[OT] name resolution... ( was Re: FreeBSD Traffic Shaping )

[Norberto Meijome]

On Thu, 03 Apr 2008 15:55:05 +1100
Terry Sposato [EMAIL PROTECTED] wrote:

 Norberto Meijome wrote:
  On Wed, 2 Apr 2008 14:43:20 +0200
  Mel [EMAIL PROTECTED] wrote:
  
  I think you'll find that bursts are best counteracted like this:
  http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas
  
  Mel, can you please confirm this link / FQDN ? no NS defined for the 
  domain... 
  
  TIA,
  B
 SNIP
 
 The above link works fine for me here.
 [EMAIL PROTECTED] ~]$ host www.probsd.net
 www.probsd.net has address 66.93.16.108
 

i hear you :D 

It resolves ok when pointing against a US based Name server :

$ nslookup www.probsd.net ns1.octantis.com.au
Server: ns1.octantis.com.au
Address:207.44.188.147#53

Non-authoritative answer:
Name:   www.probsd.net
Address: 66.93.16.108

It doesn't work when using my machine's named, which relies on Root name 
servers to get the info. the US server also uses root servers for resolution.

US box is linux based, mine is FBSD 7, in AU.

I checked with wireshark and i never get any reply from their servers. they 
seem to reply if I use my ISP's dns... 

oh well


_
{Beto|Norberto|Numard} Meijome

The only good bureaucrat is one with a pistol at his head.
Put it in his hand and it's goodbye to the Bill of Rights.
   H.L. Mencken

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[freebsd]

I gave port 80 as an example but I need this configuration for  
limiting other services as well.


If you have a 100mbps connection and only one client, you want him to  
only use 50kbps, not the full pipe. If you have 200 clients, they  
still get 50kbps each.


Is this feature that I need so complicated that it can't be  
implemented easily into FreeBSD or is it that not many people need it  
? It sounds quite useful to me :)




I have personally tried that before and it did not worked as described, in
fact it didn't work at all to limit anything on FBSD6.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart
Sent: Tuesday, April 01, 2008 7:55 PM
To: [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD Traffic Shaping

[EMAIL PROTECTED] wrote:

I am trying to limit the bandwidth available to some connections and
I'm not sure FreeBSD can handle this. Maybe some of you can help.
Here's what I need to have exactly.

No matter what the number of connections, each connection should have
at most/least 50kbps guaranteed outbound on port 80.

I've tried dummynet but it doesn't do what I need because if I define
a pipe with 1mbps and if I have 1000 connections, each connection will
have less than 50kbps.

Any way to do this in FreeBSD ?


The ipfw(8) man page describes a mask configuration parameter.

# /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s

This creates a separate dynamic pipe per source ip address. Each pipe has a
dedicated 56kbps. The man page implies that the mask can combine fields, so
to uniquely identify each connection, you would mask all bits of source
and destination IP and ports. It looks like the all
keyword might do just the trick.

--
Chris Cowart
Network Technical Lead
Network  Infrastructure Services, RSSP-IT UC Berkeley

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[freebsd]

Hmm,

I've tried

ipfw pipe 2 config mask all bw 100Kbit/s
ipfw add 10 pipe 2 tcp from localip to any 80

it appears to be working but I don't have enough connections on right  
now to find out if it really gives 100kbit/sec to each or if it shares  
the bw


will come back with an update :)


I gave port 80 as an example but I need this configuration for  
limiting other services as well.


If you have a 100mbps connection and only one client, you want him  
to only use 50kbps, not the full pipe. If you have 200 clients, they  
still get 50kbps each.


Is this feature that I need so complicated that it can't be  
implemented easily into FreeBSD or is it that not many people need  
it ? It sounds quite useful to me :)




I have personally tried that before and it did not worked as described, in
fact it didn't work at all to limit anything on FBSD6.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart
Sent: Tuesday, April 01, 2008 7:55 PM
To: [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD Traffic Shaping

[EMAIL PROTECTED] wrote:

I am trying to limit the bandwidth available to some connections and
I'm not sure FreeBSD can handle this. Maybe some of you can help.
Here's what I need to have exactly.

No matter what the number of connections, each connection should have
at most/least 50kbps guaranteed outbound on port 80.

I've tried dummynet but it doesn't do what I need because if I define
a pipe with 1mbps and if I have 1000 connections, each connection will
have less than 50kbps.

Any way to do this in FreeBSD ?


The ipfw(8) man page describes a mask configuration parameter.

# /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s

This creates a separate dynamic pipe per source ip address. Each pipe has a
dedicated 56kbps. The man page implies that the mask can combine fields, so
to uniquely identify each connection, you would mask all bits of source
and destination IP and ports. It looks like the all
keyword might do just the trick.

--
Chris Cowart
Network Technical Lead
Network  Infrastructure Services, RSSP-IT UC Berkeley

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[Wojciech Puchar]

The vast majority of people out there have asymmetrical bandwidth
limiting needs - that is, they have a pipe to the Internet and
have a lot more data coming from the Internet to them, than data
going from them to the Internet.  Their desire is to somehow make
it so that certain kinds of incoming data meeting certain criteria
are limited.  Their problem is that since they don't have control of
the end sending the data to them, they can't do this.


but you ROUGHLY can do this with ipfw.
by limiting at your end - the other end will slow down.

but of course in case of say ping flood or similar things you can't
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 [EMAIL PROTECTED]
 Sent: Tuesday, April 01, 2008 11:27 PM
 To: freebsd-questions@freebsd.org
 Subject: RE: FreeBSD Traffic Shaping
 
 
 I gave port 80 as an example but I need this configuration for  
 limiting other services as well.
 
