Re: ipfw: bandwidth limiting
Hello Wojciech Sorry for the delay but in the past I was very busy. I use now the folowing: $ipfwcmd pipe 1 config bw 80kByte/s $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0x $ipfwcmd add queue 1 all from any to 192.168.10.0/24{100-254} via em1 I expect that all hosts are targed with the ip address 192.168.10.0/24, from .100 to .254. Is that correct? As far as I can see it works like expected but I'm not 100% sure. I'm right? Kind regards, Wojciech Puchar schrieb: [snip] $ipfwcmd pipe 1 config bw 80KByte/s $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 [snip] I'm not sure it works. When I do a large download which takes long and anybody else want download too, this download will only get a reduce bandwidth. I expect that the second download get same rate as the first one (and reduce the bandwidth from the first one). Is that correct? your example limits it all to 80kB/s but does no traffic management. so it may get the same rate (half by half) or may not. do $ipfwcmd pipe 1 config bw 80kByte/s $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0x $ipfwcmd add queue 1 ip from any to 192.168.10.0/24{100-254} via em1 this will limit them to 80kB/s and perform fair-sharing based of hosts. for example if one user on one computer will start 100 downloads, and other on other computer will start 1 download, this will ensure that first user will not takeover most bandwidth. -- Martin Schweizer PC-Service M. Schweizer GmbH; Bannholzstrasse 6; Postfach 132; CH-8608 Bubikon; Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ipfw: bandwidth limiting
Hello Wojciech Am Sun, Apr 05, 2009 at 02:08:09PM +0200 Wojciech Puchar schrieb: > >[snip] > >$ipfwcmd pipe 1 config bw 80KByte/s > >$ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 > >[snip] > > > >I'm not sure it works. When I do a large download which takes long and > >anybody else want download too, this download will only get a reduce > >bandwidth. I expect that the second download get same rate as the first one > >(and reduce the bandwidth from the first one). Is that correct? > > your example limits it all to 80kB/s but does no traffic management. so it > may get the same rate (half by half) or may not. > > > do > > $ipfwcmd pipe 1 config bw 80kByte/s > $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0x > $ipfwcmd add queue 1 ip from any to 192.168.10.0/24{100-254} via em1 > > this will limit them to 80kB/s and perform fair-sharing based of hosts. > > for example if one user on one computer will start 100 downloads, and > other on other computer will start 1 download, this will ensure that first > user will not takeover most bandwidth. I will try it in the next days and give you a feedback. Thanks. Regards -- Martin Schweizer PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ipfw: bandwidth limiting
[snip] $ipfwcmd pipe 1 config bw 80KByte/s $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 [snip] I'm not sure it works. When I do a large download which takes long and anybody else want download too, this download will only get a reduce bandwidth. I expect that the second download get same rate as the first one (and reduce the bandwidth from the first one). Is that correct? your example limits it all to 80kB/s but does no traffic management. so it may get the same rate (half by half) or may not. do $ipfwcmd pipe 1 config bw 80kByte/s $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0x $ipfwcmd add queue 1 ip from any to 192.168.10.0/24{100-254} via em1 this will limit them to 80kB/s and perform fair-sharing based of hosts. for example if one user on one computer will start 100 downloads, and other on other computer will start 1 download, this will ensure that first user will not takeover most bandwidth. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ipfw: bandwidth limiting
Hello My system: FreeBSD firewall 7.0-RELEASE FreeBSD 7.0-RELEASE #3: Fri Feb 6 10:47:08 CET 2009 mar...@firewall:/usr/obj/usr/src/sys/FREEBSD_AMD64 amd64 I use the following rule in my /etc/rc.firewall: [snip] $ipfwcmd pipe 1 config bw 80KByte/s $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 [snip] I'm not sure it works. When I do a large download which takes long and anybody else want download too, this download will only get a reduce bandwidth. I expect that the second download get same rate as the first one (and reduce the bandwidth from the first one). Is that correct? Kind regards, -- Martin Schweizer PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Bandwidth limiting with ipfw and dummynet
I'd like to limit him to 384Kbit/sec.Can someone help me get bandwidth limiting working? I've tried all the examples I could find via google but none of them work. My roomate is frequently uploading stuff to his office, and when he does, it completely saturates our outbound link and makes everything very pokey. His IP address is 10.0.2.195 and we've got FreeBSD set up as a router for our cable modem, with natd. I added the pipe to limit the bw: ipfw pipe 1 config bw 384Kbit I added a rule for his IP: ipfw add 10 pipe 1 tcp from 10.0.2.195 to any Doing ipfw show doesn't show any packets ever matching that rule. # ipfw show 00010 00 pipe 1 tcp from 10.0.2.195 to any 00015 00 pipe 1 tcp from any to 10.0.2.195 00050 21745 18784920 divert 8668 ip from any to any via dc0 00100 8 1036 allow ip from any to any via lo0 00200 00 deny ip from any to 127.0.0.0/8 00300 00 deny ip from 127.0.0.0/8 to any 65000 44051 37589386 allow ip from any to any 65535 00 deny ip from any to any Is the natd divert rule somehow interfering? -jsd- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Packet drops and queue length upon bandwidth limiting in PF
