would solve this issue but I only have one NIC > > > > interface as I am running FreeBSD on a fully loaded notebook with a > > > > Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0 > > > > built in NIC. The problem is that I have 8 static IP's with my ISP so > > > > that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on > > > > the LAN so I want those to use the full speed of the connection without > > > > traffic shaping. The NIC also has the 192.168.x.x netmask 255.255.0.0 > > > > addresses for the local LAN as well so how do I setup traffic shaping in > > > > this scenario so that only traffic that actually uses x.x.x.1 from the > > > > x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or > > > > fair queue routing while LAN traffic will just use the full speed. I > > > > already have these options in the KERNEL config. > > > > > > > > options IPFIREWALL > > > > options IPDIVERT > > > > options DUMMYNET > > > > options BRIDGE > > > > > > > > Thanks for your help in advance! > > > > > > See ipfw(8). You can match rules by interface or address mask, so you don't > > > need to touch LAN traffic. > > > > That's the part I'm confused about. Since I only have one > > interface, I assume I have to do it by address mask but how would one > > define it as for example, > > > > 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well > > as 10.0.0.232-254 would? > > > > Whatever rule you have for shaping, you condition it on "from > 10.0.0.224/28" (or whatever the appropriate mask is). Or use the negation > of the condition and have a special case for non-capped traffic (so > internet traffic falls through to the next rule). That's the part where it becomes difficult since even though I have 8 IP's, it's still on a /24 mask so only the 8 IP's in that /24 are actually local. > > > Correct, the problem when you upload on an assymetric link has to do with > > > acknowledgment packets that downloading apps need to send back to the > > > remote server, and they have to wait in the upload queue (which is > > > saturated). You need to prioritize those. One way to do this is to filter > > > on small iplen. This has been discussed in the mailing lists in the past > > > (try the archive of the ipfw@ list). Just remember you can only shape > > > outbound packets (ie, leaving your computer). Doesn't matter if they're up > > > or down the DSL line, just that they go out (shaping incoming traffic makes > > > no sense). > > > > True. But when you have the shaping, do you actually set it to > > the speed of the line or do you set it to like 5% below the speed of the > > line and on the acknowledgement packets, does traffic shaping actually > > reserve some space for that to go back or does it just queue it a certain > > way? Thanks. > > You need to handle the ack packets specially in your rules, it will not > reserve bandwidth for them unless you tell it to. > > With ipfw, there are two ways to do this. Again I'm only talking about > packets leaving your computer and heading to the internet (so condition the > rules appropriately) > > 1. two pipes, one with static allocation (say 95% of bw, or whatever works > for you), other can have unlimited bw. Non-ack packets go to the capped > pipe, ack packets go to the other one. > > alternatively, > > 2. one pipe (unlimited bw), two queues in that pipe, one queue has a much > much higher weight. Non-ack packets go to one pipe (low weight), ack > packets to the other. This approach actually lets you use the entire > available bandwidth for either kind of traffic if there is no other demand > for it. It also frees you from having to specify the maximum bandwidth, > which can change when you, say, upgrade your DSL, or even take the laptop > to a wifi cafe. The second approach does seem to work better since basically, it prioritizes the ack portion. I guess ipfw is something I have to figure out. :) Cheers, Vince - [EMAIL PROTECTED] - Vice President __ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong St
Re: FreeBSD Traffic Shaping?
Vincent Poy <[EMAIL PROTECTED]> writes: > > After reading ipfw(8), I hope I have it correct that it's > like this: > > ipfw add queue 1 ip from any to any out xmit xl0 Shouldn't "ipfw add queue 1" be enough? > ipfw pipe 1 config bw 384Kbit/s > ipfw queue 1 config pipe 1 weight 30 mask all > > Now I'm just confused how to do the IP portion so that: > > 192.168.0.0 255.255.0.0 > 209.204.138.224-231 > are not included > > but everything else in 209.204.x.x is as well as any undefined IP. the first match wins. So: pass from 192.168.0.0/16 to any pass from 209.204.138.224/29 to any queue 1 from any to any alternatively, use a "skipto" rule. Whatever fits in your ruleset better. -- Dan Pelleg ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
Vincent Poy <[EMAIL PROTECTED]> writes: > On 6 Feb 2004, Dan Pelleg wrote: > > > Vincent Poy <[EMAIL PROTECTED]> writes: > > > > > Greetings all: > > > > > > I have a ADSL connection where the upstream pipe is smaller than > > > the downstream with it at 1.5Mbps/384kbps now and will be upgrading to > > > 6Mbps/608kbps soon. The issue I'm having is that whenever I upload, it > > > fills the upstream to full capacity and the downstream would lag as the > > > ACKs can't be send back in time. I was told that with traffic shaping or > > > fair queue routing would solve this issue but I only have one NIC > > > interface as I am running FreeBSD on a fully loaded notebook with a > > > Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0 > > > built in NIC. The problem is that I have 8 static IP's with my ISP so > > > that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on > > > the LAN so I want those to use the full speed of the connection