 If you have a 100mbps connection and only one client, you want him to  
 only use 50kbps, not the full pipe. If you have 200 clients, they  
 still get 50kbps each.
 
 Is this feature that I need so complicated that it can't be  
 implemented easily into FreeBSD or is it that not many people need it  
 ? It sounds quite useful to me :)
 

It isn't that it's complicated or cannot be implemented easily.

It is that it's impossible to limit INCOMING bandwidth from the
Internet.

The vast majority of people out there have asymmetrical bandwidth
limiting needs - that is, they have a pipe to the Internet and
have a lot more data coming from the Internet to them, than data
going from them to the Internet.  Their desire is to somehow make
it so that certain kinds of incoming data meeting certain criteria
are limited.  Their problem is that since they don't have control of
the end sending the data to them, they can't do this.

The fewer number of people not in this boat are quite often looking
to run bandwidth restrictions on private T1s - and the routers needed
for these kinds of circuits usually have limiting code built in.  Since
they have control of both ends of the pipe they can use the limit code.

And the people not falling into these groups are mostly website
hosters looking to restrict outbound bandwidth - and for that, they
use an apache mod file (bandwidth_mod, http://www.ivn.cl/apache/ for
example) that works much better.

In short, the bandwidth limiting code really has little practical
value when implemented in FreeBSD that is why few do it.

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Andrew Pantyukhin]

On Wed, Apr 02, 2008 at 12:55:58AM -0800, Ted Mittelstaedt wrote:
 It is that it's impossible to limit INCOMING bandwidth from the
 Internet.

The fact is you can limit incoming TCP with little to no packet
loss and almost any other traffic stream (including P2P) with
1-10% loss.

 In short, the bandwidth limiting code really has little
 practical value when implemented in FreeBSD that is why few do
 it.

:)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Wojciech Puchar]

loss and almost any other traffic stream (including P2P) with
1-10% loss.


In short, the bandwidth limiting code really has little
practical value when implemented in FreeBSD that is why few do
it.


:)


i do on my 300 users network. works VERY well. i use queues to equally 
divide available bandwidth in both directions

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Mel]

On Wednesday 02 April 2008 10:55:58 Ted Mittelstaedt wrote:

 The vast majority of people out there have asymmetrical bandwidth
 limiting needs - that is, they have a pipe to the Internet and
 have a lot more data coming from the Internet to them, than data
 going from them to the Internet.  Their desire is to somehow make
 it so that certain kinds of incoming data meeting certain criteria
 are limited.  Their problem is that since they don't have control of
 the end sending the data to them, they can't do this.

That's only true for locally generated traffic. Since you can limit the 
outgoing pipe of the internal interface, in a NAT situation, you can in 
practical terms limit/prioritize incoming traffic.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Mel]

On Wednesday 02 April 2008 09:27:21 [EMAIL PROTECTED] wrote:
 I gave port 80 as an example but I need this configuration for
 limiting other services as well.

 If you have a 100mbps connection and only one client, you want him to
 only use 50kbps, not the full pipe. If you have 200 clients, they
 still get 50kbps each.

 Is this feature that I need so complicated that it can't be
 implemented easily into FreeBSD or is it that not many people need it
 ? It sounds quite useful to me :)

It isn't as useful as you think. I can easily generate 200 clients being only 
one person. That's why the focus in bandwidth shapers lies on the type of 
traffic and the origin/destination rather then the state and they divide the 
bandwidth within those pipes between the states.
Secondly - bit besides the point, but not many people think about it - if you 
have 100% available and limit a single person to 5%, you're more likely to 
end up at the 100%, simply because it takes more time for that person to get 
what he wants.
So if there's no financial/legal issues involved, it's better to get rid of 
the clients as fast as possible.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[freebsd]

I think you guys went a bit on a tangent here. What I am trying to do  
is limit the outbound bandwidth of my services and this should be  
perfectly possible as I control the output.


Also, the reason for this need is that some services use  
burst-bandwidth and I have many peaks and lows throughout the day.  
This means that my carrier who bills me by the 95th percentile is  
having a field day. For the services that my server offers it's not  
imperative that they get rid of the client in 1 second instead of 5  
for example. In this sense, stretching out 1MB of traffic over 10  
seconds is more beneficial towards my 95th than if I stretch it over 2  
seconds for example.


Quoting Mel [EMAIL PROTECTED]:


On Wednesday 02 April 2008 09:27:21 [EMAIL PROTECTED] wrote:

I gave port 80 as an example but I need this configuration for
limiting other services as well.

If you have a 100mbps connection and only one client, you want him to
only use 50kbps, not the full pipe. If you have 200 clients, they
still get 50kbps each.

Is this feature that I need so complicated that it can't be
implemented easily into FreeBSD or is it that not many people need it
? It sounds quite useful to me :)


It isn't as useful as you think. I can easily generate 200 clients being only
one person. That's why the focus in bandwidth shapers lies on the type of
traffic and the origin/destination rather then the state and they divide the
bandwidth within those pipes between the states.
Secondly - bit besides the point, but not many people think about it - if you
have 100% available and limit a single person to 5%, you're more likely to
end up at the 100%, simply because it takes more time for that person to get
what he wants.
So if there's no financial/legal issues involved, it's better to get rid of
the clients as fast as possible.

--
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[freebsd]

I can now confirm that these two commands do exactly what I mentioned  
originally.


All outbound connections towards any host port 80 will have a maximum  
bandwidth of 100Kbit/s individually ( output )


ipfw pipe 2 config mask all bw 100Kbit/s
ipfw add 10 pipe 2 tcp from localip to any 80

Problem solved :)


Hmm,

I've tried

ipfw pipe 2 config mask all bw 100Kbit/s
ipfw add 10 pipe 2 tcp from localip to any 80

it appears to be working but I don't have enough connections on  
right now to find out if it really gives 100kbit/sec to each or if  
it shares the bw


will come back with an update :)


I gave port 80 as an example but I need this configuration for  
limiting other services as well.