"Ashish Awasthi" <[EMAIL PROTECTED]> wrote: > On 3/30/06, Bill Moran <[EMAIL PROTECTED]> wrote: > > > > "Ashish Awasthi" <[EMAIL PROTECTED]> wrote: > > > > > I am a relative newbie, so please don't flame me if my question doesn't > > make > > > sense. > > > > > > In a network experiment to determine appropriate length of router > > buffers, I > > > am using pfctl on FreeBSD 5.3 to limit the bandwidth to 100 Mbps on a 1 > > Gig > > > link and limit the queue to 240 packets, and I use iperf for sending out > > > data. Connection is maintained between two routers running FreeBSD 5.3, > > > connected by a 1 Gig link. I monitor on sender the pfctl and iperf > > > statisitcs. > > > > > > As I see the iperf throughput go down from 94 Mbps to 50 Mbps and then > > rise > > > again in accordance with the classic sawtooth curve of TCP, it is clear > > that > > > there must have been a packet drop, but "pfctl -s -queue -v -v" at the > > > sender shows 0 losses and 0 drops. Moreover, the queue length as > > reported > > > never overflows. Even netstat shows 0 retransmissions! > > > > > > I tried this with queue lengths of 50, 100, 240, 10 and 5. Only when > > queue > > > length is on the order of 5 or 10 do I see packet drops in pfctl report > > (and > > > also retransmissions in the netstat report); however, since I have > > limited > > > the bandwidth and the outgoing traffic is shaped by this limitation, it > > is > > > clear that there must be some packet losses in other cases as well. > > > > > > So, I tend to think that some other queueing is occuring apart from the > > > ALTQ, and drops are occuring there. If so, how can I obtain those > > > statistics? > > > > You're making a lot of assumptions about how things work, so I'll follow > > in kind. > > > > I would assume that pf is sending ICMP source quench messages to the > > sending machine to avoid overflowing its queues. If it's proactive > > in doing this, it would never overflow, except in the case where the > > queue is so short that it can't reply with a source quench fast enough. > > To me, this would be expected behaviour. A little packet sniffing should > > show whether this is what is actually happening or not. > > > > As a side note, this is why arbitrarily blocking all ICMP messages is a > > bad > > idea. > > Hi, > > Thanks for your response. However, the problem still remains. I did check > for ICMP packets at both the source and the router, but there are NO source > quench packets at all in the tcpdump traces. > > Where should I be looking? Any suggestions? Look at the network traffic. If you're getting dropped packets, those will be obvious from the retransmits. If not, you'll be able to see what is actually controlling the speed. I suppose the kernel could be limiting how it sends ACKs. I suggest Ethereal for this kind of thing. It has a lot of nifty features that make it easy (i.e. it automagically flags retransmitted packets). -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Packet drops and queue length upon bandwidth limiting in PF
On 3/30/06, Bill Moran <[EMAIL PROTECTED]> wrote: > > "Ashish Awasthi" <[EMAIL PROTECTED]> wrote: > > > I am a relative newbie, so please don't flame me if my question doesn't > make > > sense. > > > > In a network experiment to determine appropriate length of router > buffers, I > > am using pfctl on FreeBSD 5.3 to limit the bandwidth to 100 Mbps on a 1 > Gig > > link and limit the queue to 240 packets, and I use iperf for sending out > > data. Connection is maintained between two routers running FreeBSD 5.3, > > connected by a 1 Gig link. I monitor on sender the pfctl and iperf > > statisitcs. > > > > As I see the iperf throughput go down from 94 Mbps to 50 Mbps and then > rise > > again in accordance with the classic sawtooth curve of TCP, it is clear > that > > there must have been a packet drop, but "pfctl -s -queue -v -v" at the > > sender shows 0 losses and 0 drops. Moreover, the queue length as > reported > > never overflows. Even netstat shows 0 retransmissions! > > > > I tried this with queue lengths of 50, 100, 240, 10 and 5. Only when > queue > > length is on the order of 5 or 10 do I see packet drops in pfctl report > (and > > also retransmissions in the netstat report); however, since I have > limited > > the bandwidth and the outgoing traffic is shaped by this limitation, it > is > > clear that there must be some packet losses in other cases as well. > > > > So, I tend to think that some other queueing is occuring apart from the > > ALTQ, and drops are occuring there. If so, how can I obtain those > > statistics? > > You're making a lot of assumptions about how things work, so I'll follow > in kind. > > I would assume that pf is sending ICMP source quench messages to the > sending machine to avoid overflowing its queues. If it's proactive > in doing this, it would never overflow, except in the case where the > queue is so short that it can't reply with a source quench fast enough. > To me, this would be expected behaviour. A little packet sniffing should > show whether this is what is actually happening or not. > > As a side note, this is why arbitrarily blocking all ICMP messages is a > bad > idea. > > -- > Bill Moran Hi, Thanks for your response. However, the problem still remains. I did check for ICMP packets at both the source and the router, but there are NO source quench packets at all in the tcpdump traces. Where should I be looking? Any suggestions? Thanks a lot! Ashish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Packet drops and queue length upon bandwidth limiting in PF
