Re: ipfw dummynet bandwidth limiting questions
On Tue, Nov 18, 2003 at 03:48:57AM +0100, Alex de Kruijff wrote: On Mon, Nov 17, 2003 at 04:03:52PM -0800, Kelsey Cummings wrote: I've had some trouble getting ipfw to behave as expected. I've got a ipfw box sitting as a firewall and traffic shaper in bridge mode. It's working great for the most part but I'm having trouble getting some specific behavior to work right. I'm currently limiting all outbound streams to 1.5mbits, and this works great. However, I'd also like to setup an overall cap for all traffic to run at 25mbits. I can only get one or the other of these rule/pipe combos to take affect at any given time. I must be missing something obvious: The rules in questions are as follows: add 420 pipe 420 tcp from $slb_www 80 to any pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 add 440 pipe 440 tcp from $slb_www 80 to any pipe 440 config bw 25Mbit/s queue 100 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. The packets are allowed on 420 you can disable this with: exec = /sbin/sysctl net.inet.ip.fw.one_pass=0 Alex, any other suggestions? I'd already played with one_pass without luck, and have tried again. # sysctl -a net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 #ipfw show .. 00420 4942806 6549461073 pipe 420 tcp from IP 80 to any 00440 0 0 pipe 440 tcp from IP 80 to any .. I tried removing both rules and pipes, adding them back, it hasn't helped. -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax)http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw dummynet bandwidth limiting questions
On Tue, Nov 18, 2003 at 12:02:27PM -0800, Kelsey Cummings wrote: On Tue, Nov 18, 2003 at 03:48:57AM +0100, Alex de Kruijff wrote: On Mon, Nov 17, 2003 at 04:03:52PM -0800, Kelsey Cummings wrote: I've had some trouble getting ipfw to behave as expected. I've got a ipfw box sitting as a firewall and traffic shaper in bridge mode. It's working great for the most part but I'm having trouble getting some specific behavior to work right. I'm currently limiting all outbound streams to 1.5mbits, and this works great. However, I'd also like to setup an overall cap for all traffic to run at 25mbits. I can only get one or the other of these rule/pipe combos to take affect at any given time. I must be missing something obvious: The rules in questions are as follows: add 420 pipe 420 tcp from $slb_www 80 to any pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 add 440 pipe 440 tcp from $slb_www 80 to any pipe 440 config bw 25Mbit/s queue 100 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. The packets are allowed on 420 you can disable this with: exec = /sbin/sysctl net.inet.ip.fw.one_pass=0 Alex, any other suggestions? I'd already played with one_pass without luck, and have tried again. # sysctl -a net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 #ipfw show .. 00420 4942806 6549461073 pipe 420 tcp from IP 80 to any 00440 0 0 pipe 440 tcp from IP 80 to any .. Could you try this firewall: ipfw flush ipfw add pipe 1 ip from any to any out ipfw add pipe 2 ip from any to any out ipfw pipe 1 config bw 1500Kbit/s dst-ip 0x ipfw pipe 2 config bw 25Mbit/s With net.inet.ip.fw.one_pass set to 0 all packets should pass though both pipes. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw dummynet bandwidth limiting questions
I've had some trouble getting ipfw to behave as expected. I've got a ipfw box sitting as a firewall and traffic shaper in bridge mode. It's working great for the most part but I'm having trouble getting some specific behavior to work right. I'm currently limiting all outbound streams to 1.5mbits, and this works great. However, I'd also like to setup an overall cap for all traffic to run at 25mbits. I can only get one or the other of these rule/pipe combos to take affect at any given time. I must be missing something obvious: The rules in questions are as follows: add 420 pipe 420 tcp from $slb_www 80 to any pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 add 440 pipe 440 tcp from $slb_www 80 to any pipe 440 config bw 25Mbit/s queue 100 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. Also, is it possible to increase the hash table size beyond 1024? Practically speaking, does anyone have any experience doing trafic shapping at gige rates? The property behind this box is growing rapidly and we expect to saturate fe in a few month. I'd appreciate if you could cc me in response. -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax)http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw dummynet bandwidth limiting questions
On Mon, Nov 17, 2003 at 04:03:52PM -0800, Kelsey Cummings wrote: I've had some trouble getting ipfw to behave as expected. I've got a ipfw box sitting as a firewall and traffic shaper in bridge mode. It's working great for the most part but I'm having trouble getting some specific behavior to work right. I'm currently limiting all outbound streams to 1.5mbits, and this works great. However, I'd also like to setup an overall cap for all traffic to run at 25mbits. I can only get one or the other of these rule/pipe combos to take affect at any given time. I must be missing something obvious: The rules in questions are as follows: add 420 pipe 420 tcp from $slb_www 80 to any pipe 420 config bw 1500Kbit/s queue 35 mask dst-ip 0x buckets 1024 add 440 pipe 440 tcp from $slb_www 80 to any pipe 440 config bw 25Mbit/s queue 100 'ipfw show' shows zero hits on rule 440, it sure seems like it should work. The packets are allowed on 420 you can disable this with: exec = /sbin/sysctl net.inet.ip.fw.one_pass=0 -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]