If you have a 100mbps connection and only one client, you want him  
to only use 50kbps, not the full pipe. If you have 200 clients,  
they still get 50kbps each.


Is this feature that I need so complicated that it can't be  
implemented easily into FreeBSD or is it that not many people need  
it ? It sounds quite useful to me :)




I have personally tried that before and it did not worked as described, in
fact it didn't work at all to limit anything on FBSD6.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of  
Christopher Cowart

Sent: Tuesday, April 01, 2008 7:55 PM
To: [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD Traffic Shaping

[EMAIL PROTECTED] wrote:

I am trying to limit the bandwidth available to some connections and
I'm not sure FreeBSD can handle this. Maybe some of you can help.
Here's what I need to have exactly.

No matter what the number of connections, each connection should have
at most/least 50kbps guaranteed outbound on port 80.

I've tried dummynet but it doesn't do what I need because if I define
a pipe with 1mbps and if I have 1000 connections, each connection will
have less than 50kbps.

Any way to do this in FreeBSD ?


The ipfw(8) man page describes a mask configuration parameter.

# /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s

This creates a separate dynamic pipe per source ip address. Each pipe has a
dedicated 56kbps. The man page implies that the mask can combine fields, so
to uniquely identify each connection, you would mask all bits of source
and destination IP and ports. It looks like the all
keyword might do just the trick.

--
Chris Cowart
Network Technical Lead
Network  Infrastructure Services, RSSP-IT UC Berkeley

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to  
[EMAIL PROTECTED]






___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Mel]

On Wednesday 02 April 2008 14:21:38 [EMAIL PROTECTED] wrote:

 Also, the reason for this need is that some services use
 burst-bandwidth and I have many peaks and lows throughout the day.
 This means that my carrier who bills me by the 95th percentile is
 having a field day.

He bills by the second or average hour like most people? It's not as black and 
white as it seems - you also get higher average when the number of 
connections increases, not just the bandwidth they consume.

I think you'll find that bursts are best counteracted like this:
http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas

This seperates 'downloads' from 'webpages', 'normal mails' from 'attachments' 
and you can then tune accordingly, if you have/get some graph.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[freebsd]

As far as I know, every carrier bills by 95th percentile.
This particular server is colocated and the bandwidth average is  
2.35mbps while the 95th is 3.7mbps.


I don't want my clients to have to compete for bandwidth - if 1000  
users share a 3mbps fixed pipe, they will each get 3k/sec -. Rather I  
want to guarantee a fixed output for each client. This ensures  
adequate speed for everyone AND flattens out my peaks.


Quoting Mel [EMAIL PROTECTED]:


On Wednesday 02 April 2008 14:21:38 [EMAIL PROTECTED] wrote:


Also, the reason for this need is that some services use
burst-bandwidth and I have many peaks and lows throughout the day.
This means that my carrier who bills me by the 95th percentile is
having a field day.


He bills by the second or average hour like most people? It's not as  
black and

white as it seems - you also get higher average when the number of
connections increases, not just the bandwidth they consume.

I think you'll find that bursts are best counteracted like this:
http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas

This seperates 'downloads' from 'webpages', 'normal mails' from 'attachments'
and you can then tune accordingly, if you have/get some graph.

--
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Giorgos Keramidas]

On Wed, 2 Apr 2008 11:30:44 +0200 (CEST), Wojciech Puchar [EMAIL PROTECTED] 
wrote:
 The vast majority of people out there have asymmetrical bandwidth
 limiting needs - that is, they have a pipe to the Internet and have a
 lot more data coming from the Internet to them, than data going from
 them to the Internet.  Their desire is to somehow make it so that
 certain kinds of incoming data meeting certain criteria are limited.
 Their problem is that since they don't have control of the end
 sending the data to them, they can't do this.

 but you ROUGHLY can do this with ipfw.
 by limiting at your end - the other end will slow down.

Unless the sending endpoint just ignores your limited incoming pipe
characteristics and keeps flooding you with DNS or ICMP requests, until
you scream for help.

 but of course in case of say ping flood or similar things you can't

Bingo.  That's precisely one of the things Ted meant, when he wrote that
`it cannot be done properly, unless you have dedicated T1 circuits whose
endpoints *are* under your control' :-)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 [EMAIL PROTECTED]
 Sent: Wednesday, April 02, 2008 4:22 AM
 To: freebsd-questions@freebsd.org
 Subject: Re: FreeBSD Traffic Shaping
 
 
 I think you guys went a bit on a tangent here. What I am trying to do  
 is limit the outbound bandwidth of my services and this should be  
 perfectly possible as I control the output.
 

Considering you didn't say that in your original post I don't
see why your complaining about a tangent.

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 [EMAIL PROTECTED]
 Sent: Wednesday, April 02, 2008 4:38 AM
 To: freebsd-questions@freebsd.org
 Subject: RE: FreeBSD Traffic Shaping
 
 
 I can now confirm that these two commands do exactly what I mentioned  
 originally.
 
 All outbound connections towards any host port 80 will have a maximum  
 bandwidth of 100Kbit/s individually ( output )
 
 ipfw pipe 2 config mask all bw 100Kbit/s
 ipfw add 10 pipe 2 tcp from localip to any 80
 
 Problem solved :)


Are you sure about this?

If your serving webpages, your listening on port 80

The tcp initiator uses a source port randomly chosen above 80
and a destination port on your host of 80

Your host responds with traffic with a source port of 80 and
a destination port of the initiator's choosing.  You don't
want to limit destination port 80 traffic since your not sending
it.
 