"Ashish Awasthi" <[EMAIL PROTECTED]> wrote: > I am a relative newbie, so please don't flame me if my question doesn't make > sense. > > In a network experiment to determine appropriate length of router buffers, I > am using pfctl on FreeBSD 5.3 to limit the bandwidth to 100 Mbps on a 1 Gig > link and limit the queue to 240 packets, and I use iperf for sending out > data. Connection is maintained between two routers running FreeBSD 5.3, > connected by a 1 Gig link. I monitor on sender the pfctl and iperf > statisitcs. > > As I see the iperf throughput go down from 94 Mbps to 50 Mbps and then rise > again in accordance with the classic sawtooth curve of TCP, it is clear that > there must have been a packet drop, but "pfctl -s -queue -v -v" at the > sender shows 0 losses and 0 drops. Moreover, the queue length as reported > never overflows. Even netstat shows 0 retransmissions! > > I tried this with queue lengths of 50, 100, 240, 10 and 5. Only when queue > length is on the order of 5 or 10 do I see packet drops in pfctl report (and > also retransmissions in the netstat report); however, since I have limited > the bandwidth and the outgoing traffic is shaped by this limitation, it is > clear that there must be some packet losses in other cases as well. > > So, I tend to think that some other queueing is occuring apart from the > ALTQ, and drops are occuring there. If so, how can I obtain those > statistics? You're making a lot of assumptions about how things work, so I'll follow in kind. I would assume that pf is sending ICMP source quench messages to the sending machine to avoid overflowing its queues. If it's proactive in doing this, it would never overflow, except in the case where the queue is so short that it can't reply with a source quench fast enough. To me, this would be expected behaviour. A little packet sniffing should show whether this is what is actually happening or not. As a side note, this is why arbitrarily blocking all ICMP messages is a bad idea. -- Bill Moran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Packet drops and queue length upon bandwidth limiting in PF
Hi friends, I am a relative newbie, so please don't flame me if my question doesn't make sense. In a network experiment to determine appropriate length of router buffers, I am using pfctl on FreeBSD 5.3 to limit the bandwidth to 100 Mbps on a 1 Gig link and limit the queue to 240 packets, and I use iperf for sending out data. Connection is maintained between two routers running FreeBSD 5.3, connected by a 1 Gig link. I monitor on sender the pfctl and iperf statisitcs. As I see the iperf throughput go down from 94 Mbps to 50 Mbps and then rise again in accordance with the classic sawtooth curve of TCP, it is clear that there must have been a packet drop, but "pfctl -s -queue -v -v" at the sender shows 0 losses and 0 drops. Moreover, the queue length as reported never overflows. Even netstat shows 0 retransmissions! I tried this with queue lengths of 50, 100, 240, 10 and 5. Only when queue length is on the order of 5 or 10 do I see packet drops in pfctl report (and also retransmissions in the netstat report); however, since I have limited the bandwidth and the outgoing traffic is shaped by this limitation, it is clear that there must be some packet losses in other cases as well. So, I tend to think that some other queueing is occuring apart from the ALTQ, and drops are occuring there. If so, how can I obtain those statistics? Thanks a lot for your help! Ashish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: any bandwidth limiting tools other than dummynet?
On Sun, 05 Sep 2004 13:45:39 +0200 Alex de Kruijff <[EMAIL PROTECTED]> wrote: ADK> > Well you have some higher level tools embebed in some services ADK> > like pure-ftpd/puredb you can limit up/down bandwitdh and quotas, ADK> > etc.. But it's better to limit it with ALTQ/dummynet, that's why ADK> > they exist. By the way, where is the most recent stable ALTQ for FreeBSD 4.x? ALTQ on http://www.csl.sony.co.jp/person/kjc/programs.html is from bronze age at best, seeming more likely from late neolith. ALTQ in pf is 5.x only, and I didn't find a way to reserve bandwidth for high-priority traffic in dummynet. -- Alex. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: any bandwidth limiting tools other than dummynet?
On Sat, Sep 04, 2004 at 03:07:31AM +0100, Nullius Void wrote: > Well you have some higher level tools embebed in some services like > pure-ftpd/puredb you can limit up/down bandwitdh and quotas, etc.. But > it's better to limit it with ALTQ/dummynet, that's why they exist. Isn't pure-ftp a ftp solution only? Dummynet is proberbly ruled out because he didn't like ipfw. Please don't top-post and please cc people. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: any bandwidth limiting tools other than dummynet?