without > > > traffic shaping. The NIC also has the 192.168.x.x netmask 255.255.0.0 > > > addresses for the local LAN as well so how do I setup traffic shaping in > > > this scenario so that only traffic that actually uses x.x.x.1 from the > > > x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or > > > fair queue routing while LAN traffic will just use the full speed. I > > > already have these options in the KERNEL config. > > > > > > options IPFIREWALL > > > options IPDIVERT > > > options DUMMYNET > > > options BRIDGE > > > > > > Thanks for your help in advance! > > > > See ipfw(8). You can match rules by interface or address mask, so you don't > > need to touch LAN traffic. > > That's the part I'm confused about. Since I only have one > interface, I assume I have to do it by address mask but how would one > define it as for example, > > 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well > as 10.0.0.232-254 would? > Whatever rule you have for shaping, you condition it on "from 10.0.0.224/28" (or whatever the appropriate mask is). Or use the negation of the condition and have a special case for non-capped traffic (so internet traffic falls through to the next rule). > > Correct, the problem when you upload on an assymetric link has to do with > > acknowledgment packets that downloading apps need to send back to the > > remote server, and they have to wait in the upload queue (which is > > saturated). You need to prioritize those. One way to do this is to filter > > on small iplen. This has been discussed in the mailing lists in the past > > (try the archive of the ipfw@ list). Just remember you can only shape > > outbound packets (ie, leaving your computer). Doesn't matter if they're up > > or down the DSL line, just that they go out (shaping incoming traffic makes > > no sense). > > True. But when you have the shaping, do you actually set it to > the speed of the line or do you set it to like 5% below the speed of the > line and on the acknowledgement packets, does traffic shaping actually > reserve some space for that to go back or does it just queue it a certain > way? Thanks. > You need to handle the ack packets specially in your rules, it will not reserve bandwidth for them unless you tell it to. With ipfw, there are two ways to do this. Again I'm only talking about packets leaving your computer and heading to the internet (so condition the rules appropriately) 1. two pipes, one with static allocation (say 95% of bw, or whatever works for you), other can have unlimited bw. Non-ack packets go to the capped pipe, ack packets go to the other one. alternatively, 2. one pipe (unlimited bw), two queues in that pipe, one queue has a much much higher weight. Non-ack packets go to one pipe (low weight), ack packets to the other. This approach actually lets you use the entire available bandwidth for either kind of traffic if there is no other demand for it. It also frees you from having to specify the maximum bandwidth, which can change when you, say, upgrade your DSL, or even take the laptop to a wifi cafe. -- Dan Pelleg ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
On Fri, 6 Feb 2004, Vincent Poy wrote: > On 6 Feb 2004, Dan Pelleg wrote: > > > Vincent Poy <[EMAIL PROTECTED]> writes: > > > > > Greetings all: > > > > > > I have a ADSL connection where the upstream pipe is smaller than > > > the downstream with it at 1.5Mbps/384kbps now and will be upgrading to > > > 6Mbps/608kbps soon. The issue I'm having is that whenever I upload, it > > > fills the upstream to full capacity and the downstream would lag as the > > > ACKs can't be send back in time. I was told that with traffic shaping or > > > fair queue routing would solve this issue but I only have one NIC > > > interface as I am running FreeBSD on a fully loaded notebook with a > > > Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0 > > > built in NIC. The problem is that I have 8 static IP's with my ISP so > > > that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on > > > the LAN so I want those to use the full speed of the connection without > > > traffic shaping. The NIC also has the 192.168.x.x netmask 255.255.0.0 > > > addresses for the local LAN as well so how do I setup traffic shaping in > > > this scenario so that only traffic that actually uses x.x.x.1 from the > > > x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or > > > fair queue routing while LAN traffic will just use the full speed. I > > > already have these options in the KERNEL config. > > > > > > options IPFIREWALL > > > options IPDIVERT > > > options DUMMYNET > > > options BRIDGE > > > > > > Thanks for your help in advance! > > > > See ipfw(8). You can match rules by interface or address mask, so you don't > > need to touch LAN traffic. > > That's the part I'm confused about. Since I only have one > interface, I assume I have to do it by address mask but how would one > define it as for example, > > 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well > as 10.0.0.232-254 would? > > > Correct, the problem when you upload on an assymetric link has to do with > > acknowledgment packets that downloading apps need to send back to the > > remote server, and they have to wait in the upload queue (which is > > saturated). You need to prioritize those. One way to do this is to filter > > on small iplen. This has been discussed in the mailing lists in the past > > (try the archive of the ipfw@ list). Just remember you can only shape > > outbound packets (ie, leaving your computer). Doesn't matter if they're up > > or down the DSL line, just that they go out (shaping incoming traffic makes > > no sense). > > True. But when you have the shaping, do you actually set it to > the speed of the line or do you set it to like 5% below the speed of the > line and on the acknowledgement packets, does traffic shaping actually > reserve some space for that to go back or does it just queue it a certain > way? Thanks. After reading ipfw(8), I hope I have it correct that it's like this: ipfw add queue 1 ip from any to any out xmit xl0 ipfw pipe 1 config bw 384Kbit/s ipfw queue 1 config pipe 1 weight 30 mask all Now I'm just confused how to do the IP portion so that: 192.168.0.0 255.255.0.0 209.204.138.224-231 are not included but everything else in 209.204.x.x is as well as any undefined IP. Cheers, Vince - [EMAIL PROTECTED] - Vice President __ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[] [EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