I would suggest after deployment that you carefully look at
your access lists and keep an eye on your utilization graphs to
make sure it's doing what you think it's supposed to be doing.

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[Ted Mittelstaedt]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 [EMAIL PROTECTED]
 Sent: Wednesday, April 02, 2008 4:51 AM
 To: freebsd-questions@freebsd.org
 Subject: Re: FreeBSD Traffic Shaping
 
 
 As far as I know, every carrier bills by 95th percentile.

You better call your carrier and confirm this.

The last carrier we had in that did this did in fact NOT bill by peak,
they billed by average.  However, the contract language SEEMED
to say peak.  We were naturally concerned about this after the first
month due to our graphs indicating that we had exceeded the peak.
However, the carrier (ATT) did not bill a surcharge.  After that
we regularly peaked over the designated MBs
during the contract term with no billing surcharge.  The last
2 months of the contract we got nailed with very high surcharge
fees for the last 2 month use period.  Needless to say we did
not renew the contract and the
matter is in litigation now.  We never got a satisfactory answer
from anyone there as to what calculation they used to determine
how the surcharge was calculated.

Of course it was our dumb fault.  In the future if we ever sign
any of those bandwidth contracts again we will require the carrier
to supply in the contract the mathematical formula they use to
calculate whether or not a surcharge applies.  We will then
read the formula and determine for ourself whether it means
peak or average.

 This particular server is colocated and the bandwidth average is  
 2.35mbps while the 95th is 3.7mbps.
 
 I don't want my clients to have to compete for bandwidth - if 1000  
 users share a 3mbps fixed pipe, they will each get 3k/sec -. Rather I  
 want to guarantee a fixed output for each client. This ensures  
 adequate speed for everyone AND flattens out my peaks.


Except that during the vallys of your utilization your clients
will be limited as well - meaning that if for example your bandwidth from
2-3am is only .5Mbps, 3Mbps would be available - and if one of
your clients happened to want to use 3Mps, his transfer will be
pushed forward out of the 2-3am time period and into the 2-8am
period.  Meanwhile your carrier gets away scott-free because
they didn't have to supply you with the 3.5Mbs during the night,
even though you were entitled to it.

Anyway, I'm sure your going to do what you feel like and damn the
advice everyone is giving - hopefully it works out for you.  I
personally think these kinds of contracts are devices to make
the carrier a windfall they don't deserve, and I hope that
you manage to beat the contract and extract your last available
byte without penalty - because the more people that manage to
do this the less lurative these dumb contracts will be and the
less incentive the carriers will have to offer them - but I
think in your case your up against a telco who has a lot of
experience screwing over customers, and they will find out some
way to apply the surcharge no matter what you do.

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: FreeBSD Traffic Shaping

[Ted Mittelstaedt]

 -Original Message-
 From: Giorgos Keramidas [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, April 02, 2008 9:45 AM
 To: Wojciech Puchar
 Cc: Ted Mittelstaedt; [EMAIL PROTECTED];
 freebsd-questions@freebsd.org
 Subject: Re: FreeBSD Traffic Shaping
 
 
 On Wed, 2 Apr 2008 11:30:44 +0200 (CEST), Wojciech Puchar 
 [EMAIL PROTECTED] wrote:
  The vast majority of people out there have asymmetrical bandwidth
  limiting needs - that is, they have a pipe to the Internet and have a
  lot more data coming from the Internet to them, than data going from
  them to the Internet.  Their desire is to somehow make it so that
  certain kinds of incoming data meeting certain criteria are limited.
  Their problem is that since they don't have control of the end
  sending the data to them, they can't do this.
 
  but you ROUGHLY can do this with ipfw.
  by limiting at your end - the other end will slow down.
 
 Unless the sending endpoint just ignores your limited incoming pipe
 characteristics and keeps flooding you with DNS or ICMP requests, until
 you scream for help.
 

It's not just that.  It's also stuff like kazza, and theres this
shareware downloader out there I forget the name of which opens
multiple connections to multiple sites, which also will not
be limited.  Oh and I also forgot online games too, some will
ignore the limiters.  (it's been my observation, that is)  And,
things like incoming e-mail spammers, the spam handshakes that their
spam networks send are too short, and will come in full-bore.

The other problem is that because the limiting works by delaying
traffic so that the tcp sliding window is exceeded, if the sender
and recipient put up large enough tcp receive windows they should
be able to defeat it.  This used to be standard advice for windows
2K and under as the registry could be modded to change those
parameters. (since the defaults were too small for the Internet)

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Norberto Meijome]

On Wed, 2 Apr 2008 14:43:20 +0200
Mel [EMAIL PROTECTED] wrote:

 I think you'll find that bursts are best counteracted like this:
 http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas

Mel, can you please confirm this link / FQDN ? no NS defined for the domain... 

TIA,
B

_
{Beto|Norberto|Numard} Meijome

At times, to be silent is to lie. 
  Miguel de Unamuno

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Terry Sposato]

Norberto Meijome wrote:

On Wed, 2 Apr 2008 14:43:20 +0200
Mel [EMAIL PROTECTED] wrote:


I think you'll find that bursts are best counteracted like this:
http://www.probsd.net/pf/index.php/Hednod%27s_HFSC_explained#Tips.2FIdeas


Mel, can you please confirm this link / FQDN ? no NS defined for the domain... 


TIA,
B

SNIP

The above link works fine for me here.
[EMAIL PROTECTED] ~]$ host www.probsd.net
www.probsd.net has address 66.93.16.108

--
Regards,

Terry Sposato
[EMAIL PROTECTED]
http://www.sucked-in.com

GnuPG Key  : 0xB7643BC8
Fingerprint: EE92 D9E1 C98E 759F 5991 DFF6 70CE 8936 B764 3BC8



signature.asc
Description: OpenPGP digital signature

Re: FreeBSD Traffic Shaping

[Luke Dean]

On Tue, 1 Apr 2008, [EMAIL PROTECTED] wrote:

I am trying to limit the bandwidth available to some connections and I'm not 
sure FreeBSD can handle this. Maybe some of you can help. Here's what I need 
to have exactly.