Well you have some higher level tools embebed in some services like pure-ftpd/puredb you can limit up/down bandwitdh and quotas, etc.. But it's better to limit it with ALTQ/dummynet, that's why they exist. On Sat, 04 Sep 2004 01:14:07 +0200, Alex de Kruijff <[EMAIL PROTECTED]> wrote: > On Fri, Aug 27, 2004 at 03:12:56PM +0300, Erik U. wrote: > > I use ipf and i dont want to use ipfw and dummynet. Is there any way to > > limit the bandwidth? > > Did you know you can use ipfw and ipf togetter? (I.e. ipf for > firewalling and ipfw for traffic shapping.) You could try to combine ipf > with ipa (port) but it will not be a nice sollution. (i.e. adding deny > rules when someone uses the internet alot.) > > P.S. I moved the cc to questions instead of stable, because i feel this > belongs there more. See the handbook for the descriptions of the > maillists. > > -- > Alex > > Articles based on solutions that I use: > http://www.kruijff.org/alex/FreeBSD/ > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: any bandwidth limiting tools other than dummynet?
On Fri, Aug 27, 2004 at 03:12:56PM +0300, Erik U. wrote: > I use ipf and i dont want to use ipfw and dummynet. Is there any way to > limit the bandwidth? Did you know you can use ipfw and ipf togetter? (I.e. ipf for firewalling and ipfw for traffic shapping.) You could try to combine ipf with ipa (port) but it will not be a nice sollution. (i.e. adding deny rules when someone uses the internet alot.) P.S. I moved the cc to questions instead of stable, because i feel this belongs there more. See the handbook for the descriptions of the maillists. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bandwidth Limiting
On Tuesday 03 August 2004 05:34 pm, Jonathan wrote: > Hello, I run FreeBSD 5-2.1 on a serv4er box used for my company > (StreamForce Hosting Solutions). I was wondering if there is an > application i can install or method of limiting per user bandwidth by > like a certain group or class. If not is there a way to limit bandwidth > for all non super user accounts. Check out pf (packet filter) http://pf4freebsd.love2party.net/ and http://www.freebsd.org/cgi/url.cgi?ports/security/pf/pkg-descr pf includes ALTQ for bandwidth control. Jay ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bandwidth Limiting
In the last episode (Aug 03), Jonathan said: > Hello, I run FreeBSD 5-2.1 on a serv4er box used for my company > (StreamForce Hosting Solutions). I was wondering if there is an > application i can install or method of limiting per user bandwidth by > like a certain group or class. If not is there a way to limit bandwidth > for all non super user accounts. ipfw rules plus dummynet should be able to do what you want. ipfw can filter on the uid or gid of the process sending/receiving the packet, so this should cause all non-root packets to get filtered through dummynet pipe 1 (which you could configure to run at 90% of your true capacity): ipfw add 400 skipto 402 ip from any to any uid root ipfw add 401 pipe 1 ip from any to any Hopefully ipfw will soon get the ability to use ALTQ which was recently merged into -current, so you can do some more advanced limiting. -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bandwidth Limiting
Jonathan wrote: Hello, I run FreeBSD 5-2.1 on a serv4er box used for my company (StreamForce Hosting Solutions). I was wondering if there is an application i can install or method of limiting per user bandwidth by like a certain group or class. If not is there a way to limit bandwidth for all non super user accounts. Thanks in advance! Regards, Jonathan Ooh, now I read that again, and I think I just wasted that last post. Different scenario. Sorry for the noise. KDK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bandwidth Limiting
Jonathan wrote: Hello, I run FreeBSD 5-2.1 on a serv4er box used for my company (StreamForce Hosting Solutions). I was wondering if there is an application i can install or method of limiting per user bandwidth by like a certain group or class. If not is there a way to limit bandwidth for all non super user accounts. Thanks in advance! Regards, Jonathan Certainly dummynet(4) comes to mind --- it would easily do per *IP* BW limits...so it might depend a tad on your network topography. HTH, Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Bandwidth Limiting
Hello, I run FreeBSD 5-2.1 on a serv4er box used for my company (StreamForce Hosting Solutions). I was wondering if there is an application i can install or method of limiting per user bandwidth by like a certain group or class. If not is there a way to limit bandwidth for all non super user accounts. Thanks in advance! Regards, Jonathan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bandwidth Limiting with ipfw and WEBServices/MailServices
Vahric MUHTARYAN wrote: First,Does bandwith limiting affect high loaded MailServers and Web Servers?! Because I know if I set bandwith limit I have to set queue at this moment some queue delay can be occur ?! Bandwidth limiting affects busy network services, certainly. If you want to adjust the queue length, you should consider the available bandwidth divided by the MTU (gives units of packets over time). I think that mail server can handle it because SMTP will work under slow link. Does this limitation suitable for Web Server ( http protocol ) ?!! This will work with HTTP, yes. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Bandwidth Limiting with ipfw and WEBServices/MailServices
Hi Everybody , I want to learn two things ?! First,Does bandwith limiting affect high loaded MailServers and Web Servers?! Because I know if I set bandwith limit I have to set queue at this moment some queue delay can be occur ?! I think that mail server can handle it because SMTP will work under slow link. Does this limitation suitable for Web Server ( http protocol ) ?!! Any advise ?_ Vahric ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw dummynet bandwidth limiting questions
