From owner-freebsd-ipfw@FreeBSD.ORG Mon May 31 11:06:58 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFFA8106566B for ; Mon, 31 May 2010 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9D96A8FC1F for ; Mon, 31 May 2010 11:06:58 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4VB6wRP046028 for ; Mon, 31 May 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4VB6wu8046026 for freebsd-ipfw@FreeBSD.org; Mon, 31 May 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 31 May 2010 11:06:58 GMT Message-Id: <201005311106.o4VB6wu8046026@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 May 2010 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/145733 ipfw [ipfw] [patch] ipfw flaws with ipv6 fragments o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/145167 ipfw [ipfw] ipfw nat does not follow its documentation o kern/144869 ipfw [ipfw] [panic] Instant kernel panic when adding NAT ru o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 71 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon May 31 20:20:04 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DBDA106564A for ; Mon, 31 May 2010 20:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3279F8FC0A for ; Mon, 31 May 2010 20:20:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4VKK3IO023482 for ; Mon, 31 May 2010 20:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4VKK34L023472; Mon, 31 May 2010 20:20:03 GMT (envelope-from gnats) Date: Mon, 31 May 2010 20:20:03 GMT Message-Id: <201005312020.o4VKK34L023472@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: freebsdlists@permissiondenied.org Cc: Subject: Re: kern/144869: [ipfw] [panic] Instant kernel panic when adding NAT rules using ipfw on em interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsdlists@permissiondenied.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 May 2010 20:20:04 -0000 The following reply was made to PR kern/144869; it has been noted by GNATS. From: freebsdlists@permissiondenied.org To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/144869: [ipfw] [panic] Instant kernel panic when adding NAT rules using ipfw on em interfaces Date: Mon, 31 May 2010 21:39:35 +0200 (CEST) The kernel panic can no longer be reproduced in 8.1-PRERELEASE from May 31 2010. From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 2 12:23:26 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAC52106564A for ; Wed, 2 Jun 2010 12:23:26 +0000 (UTC) (envelope-from ml@infosec.pl) Received: from v027580.home.net.pl (v027580.home.net.pl [89.161.156.148]) by mx1.freebsd.org (Postfix) with SMTP id 045038FC0C for ; Wed, 2 Jun 2010 12:23:25 +0000 (UTC) Received: from 94-193-57-116.zone7.bethere.co.uk [94.193.57.116] (HELO [192.168.1.65]) by freeside.home.pl [89.161.156.148] with SMTP (IdeaSmtpServer v0.70) id 611da203222d24ff; Wed, 2 Jun 2010 14:23:28 +0200 Message-ID: <4C064D2F.8060800@infosec.pl> Date: Wed, 02 Jun 2010 13:23:11 +0100 From: Michal User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.9) Gecko/20100405 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: beginner's question about proper syntax X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jun 2010 12:23:26 -0000 Hello, I don't have to worry about backward compatibility and I would like to go with 'modern' syntax for rule body. Are these two rules equal and exactly the same for ipfw? Is there any overhead or drawbacks of using one and not the other? example 1: allow tcp from me $ports_range_bc to any 80 out via $if_ext setup keep-state uid $user_regular example 2: allow out via $if_ext proto tcp src-ip me src-port $ports_range_bc dst-ip any dst-port 80 uid $user_regular setup keep-state After loading and listing my rules I can see that example 2 was processed as: allow ip from any to any out via wlan0 proto tcp src-ip me src-port 1024-65535 dst-port 80 uid michal setup keep-state Michal -- "Et ipsa scientia potestas est." -- Francis Bacon From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 2 19:24:56 