No matter what the number of connections, each connection should have at 
most/least 50kbps guaranteed outbound on port 80.


I've tried dummynet but it doesn't do what I need because if I define a pipe 
with 1mbps and if I have 1000 connections, each connection will have less 
than 50kbps.


Any way to do this in FreeBSD ?


I can't think of any way to dynamically allocate a new pipe for each 
individual connection with any firewall software I've used.


Have you considered getting your web server to do the limiting for you?  I 
think mod_bandwidth for Apache is designed to do what you're asking, but 
I've never used it.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Mel]

On Wednesday 02 April 2008 00:18:36 [EMAIL PROTECTED] wrote:

 I've tried dummynet but it doesn't do what I need because if I define
 a pipe with 1mbps and if I have 1000 connections, each connection will
 have less than 50kbps.

 Any way to do this in FreeBSD ?

No, unfortunately your ISP gives you bandwidth, not FreeBSD.
You can give yourself the illusion of guarenteed bandwidth using HFSC and pf 
altq, but at 500% of max bandwidth it is nothing more then an illusion. 
That's aside from the fact that HFSC only allows 75% of capacity to be 
designated as 'realtime'.

-- 
Mel

Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping

[Christopher Cowart]

[EMAIL PROTECTED] wrote:
 I am trying to limit the bandwidth available to some connections and I'm 
 not sure FreeBSD can handle this. Maybe some of you can help. Here's what I 
 need to have exactly.
 
 No matter what the number of connections, each connection should have at 
 most/least 50kbps guaranteed outbound on port 80.
 
 I've tried dummynet but it doesn't do what I need because if I define a 
 pipe with 1mbps and if I have 1000 connections, each connection will have 
 less than 50kbps.
 
 Any way to do this in FreeBSD ?

The ipfw(8) man page describes a mask configuration parameter.

# /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s

This creates a separate dynamic pipe per source ip address. Each pipe
has a dedicated 56kbps. The man page implies that the mask can combine
fields, so to uniquely identify each connection, you would mask all
bits of source and destination IP and ports. It looks like the all
keyword might do just the trick.

-- 
Chris Cowart
Network Technical Lead
Network  Infrastructure Services, RSSP-IT
UC Berkeley


pgp5KnNOvP2bP.pgp
Description: PGP signature

RE: FreeBSD Traffic Shaping

[The-IRC Hosting Administration Team]

I have personally tried that before and it did not worked as described, in
fact it didn't work at all to limit anything on FBSD6.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher Cowart
Sent: Tuesday, April 01, 2008 7:55 PM
To: [EMAIL PROTECTED]
Cc: freebsd-questions@freebsd.org
Subject: Re: FreeBSD Traffic Shaping

[EMAIL PROTECTED] wrote:
 I am trying to limit the bandwidth available to some connections and 
 I'm not sure FreeBSD can handle this. Maybe some of you can help. 
 Here's what I need to have exactly.
 
 No matter what the number of connections, each connection should have 
 at most/least 50kbps guaranteed outbound on port 80.
 
 I've tried dummynet but it doesn't do what I need because if I define 
 a pipe with 1mbps and if I have 1000 connections, each connection will 
 have less than 50kbps.
 
 Any way to do this in FreeBSD ?

The ipfw(8) man page describes a mask configuration parameter.

# /sbin/ipfw pipe 1 config mask src-ip 0x bw 56Kbit/s

This creates a separate dynamic pipe per source ip address. Each pipe has a
dedicated 56kbps. The man page implies that the mask can combine fields, so
to uniquely identify each connection, you would mask all bits of source
and destination IP and ports. It looks like the all
keyword might do just the trick.

--
Chris Cowart
Network Technical Lead
Network  Infrastructure Services, RSSP-IT UC Berkeley

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Dan Pelleg]

Vincent Poy [EMAIL PROTECTED] writes:

 Greetings all:
 
   I have a ADSL connection where the upstream pipe is smaller than
 the downstream with it at 1.5Mbps/384kbps now and will be upgrading to
 6Mbps/608kbps soon.  The issue I'm having is that whenever I upload, it
 fills the upstream to full capacity and the downstream would lag as the
 ACKs can't be send back in time.  I was told that with traffic shaping or
 fair queue routing would solve this issue but I only have one NIC
 interface as I am running FreeBSD on a fully loaded notebook with a
 Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0
 built in NIC.  The problem is that I have 8 static IP's with my ISP so
 that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on
 the LAN so I want those to use the full speed of the connection without
 traffic shaping.  The NIC also has the 192.168.x.x netmask 255.255.0.0
 addresses for the local LAN as well so how do I setup traffic shaping in
 this scenario so that only traffic that actually uses x.x.x.1 from the
 x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or
 fair queue routing while LAN traffic will just use the full speed.  I
 already have these options in the KERNEL config.
 
 options IPFIREWALL
 options IPDIVERT
 options DUMMYNET
 options BRIDGE
 
   Thanks for your help in advance!
 
 

See ipfw(8). You can match rules by interface or address mask, so you don't
need to touch LAN traffic.

Correct, the problem when you upload on an assymetric link has to do with
acknowledgment packets that downloading apps need to send back to the
remote server, and they have to wait in the upload queue (which is
saturated). You need to prioritize those. One way to do this is to filter
on small iplen. This has been discussed in the mailing lists in the past
(try the archive of the ipfw@ list). Just remember you can only shape
outbound packets (ie, leaving your computer). Doesn't matter if they're up
or down the DSL line, just that they go out (shaping incoming traffic makes
no sense).