On Tue, Nov 18, 2003 at 12:02:27PM -0800, Kelsey Cummings wrote: > On Tue, Nov 18, 2003 at 03:48:57AM +0100, Alex de Kruijff wrote: > > On Mon, Nov 17, 2003 at 04:03:52PM -0800, Kelsey Cummings wrote: > > > I've had some trouble getting ipfw to behave as expected. I've got a ipfw > > > box sitting as a firewall and traffic shaper in bridge mode. It's working > > > great for the most part but I'm having trouble getting some specific behavior > > > to work right. > > > > > > I'm currently limiting all outbound streams to 1.5mbits, and this works > > > great. However, I'd also like to setup an overall cap for all traffic to > > > run at 25mbits. I can only get one or the other of these rule/pipe combos > > > to take affect at any given time. I must be missing something obvious: > > > > > > The rules in questions are as follows: > > > > > > add 420 pipe 420 tcp from $slb_www 80 to any > > > pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 > > > > > > add 440 pipe 440 tcp from $slb_www 80 to any > > > pipe 440 config bw 25Mbit/s queue 100 > > > > > > 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. > > > > The packets are allowed on 420 you can disable this with: > > exec = /sbin/sysctl net.inet.ip.fw.one_pass=0 > > Alex, any other suggestions? I'd already played with one_pass without > luck, and have tried again. > > # sysctl -a net.inet.ip.fw.one_pass > net.inet.ip.fw.one_pass: 0 > > #ipfw show > .. > 00420 4942806 6549461073 pipe 420 tcp from IP 80 to any > 00440 0 0 pipe 440 tcp from IP 80 to any > .. Could you try this firewall: ipfw flush ipfw add pipe 1 ip from any to any out ipfw add pipe 2 ip from any to any out ipfw pipe 1 config bw 1500Kbit/s dst-ip 0x ipfw pipe 2 config bw 25Mbit/s With net.inet.ip.fw.one_pass set to 0 all packets should pass though both pipes. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw dummynet bandwidth limiting questions
On Tue, Nov 18, 2003 at 03:48:57AM +0100, Alex de Kruijff wrote: > On Mon, Nov 17, 2003 at 04:03:52PM -0800, Kelsey Cummings wrote: > > I've had some trouble getting ipfw to behave as expected. I've got a ipfw > > box sitting as a firewall and traffic shaper in bridge mode. It's working > > great for the most part but I'm having trouble getting some specific behavior > > to work right. > > > > I'm currently limiting all outbound streams to 1.5mbits, and this works > > great. However, I'd also like to setup an overall cap for all traffic to > > run at 25mbits. I can only get one or the other of these rule/pipe combos > > to take affect at any given time. I must be missing something obvious: > > > > The rules in questions are as follows: > > > > add 420 pipe 420 tcp from $slb_www 80 to any > > pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 > > > > add 440 pipe 440 tcp from $slb_www 80 to any > > pipe 440 config bw 25Mbit/s queue 100 > > > > 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. > > The packets are allowed on 420 you can disable this with: > exec = /sbin/sysctl net.inet.ip.fw.one_pass=0 Alex, any other suggestions? I'd already played with one_pass without luck, and have tried again. # sysctl -a net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 #ipfw show .. 00420 4942806 6549461073 pipe 420 tcp from IP 80 to any 00440 0 0 pipe 440 tcp from IP 80 to any .. I tried removing both rules and pipes, adding them back, it hasn't helped. -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax)http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw dummynet bandwidth limiting questions
On Mon, Nov 17, 2003 at 04:03:52PM -0800, Kelsey Cummings wrote: > I've had some trouble getting ipfw to behave as expected. I've got a ipfw > box sitting as a firewall and traffic shaper in bridge mode. It's working > great for the most part but I'm having trouble getting some specific behavior > to work right. > > I'm currently limiting all outbound streams to 1.5mbits, and this works > great. However, I'd also like to setup an overall cap for all traffic to > run at 25mbits. I can only get one or the other of these rule/pipe combos > to take affect at any given time. I must be missing something obvious: > > The rules in questions are as follows: > > add 420 pipe 420 tcp from $slb_www 80 to any > pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 > > add 440 pipe 440 tcp from $slb_www 80 to any > pipe 440 config bw 25Mbit/s queue 100 > > 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. The packets are allowed on 420 you can disable this with: exec = /sbin/sysctl net.inet.ip.fw.one_pass=0 -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfw dummynet bandwidth limiting questions
I've had some trouble getting ipfw to behave as expected. I've got a ipfw box sitting as a firewall and traffic shaper in bridge mode. It's working great for the most part but I'm having trouble getting some specific behavior to work right. I'm currently limiting all outbound streams to 1.5mbits, and this works great. However, I'd also like to setup an overall cap for all traffic to run at 25mbits. I can only get one or the other of these rule/pipe combos to take affect at any given time. I must be missing something obvious: The rules in questions are as follows: add 420 pipe 420 tcp from $slb_www 80 to any pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 add 440 pipe 440 tcp from $slb_www 80 to any pipe 440 config bw 25Mbit/s queue 100 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. Also, is it possible to increase the hash table size beyond 1024? Practically speaking, does anyone have any experience doing trafic shapping at gige rates? The property behind this box is growing rapidly and we expect to saturate fe in a few month. I'd appreciate if you could cc me in response. -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax)http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Network bandwidth limiting?