On 6 Feb 2004, Dan Pelleg wrote: > Vincent Poy <[EMAIL PROTECTED]> writes: > > > Greetings all: > > > > I have a ADSL connection where the upstream pipe is smaller than > > the downstream with it at 1.5Mbps/384kbps now and will be upgrading to > > 6Mbps/608kbps soon. The issue I'm having is that whenever I upload, it > > fills the upstream to full capacity and the downstream would lag as the > > ACKs can't be send back in time. I was told that with traffic shaping or > > fair queue routing would solve this issue but I only have one NIC > > interface as I am running FreeBSD on a fully loaded notebook with a > > Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0 > > built in NIC. The problem is that I have 8 static IP's with my ISP so > > that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on > > the LAN so I want those to use the full speed of the connection without > > traffic shaping. The NIC also has the 192.168.x.x netmask 255.255.0.0 > > addresses for the local LAN as well so how do I setup traffic shaping in > > this scenario so that only traffic that actually uses x.x.x.1 from the > > x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or > > fair queue routing while LAN traffic will just use the full speed. I > > already have these options in the KERNEL config. > > > > options IPFIREWALL > > options IPDIVERT > > options DUMMYNET > > options BRIDGE > > > > Thanks for your help in advance! > > See ipfw(8). You can match rules by interface or address mask, so you don't > need to touch LAN traffic. That's the part I'm confused about. Since I only have one interface, I assume I have to do it by address mask but how would one define it as for example, 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well as 10.0.0.232-254 would? > Correct, the problem when you upload on an assymetric link has to do with > acknowledgment packets that downloading apps need to send back to the > remote server, and they have to wait in the upload queue (which is > saturated). You need to prioritize those. One way to do this is to filter > on small iplen. This has been discussed in the mailing lists in the past > (try the archive of the ipfw@ list). Just remember you can only shape > outbound packets (ie, leaving your computer). Doesn't matter if they're up > or down the DSL line, just that they go out (shaping incoming traffic makes > no sense). True. But when you have the shaping, do you actually set it to the speed of the line or do you set it to like 5% below the speed of the line and on the acknowledgement packets, does traffic shaping actually reserve some space for that to go back or does it just queue it a certain way? Thanks. Cheers, Vince - [EMAIL PROTECTED] - Vice President __ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[] [EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD Traffic Shaping?
Vincent Poy <[EMAIL PROTECTED]> writes: > Greetings all: > > I have a ADSL connection where the upstream pipe is smaller than > the downstream with it at 1.5Mbps/384kbps now and will be upgrading to > 6Mbps/608kbps soon. The issue I'm having is that whenever I upload, it > fills the upstream to full capacity and the downstream would lag as the > ACKs can't be send back in time. I was told that with traffic shaping or > fair queue routing would solve this issue but I only have one NIC > interface as I am running FreeBSD on a fully loaded notebook with a > Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0 > built in NIC. The problem is that I have 8 static IP's with my ISP so > that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on > the LAN so I want those to use the full speed of the connection without > traffic shaping. The NIC also has the 192.168.x.x netmask 255.255.0.0 > addresses for the local LAN as well so how do I setup traffic shaping in > this scenario so that only traffic that actually uses x.x.x.1 from the > x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or > fair queue routing while LAN traffic will just use the full speed. I > already have these options in the KERNEL config. > > options IPFIREWALL > options IPDIVERT > options DUMMYNET > options BRIDGE > > Thanks for your help in advance! > > See ipfw(8). You can match rules by interface or address mask, so you don't need to touch LAN traffic. Correct, the problem when you upload on an assymetric link has to do with acknowledgment packets that downloading apps need to send back to the remote server, and they have to wait in the upload queue (which is saturated). You need to prioritize those. One way to do this is to filter on small iplen. This has been discussed in the mailing lists in the past (try the archive of the ipfw@ list). Just remember you can only shape outbound packets (ie, leaving your computer). Doesn't matter if they're up or down the DSL line, just that they go out (shaping incoming traffic makes no sense). -- Dan Pelleg ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"