-- 

  Dan Pelleg
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Vincent Poy]

On 6 Feb 2004, Dan Pelleg wrote:

 Vincent Poy [EMAIL PROTECTED] writes:

  Greetings all:
 
  I have a ADSL connection where the upstream pipe is smaller than
  the downstream with it at 1.5Mbps/384kbps now and will be upgrading to
  6Mbps/608kbps soon.  The issue I'm having is that whenever I upload, it
  fills the upstream to full capacity and the downstream would lag as the
  ACKs can't be send back in time.  I was told that with traffic shaping or
  fair queue routing would solve this issue but I only have one NIC
  interface as I am running FreeBSD on a fully loaded notebook with a
  Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0
  built in NIC.  The problem is that I have 8 static IP's with my ISP so
  that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on
  the LAN so I want those to use the full speed of the connection without
  traffic shaping.  The NIC also has the 192.168.x.x netmask 255.255.0.0
  addresses for the local LAN as well so how do I setup traffic shaping in
  this scenario so that only traffic that actually uses x.x.x.1 from the
  x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or
  fair queue routing while LAN traffic will just use the full speed.  I
  already have these options in the KERNEL config.
 
  options IPFIREWALL
  options IPDIVERT
  options DUMMYNET
  options BRIDGE
 
  Thanks for your help in advance!

 See ipfw(8). You can match rules by interface or address mask, so you don't
 need to touch LAN traffic.

That's the part I'm confused about.  Since I only have one
interface, I assume I have to do it by address mask but how would one
define it as for example,

10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well
as 10.0.0.232-254 would?

 Correct, the problem when you upload on an assymetric link has to do with
 acknowledgment packets that downloading apps need to send back to the
 remote server, and they have to wait in the upload queue (which is
 saturated). You need to prioritize those. One way to do this is to filter
 on small iplen. This has been discussed in the mailing lists in the past
 (try the archive of the ipfw@ list). Just remember you can only shape
 outbound packets (ie, leaving your computer). Doesn't matter if they're up
 or down the DSL line, just that they go out (shaping incoming traffic makes
 no sense).

True.  But when you have the shaping, do you actually set it to
the speed of the line or do you set it to like 5% below the speed of the
line and on the acknowledgement packets, does traffic shaping actually
reserve some space for that to go back or does it just queue it a certain
way?  Thanks.


Cheers,
Vince - [EMAIL PROTECTED] - Vice President    __ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
WurldLink Corporation  / / / /  | /  | __] ]
San Francisco - Honolulu - Hong Kong  / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[]
[EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Vincent Poy]

On Fri, 6 Feb 2004, Vincent Poy wrote:

 On 6 Feb 2004, Dan Pelleg wrote:

  Vincent Poy [EMAIL PROTECTED] writes:
 
   Greetings all:
  
 I have a ADSL connection where the upstream pipe is smaller than
   the downstream with it at 1.5Mbps/384kbps now and will be upgrading to
   6Mbps/608kbps soon.  The issue I'm having is that whenever I upload, it
   fills the upstream to full capacity and the downstream would lag as the
   ACKs can't be send back in time.  I was told that with traffic shaping or
   fair queue routing would solve this issue but I only have one NIC
   interface as I am running FreeBSD on a fully loaded notebook with a
   Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0
   built in NIC.  The problem is that I have 8 static IP's with my ISP so
   that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on
   the LAN so I want those to use the full speed of the connection without
   traffic shaping.  The NIC also has the 192.168.x.x netmask 255.255.0.0
   addresses for the local LAN as well so how do I setup traffic shaping in
   this scenario so that only traffic that actually uses x.x.x.1 from the
   x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or
   fair queue routing while LAN traffic will just use the full speed.  I
   already have these options in the KERNEL config.
  
   options IPFIREWALL
   options IPDIVERT
   options DUMMYNET
   options BRIDGE
  
 Thanks for your help in advance!
 
  See ipfw(8). You can match rules by interface or address mask, so you don't
  need to touch LAN traffic.

   That's the part I'm confused about.  Since I only have one
 interface, I assume I have to do it by address mask but how would one
 define it as for example,

 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well
 as 10.0.0.232-254 would?

  Correct, the problem when you upload on an assymetric link has to do with
  acknowledgment packets that downloading apps need to send back to the
  remote server, and they have to wait in the upload queue (which is
  saturated). You need to prioritize those. One way to do this is to filter
  on small iplen. This has been discussed in the mailing lists in the past
  (try the archive of the ipfw@ list). Just remember you can only shape
  outbound packets (ie, leaving your computer). Doesn't matter if they're up
  or down the DSL line, just that they go out (shaping incoming traffic makes
  no sense).

   True.  But when you have the shaping, do you actually set it to
 the speed of the line or do you set it to like 5% below the speed of the
 line and on the acknowledgement packets, does traffic shaping actually
 reserve some space for that to go back or does it just queue it a certain
 way?  Thanks.

After reading ipfw(8), I hope I have it correct that it's
like this:

ipfw add queue 1 ip from any to any out xmit xl0
ipfw pipe 1 config bw 384Kbit/s
ipfw queue 1 config pipe 1 weight 30 mask all

Now I'm just confused how to do the IP portion so that:

192.168.0.0 255.255.0.0
209.204.138.224-231
are not included

but everything else in 209.204.x.x is as well as any undefined IP.