stan <[EMAIL PROTECTED]> writes: > I'm trying to replace an HP-UX workstation with an Athalon based GreeBSD > machine, This machien is an Amanda tape server. The FreeBSD machine is a > couple of orsers of mafnitude faster than the HP-UX machin, yet I;m having > problems with losing network conections during the backup sessions. The > Amanda clients are not tolerant of this, and I lose the backup session. > > I'm susecting a networking probem. The network is a simple 10base2 cable, > and the FreeBSD machine has always been an Amanda client, which worked > without a problem. > > I'm wondering if I'm not runing into a deliberate rate limiting issue on > the FreebSD machine. If for instnace I "ping -f" it, I get a bunch of lsot > packets, and a console message about limiting ping response times. What's happening there is that FreeBSD is rate-limiting ICMP packets being sent, which isn't relevant to the TCP packets that are carrying the data for your backups. > Where should I start looking for this? If it were I, with packet traces. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Network bandwidth limiting?
I'm trying to replace an HP-UX workstation with an Athalon based GreeBSD machine, This machien is an Amanda tape server. The FreeBSD machine is a couple of orsers of mafnitude faster than the HP-UX machin, yet I;m having problems with losing network conections during the backup sessions. The Amanda clients are not tolerant of this, and I lose the backup session. I'm susecting a networking probem. The network is a simple 10base2 cable, and the FreeBSD machine has always been an Amanda client, which worked without a problem. I'm wondering if I'm not runing into a deliberate rate limiting issue on the FreebSD machine. If for instnace I "ping -f" it, I get a bunch of lsot packets, and a console message about limiting ping response times. Where should I start looking for this? -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
On Fri, 3 Jan 2003, randall ehren wrote: > not to stray too far, but if IPFW is set to allow all incoming packets and is > only used for shaping, and you have ipfilter handling nat, then it seems it > would just be: > network card --> IPFW (traffic shape) --> IPF (filter+nat) --> userland > i guess an internally NAT address would go back out as: > IPF --> IPFW --> network card We actually found it goes: Internal Net -> NIC -> IPF+NAT -> IPFW -> World World -> IPF+NAT -> IPFW -> NIC -> Internal net After seeing this, I didn't even bother to see what the interal side of the router processed as. I'm sure it would have given me a headache trying to set up the runs. Suffice to say, IPF+NAT always sees the packets first (at least on the outer side of the router) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
May be /usr/ports/sysutils/ipa is the answer to your problem. Quote from port description: ipa(8) allows to make IP accounting (network accounting) based on FreeBSD IPv4/v6 Firewall (including IPFW2), OpenBSD Packet Filter and IP Filter accounting rules on FreeBSD, NetBSD and OpenBSD. It supports limits for accounting rules and limits events as "limit is reached", "reached limit is expired", etc. It understands time intervals like "end of day", "end of week", "end of month", etc. ipastat(8) is a viewer for IP accounting database made by ipa(8). WWW: http://www.simon.org.ua/ipa/ - Andrey Simonenko [EMAIL PROTECTED] [EMAIL PROTECTED] > Hi, > > Is there a way to limit incoming traffic (bandwidth) using > ipfilter/ipfw or any such software tool?. I am running a mail > server and I pay per GB transfered. If I have my ISP do the > limiting, they charge extra $$ for it. I know I can limit > incoming mail size via the mail server. But still doesn't > prevent someone from sending a lot of mail or fill up > a 100mbps line for 24 hrs/day. > > > I am not looking for a perfect solution, and I do realize > ddos attacks and such are still possible. I am only looking > for a reasonable solution. > > Any help is appreciated > > -- > Hari Bhaskaran > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
> > http://www.google.com/search?q=ipfilter+ipfw+together > > --> http://false.net/ipfilter/2000_02/0407.html > > This is what we settled with eventually, but the processing order for > packets when you're using both IPF and IPFW plus ipnat is seriously > f*rked. not to stray too far, but if IPFW is set to allow all incoming packets and is only used for shaping, and you have ipfilter handling nat, then it seems it would just be: network card --> IPFW (traffic shape) --> IPF (filter+nat) --> userland i guess an internally NAT address would go back out as: IPF --> IPFW --> network card doesn't seem that bad... -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: incoming bandwidth limiting using ipfilter
The question is, are they charging you for total bandwidth used, or some real time rate limit? When you use bandwidth shaping, you can reduce your rate, but that will just spread things out. So if they are charging you for total bytes moved, then you would have to do some math to figure out what that breaks down to in Mbps, and put a throttle in to that rate. I'm not sure what Mike means by packets already traversing the network. If you shape your bandwidth, it's not like all those packets just pile up at your server's front door, waiting to get in. The IP protocol will pause within itself to not exceed your defined bandwidth. -Daniel -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hari Bhaskaran Sent: Friday, January 03, 2003 6:24 PM To: [EMAIL PROTECTED] Subject: Re: incoming bandwidth limiting using ipfilter > Hari: > > I think you are going to find that rate-limiting at the box won't > provide any fiscal relief. The packets have already traversed your > ISP's interface where the accounting is taking place. > > Mike That's bad. But if the machine doesn't accept more than N packets/sec, why would the ISP router forward any more packets to it? I wouldn't know the internals, but isn't there any kind of flow control in the protocol? -- Hari Bhaskaran (Mike, although I have cc-ed the list I haven't included your email anywhere in the reply) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