Cheers,
Vince - [EMAIL PROTECTED] - Vice President    __ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
WurldLink Corporation  / / / /  | /  | __] ]
San Francisco - Honolulu - Hong Kong  / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[]
[EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Dan Pelleg]

Vincent Poy [EMAIL PROTECTED] writes:

 On 6 Feb 2004, Dan Pelleg wrote:
 
  Vincent Poy [EMAIL PROTECTED] writes:
 
   Greetings all:
  
 I have a ADSL connection where the upstream pipe is smaller than
   the downstream with it at 1.5Mbps/384kbps now and will be upgrading to
   6Mbps/608kbps soon.  The issue I'm having is that whenever I upload, it
   fills the upstream to full capacity and the downstream would lag as the
   ACKs can't be send back in time.  I was told that with traffic shaping or
   fair queue routing would solve this issue but I only have one NIC
   interface as I am running FreeBSD on a fully loaded notebook with a
   Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0
   built in NIC.  The problem is that I have 8 static IP's with my ISP so
   that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on
   the LAN so I want those to use the full speed of the connection without
   traffic shaping.  The NIC also has the 192.168.x.x netmask 255.255.0.0
   addresses for the local LAN as well so how do I setup traffic shaping in
   this scenario so that only traffic that actually uses x.x.x.1 from the
   x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or
   fair queue routing while LAN traffic will just use the full speed.  I
   already have these options in the KERNEL config.
  
   options IPFIREWALL
   options IPDIVERT
   options DUMMYNET
   options BRIDGE
  
 Thanks for your help in advance!
 
  See ipfw(8). You can match rules by interface or address mask, so you don't
  need to touch LAN traffic.
 
   That's the part I'm confused about.  Since I only have one
 interface, I assume I have to do it by address mask but how would one
 define it as for example,
 
 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well
 as 10.0.0.232-254 would?
 

Whatever rule you have for shaping, you condition it on from
10.0.0.224/28 (or whatever the appropriate mask is). Or use the negation
of the condition and have a special case for non-capped traffic (so
internet traffic falls through to the next rule).

  Correct, the problem when you upload on an assymetric link has to do with
  acknowledgment packets that downloading apps need to send back to the
  remote server, and they have to wait in the upload queue (which is
  saturated). You need to prioritize those. One way to do this is to filter
  on small iplen. This has been discussed in the mailing lists in the past
  (try the archive of the ipfw@ list). Just remember you can only shape
  outbound packets (ie, leaving your computer). Doesn't matter if they're up
  or down the DSL line, just that they go out (shaping incoming traffic makes
  no sense).
 
   True.  But when you have the shaping, do you actually set it to
 the speed of the line or do you set it to like 5% below the speed of the
 line and on the acknowledgement packets, does traffic shaping actually
 reserve some space for that to go back or does it just queue it a certain
 way?  Thanks.
 

You need to handle the ack packets specially in your rules, it will not
reserve bandwidth for them unless you tell it to.

With ipfw, there are two ways to do this. Again I'm only talking about
packets leaving your computer and heading to the internet (so condition the
rules appropriately)

1. two pipes, one with static allocation (say 95% of bw, or whatever works
for you), other can have unlimited bw. Non-ack packets go to the capped
pipe, ack packets go to the other one.

alternatively,

2. one pipe (unlimited bw), two queues in that pipe, one queue has a much
much higher weight. Non-ack packets go to one pipe (low weight), ack
packets to the other. This approach actually lets you use the entire
available bandwidth for either kind of traffic if there is no other demand
for it. It also frees you from having to specify the maximum bandwidth,
which can change when you, say, upgrade your DSL, or even take the laptop
to a wifi cafe.

-- 

  Dan Pelleg
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Dan Pelleg]

Vincent Poy [EMAIL PROTECTED] writes:

 
   After reading ipfw(8), I hope I have it correct that it's
 like this:
 
 ipfw add queue 1 ip from any to any out xmit xl0

Shouldn't ipfw add queue 1 be enough?

 ipfw pipe 1 config bw 384Kbit/s
 ipfw queue 1 config pipe 1 weight 30 mask all
 
   Now I'm just confused how to do the IP portion so that:
 
 192.168.0.0 255.255.0.0
 209.204.138.224-231
 are not included
 
 but everything else in 209.204.x.x is as well as any undefined IP.

the first match wins. So:

pass from 192.168.0.0/16 to any
pass from 209.204.138.224/29 to any
queue 1 from any to any

alternatively, use a skipto rule. Whatever fits in your ruleset better.


-- 

  Dan Pelleg
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Vincent Poy]

On 6 Feb 2004, Dan Pelleg wrote:

 Vincent Poy [EMAIL PROTECTED] writes:

  On 6 Feb 2004, Dan Pelleg wrote:
 
   Vincent Poy [EMAIL PROTECTED] writes:
  
Greetings all:
   
I have a ADSL connection where the upstream pipe is smaller than
the downstream with it at 1.5Mbps/384kbps now and will be upgrading to
6Mbps/608kbps soon.  The issue I'm having is that whenever I upload, it
fills the upstream to full capacity and the downstream would lag as the
ACKs can't be send back in time.  I was told that with traffic shaping or
fair queue routing would solve this issue but I only have one NIC
interface as I am running FreeBSD on a fully loaded notebook with a
Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0
built in NIC.  The problem is that I have 8 static IP's with my ISP so
that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on
the LAN so I want those to use the full speed of the connection without
traffic shaping.  The NIC also has the 192.168.x.x netmask 255.255.0.0
addresses for the local LAN as well so how do I setup traffic shaping in
this scenario so that only traffic that actually uses x.x.x.1 from the
x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or
fair queue routing while LAN traffic will just use the full speed.  I
already have these options in the KERNEL config.
   
options IPFIREWALL
options IPDIVERT
options DUMMYNET
options BRIDGE
   
Thanks for your help in advance!
  
   See ipfw(8). You can match rules by interface or address mask, so you don't
   need to touch LAN traffic.
 