On Fri, 3 Jan 2003, randall ehren wrote: > > Darren could you answer this question please? > > Maybe we could get Phil to add the answer to the FAQ. > > http://www.google.com/search?q=ipfilter+ipfw+together > --> http://false.net/ipfilter/2000_02/0407.html This is what we settled with eventually, but the processing order for packets when you're using both IPF and IPFW plus ipnat is seriously f*rked. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
> Hari: > > I think you are going to find that rate-limiting at the box won't > provide any fiscal relief. The packets have already traversed your > ISP's interface where the accounting is taking place. > > Mike That's bad. But if the machine doesn't accept more than N packets/sec, why would the ISP router forward any more packets to it? I wouldn't know the internals, but isn't there any kind of flow control in the protocol? -- Hari Bhaskaran (Mike, although I have cc-ed the list I haven't included your email anywhere in the reply) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: incoming bandwidth limiting using ipfilter
Here is another article that summarizes what you need to do, it's pretty straight forward really. I just did this recently on my server, and it appears to work like a charm so far. http://www.onlamp.com/pub/a/bsd/2001/07/26/Big_Scary_Daemons.html Peace. -Daniel -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of randall ehren Sent: Friday, January 03, 2003 5:29 PM To: Hari Bhaskaran Cc: [EMAIL PROTECTED] Subject: Re: incoming bandwidth limiting using ipfilter > Does anyone know any hardware (of the size of a regular home > DSL router) that can give me a simple limit of X bps for two > IP addresses. I am running out of time and removing ipfilter > (which I use now) and adding ipfw, learning dummynet and then > figuring out will take time (at least 5 days with my FreeBSD IQ level). > I am also hoping it would be in < $500 range. just add IPFW, IPFIREWALL_DEFAULT_TO_ACCEPT, and DUMMYNET to your kernel, no need to remove IPFILTER. then just add whatever rules are needed for dummynet. IPFW should then leave your packets alone for ipfilter to handle. -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
> > Is there anything that limits us from using ipfilter on top of this ipfw > > b/w control? > > Darren Reed, the owner of IPF is probably in the best position to answer > that question. I posed it a week ot two ago on the ipf mailing list.. I'm > waiting for a reply, not sure if it was seen amongst the flurry or mail on > the topic. > > Darren could you answer this question please? > Maybe we could get Phil to add the answer to the FAQ. http://www.google.com/search?q=ipfilter+ipfw+together --> http://false.net/ipfilter/2000_02/0407.html -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
> Does anyone know any hardware (of the size of a regular home > DSL router) that can give me a simple limit of X bps for two > IP addresses. I am running out of time and removing ipfilter > (which I use now) and adding ipfw, learning dummynet and then > figuring out will take time (at least 5 days with my FreeBSD IQ level). > I am also hoping it would be in < $500 range. just add IPFW, IPFIREWALL_DEFAULT_TO_ACCEPT, and DUMMYNET to your kernel, no need to remove IPFILTER. then just add whatever rules are needed for dummynet. IPFW should then leave your packets alone for ipfilter to handle. -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
On Fri, Jan 03, 2003 at 12:39:52PM -0800, randall ehren wrote: > > you'll want to lookup information on dummynet: > http://info.iet.unipi.it/~luigi/ip_dummynet/ Does anyone know any hardware (of the size of a regular home DSL router) that can give me a simple limit of X bps for two IP addresses. I am running out of time and removing ipfilter (which I use now) and adding ipfw, learning dummynet and then figuring out will take time (at least 5 days with my FreeBSD IQ level). I am also hoping it would be in < $500 range. > > you can use it to shape traffic and limit bandwidth. > > -randall > Any help is appreciated. -- Hari Bhaskaran To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
On Fri, 3 Jan 2003, Murat Bicer wrote: > Is there anything that limits us from using ipfilter on top of this ipfw > b/w control? Darren Reed, the owner of IPF is probably in the best position to answer that question. I posed it a week ot two ago on the ipf mailing list.. I'm waiting for a reply, not sure if it was seen amongst the flurry or mail on the topic. Darren could you answer this question please? Maybe we could get Phil to add the answer to the FAQ. Phil? :-) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
> Is there anything that limits us from using ipfilter on top of this ipfw > b/w control? doesn't appear so... from http://home.earthlink.net/~jaymzh666/ipf/IPFfreebsd.html#12: IPF and IPFW both have features I want to use, must I choose between them? No. You can run them both on a single machine. However, you must take care to ensure that one package's rules do not interfere with the other's. Note that the packages get access to rules in the order in which they were loaded, e.g. if IPFW is compiled in the kernel and IPF is loaded as a module, IPFW "sees" packets before IPF. -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