  That's the part I'm confused about.  Since I only have one
  interface, I assume I have to do it by address mask but how would one
  define it as for example,
 
  10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well
  as 10.0.0.232-254 would?
 

 Whatever rule you have for shaping, you condition it on from
 10.0.0.224/28 (or whatever the appropriate mask is). Or use the negation
 of the condition and have a special case for non-capped traffic (so
 internet traffic falls through to the next rule).

That's the part where it becomes difficult since even though I
have 8 IP's, it's still on a /24 mask so only the 8 IP's in that /24 are
actually local.

   Correct, the problem when you upload on an assymetric link has to do with
   acknowledgment packets that downloading apps need to send back to the
   remote server, and they have to wait in the upload queue (which is
   saturated). You need to prioritize those. One way to do this is to filter
   on small iplen. This has been discussed in the mailing lists in the past
   (try the archive of the ipfw@ list). Just remember you can only shape
   outbound packets (ie, leaving your computer). Doesn't matter if they're up
   or down the DSL line, just that they go out (shaping incoming traffic makes
   no sense).
 
  True.  But when you have the shaping, do you actually set it to
  the speed of the line or do you set it to like 5% below the speed of the
  line and on the acknowledgement packets, does traffic shaping actually
  reserve some space for that to go back or does it just queue it a certain
  way?  Thanks.

 You need to handle the ack packets specially in your rules, it will not
 reserve bandwidth for them unless you tell it to.

 With ipfw, there are two ways to do this. Again I'm only talking about
 packets leaving your computer and heading to the internet (so condition the
 rules appropriately)

 1. two pipes, one with static allocation (say 95% of bw, or whatever works
 for you), other can have unlimited bw. Non-ack packets go to the capped
 pipe, ack packets go to the other one.

 alternatively,

 2. one pipe (unlimited bw), two queues in that pipe, one queue has a much
 much higher weight. Non-ack packets go to one pipe (low weight), ack
 packets to the other. This approach actually lets you use the entire
 available bandwidth for either kind of traffic if there is no other demand
 for it. It also frees you from having to specify the maximum bandwidth,
 which can change when you, say, upgrade your DSL, or even take the laptop
 to a wifi cafe.

The second approach does seem to work better since basically, it
prioritizes the ack portion.  I guess ipfw is something I have to figure
out. :)


Cheers,
Vince - [EMAIL PROTECTED] - Vice President    __ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
WurldLink Corporation  / / / /  | /  | __] ]
San Francisco - Honolulu - Hong Kong  / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[]
[EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin

___
[EMAIL PROTECTED] 

Re: FreeBSD Traffic Shaping?

[Vincent Poy]

On 6 Feb 2004, Dan Pelleg wrote:

 Vincent Poy [EMAIL PROTECTED] writes:

 
  After reading ipfw(8), I hope I have it correct that it's
  like this:
 
  ipfw add queue 1 ip from any to any out xmit xl0

 Shouldn't ipfw add queue 1 be enough?

Don't know, that was what I was told to do by Luigi many years ago
except it was for PPPoE so I didn't have a static IP at all as that one
was interface specific.

  ipfw pipe 1 config bw 384Kbit/s
  ipfw queue 1 config pipe 1 weight 30 mask all
 
  Now I'm just confused how to do the IP portion so that:
 
  192.168.0.0 255.255.0.0
  209.204.138.224-231
  are not included
 
  but everything else in 209.204.x.x is as well as any undefined IP.

 the first match wins. So:

 pass from 192.168.0.0/16 to any
 pass from 209.204.138.224/29 to any
 queue 1 from any to any

 alternatively, use a skipto rule. Whatever fits in your ruleset better.

A question on the /29 one, as my ISP seems to give the 8 IP's from
a /24 netmask, wouldn't the /29 actually filter out .224 and .231 from
working or does it basically excluse that range.


Cheers,
Vince - [EMAIL PROTECTED] - Vice President    __ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
WurldLink Corporation  / / / /  | /  | __] ]
San Francisco - Honolulu - Hong Kong  / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[]
[EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Dan Pelleg]

Vincent Poy writes:
  
   That's the part where it becomes difficult since even though I
  have 8 IP's, it's still on a /24 mask so only the 8 IP's in that /24 are
  actually local.
  

Use a /27 mask.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: FreeBSD Traffic Shaping?

[Vincent Poy]

On Fri, 6 Feb 2004, Dan Pelleg wrote:

 Vincent Poy writes:
  
  That's the part where it becomes difficult since even though I
   have 8 IP's, it's still on a /24 mask so only the 8 IP's in that /24 are
   actually local.

 Use a /27 mask.

a /27 would work except it'll be 32 IP's with 24 of them that
would need the traffic shaping.  So hopefully this would work:

ipfw add queue 1 ip from any to any out xmit xl0
or just ipfw add queue 1
followed by:

ipfw pipe 1 config bw 384Kbit/s
ipfw queue 1 config pipe 1 weight 30 mask all
ipfw pass from 192.168.0.0/16 to any
ipfw pass from 209.204.138.224 to any
ipfw pass from 209.204.138.225 to any
ipfw pass from 209.204.138.226 to any
ipfw pass from 209.204.138.227 to any
ipfw pass from 209.204.138.228 to any
ipfw pass from 209.204.138.229 to any
ipfw pass from 209.204.138.230 to any
ipfw pass from 209.204.138.231 to any
ipfw queue 1 from any to any

Now just have to figure out how to make it so that ack's would
have priority.  Thanks!


Cheers,
Vince - [EMAIL PROTECTED] - Vice President    __ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
WurldLink Corporation  / / / /  | /  | __] ]
San Francisco - Honolulu - Hong Kong  / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[]
[EMAIL PROTECTED] - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]