Is there anything that limits us from using ipfilter on top of this ipfw b/w control? > Is there a way to limit incoming traffic (bandwidth) using > ipfilter/ipfw or any such software tool?. you'll want to lookup information on dummynet: http://info.iet.unipi.it/~luigi/ip_dummynet/ you can use it to shape traffic and limit bandwidth. Murat Bicer [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: incoming bandwidth limiting using ipfilter
ipfilter won't allow you to limit bandwidth, ipfw will. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hari Bhaskaran Sent: Friday, January 03, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: incoming bandwidth limiting using ipfilter Hi, Is there a way to limit incoming traffic (bandwidth) using ipfilter/ipfw or any such software tool?. I am running a mail server and I pay per GB transfered. If I have my ISP do the limiting, they charge extra $$ for it. I know I can limit incoming mail size via the mail server. But still doesn't prevent someone from sending a lot of mail or fill up a 100mbps line for 24 hrs/day. I am not looking for a perfect solution, and I do realize ddos attacks and such are still possible. I am only looking for a reasonable solution. Any help is appreciated -- Hari Bhaskaran To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: incoming bandwidth limiting using ipfilter
> Is there a way to limit incoming traffic (bandwidth) using > ipfilter/ipfw or any such software tool?. I am running a mail > server and I pay per GB transfered. If I have my ISP do the > limiting, they charge extra $$ for it. I know I can limit > incoming mail size via the mail server. But still doesn't > prevent someone from sending a lot of mail or fill up > a 100mbps line for 24 hrs/day. you'll want to lookup information on dummynet: http://info.iet.unipi.it/~luigi/ip_dummynet/ you can use it to shape traffic and limit bandwidth. -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
incoming bandwidth limiting using ipfilter
Hi, Is there a way to limit incoming traffic (bandwidth) using ipfilter/ipfw or any such software tool?. I am running a mail server and I pay per GB transfered. If I have my ISP do the limiting, they charge extra $$ for it. I know I can limit incoming mail size via the mail server. But still doesn't prevent someone from sending a lot of mail or fill up a 100mbps line for 24 hrs/day. I am not looking for a perfect solution, and I do realize ddos attacks and such are still possible. I am only looking for a reasonable solution. Any help is appreciated -- Hari Bhaskaran To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: enabling tcp bandwidth limiting?
On Mon, 28 Oct 2002, Mike Johnston wrote: > According to the FreeBSD 4.7 release notes: > The tcp protocol now has the ability to dynamically limit the send-side > window to maximize bandwidth and minimize round trip times. The feature can > be enabled via the net.inet.tcp.inflight_enable sysctl. > > Can someone explain how to enable this feature? Do i add it to rc.conf? Add net.inet.tcp.inflight_enable=1 to /etc/sysctl.conf If you want to enable it without rebooting, say the magic words: # sysctl -w net.inet.tcp.inflight_enable=1 Fer > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
enabling tcp bandwidth limiting?
According to the FreeBSD 4.7 release notes: The tcp protocol now has the ability to dynamically limit the send-side window to maximize bandwidth and minimize round trip times. The feature can be enabled via the net.inet.tcp.inflight_enable sysctl. Can someone explain how to enable this feature? Do i add it to rc.conf? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: bandwidth limiting
man dummynet man ipfw 'Traffic Shaper Configuration' It has nothing to do with the 'pipe' (man pipe) command. But you create pipes with ipfw, like this: ipfw add pipe 10 ip from any to any More about dummynet: http://www.onlamp.com/lpt/a/bsd/2001/07/26/Big_Scary_Daemons.html General FreeBSD help: http://www.google.com/bsd http://www.freebsddiary.org http://www.defcon1.org http://www.freebsd.org http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html Hope this is to some help! :) Øystein -Original Message- From: Nelis Lamprecht [mailto:[EMAIL PROTECTED]] Sent: Friday, July 19, 2002 12:48 To: [EMAIL PROTECTED] Subject: bandwidth limiting Hi List I would like to limit bandwidth on a per user basis ON my 4.6 box, is this possible ? Or perhaps limit them on a per ipaddress basis. I have 2 interfaces( ext and int ) and I am running ipfw. I read somewhere that you can use pipe with ipfw for this but am having a little difficulty understanding this and there is very little info on man pipe. Any suggestions will be greatly appreciated. Thanks. Nelis To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
bandwidth limiting
Hi List I would like to limit bandwidth on a per user basis ON my 4.6 box, is this possible ? Or perhaps limit them on a per ipaddress basis. I have 2 interfaces( ext and int ) and I am running ipfw. I read somewhere that you can use pipe with ipfw for this but am having a little difficulty understanding this and there is very little info on man pipe. Any suggestions will be greatly appreciated. Thanks. Nelis To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
bandwidth limiting
Hi List I would like to limit bandwidth on a per user basis to my 4.6 box, is this possible ? Or perhaps limit them on a per ipaddress basis. I have 2 interfaces( ext and int ) and I am running ipfw. I read somewhere that you can use pipe with ipfw for this but am having a little difficulty understanding this and there is very little info on man pipe. Any suggestions will be greatly appreciated. Thanks. Nelis To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message