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1334A106566B for ; Wed, 2 Jun 2010 19:24:56 +0000 (UTC) (envelope-from lynx.ripe@gmail.com) Received: from mail-pz0-f175.google.com (mail-pz0-f175.google.com [209.85.222.175]) by mx1.freebsd.org (Postfix) with ESMTP id E108D8FC08 for ; Wed, 2 Jun 2010 19:24:55 +0000 (UTC) Received: by pzk5 with SMTP id 5so3592944pzk.14 for ; Wed, 02 Jun 2010 12:24:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=FfJPF+S3nGrF22nVhJK/ttf6nU2NydnsVO7R4EXlHfU=; b=ZJVqKwCu0DC+Gch5V77HG11uckpSVXeKDnLeb08VHHvZo70HFQDMe3YThUPwVl43KB E9jRTYB7p+/koxVlNcakefdj2x5AjLb9FkC/gvEBjiVpUX4OtsAcRl4xQmAshIvEGza0 dse0Spg6RGXxQq1JGAKTbN0hdg3WNCCwbWoPg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=inQx8513G9SyULzs/ALFqR61HF4OwDVDYR6HLzxbQUI3q5WL/dmjWChfLI3zLkDJMr FianiB4rkP1tmxq8WPMGP/TrsWi6/2HLCwdTP1rLW182DFenby0N/tErNPar13W8WqTr viWCbW7/BGkZIacUVYRGZl25z0m0Sx/MAMq/U= MIME-Version: 1.0 Received: by 10.141.90.5 with SMTP id s5mr6905337rvl.262.1275504798873; Wed, 02 Jun 2010 11:53:18 -0700 (PDT) Received: by 10.231.178.162 with HTTP; Wed, 2 Jun 2010 11:53:18 -0700 (PDT) Date: Wed, 2 Jun 2010 21:53:18 +0300 Message-ID: From: Dmitry Pryanishnikov To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Loading dummynet via loader.conf doesn't work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jun 2010 19:24:56 -0000 Hello! In RELENG_6 loading dummynet.ko from /boot/loader.conf dummynet_load="YES" works correctly. However in fresh RELENG_8 it results in strange behaviour: loader shows /boot/kernel/dummynet.ko getting loaded, then adds "loading required module 'dummynet'". However 'lsmod' from loader and kldstat/ipfw show that dummynet is not actually loaded! Yes, I'm aware of dummynet_enable rc.conf variable, just curious why loading dummynet via loader ceased to work... -- Sincerely, Dmitry nic-hdl: LYNX-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 3 15:32:41 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5689D1065674 for ; Thu, 3 Jun 2010 15:32:41 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 1D2538FC18 for ; Thu, 3 Jun 2010 15:32:40 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 9304473098; Thu, 3 Jun 2010 17:43:07 +0200 (CEST) Date: Thu, 3 Jun 2010 17:43:07 +0200 From: Luigi Rizzo To: Dmitry Pryanishnikov Message-ID: <20100603154307.GA15124@onelab2.iet.unipi.it> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: Loading dummynet via loader.conf doesn't work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 15:32:41 -0000 On Wed, Jun 02, 2010 at 09:53:18PM +0300, Dmitry Pryanishnikov wrote: > Hello! > > In RELENG_6 loading dummynet.ko from /boot/loader.conf > > dummynet_load="YES" > > works correctly. However in fresh RELENG_8 it results in strange > behaviour: loader shows /boot/kernel/dummynet.ko getting loaded, then > adds "loading required module 'dummynet'". However 'lsmod' from loader > and kldstat/ipfw show that dummynet is not actually loaded! Yes, I'm > aware of dummynet_enable > rc.conf variable, just curious why loading dummynet via loader ceased to work... there might be some missing dependency at the end of the module. thanks for the report, will check. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 3 16:29:22 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 322431065670 for ; Thu, 3 Jun 2010 16:29:22 +0000 (UTC) (envelope-from bored_to_death85@yahoo.com) Received: from n13.bullet.mail.ac4.yahoo.com (n13.bullet.mail.ac4.yahoo.com [74.6.228.93]) by mx1.freebsd.org (Postfix) with SMTP id D57E28FC1B for ; Thu, 3 Jun 2010 16:29:21 +0000 (UTC) Received: from [76.13.12.66] by n13.bullet.mail.ac4.yahoo.com with NNFMP; 03 Jun 2010 16:29:21 -0000 Received: from [74.6.228.81] by t7.bullet.mail.ac4.yahoo.com with NNFMP; 03 Jun 2010 16:29:21 -0000 Received: from [127.0.0.1] by omp1002.mail.ac4.yahoo.com with NNFMP; 03 Jun 2010 16:29:21 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 429408.2348.bm@omp1002.mail.ac4.yahoo.com Received: (qmail 29459 invoked by uid 60001); 3 Jun 2010 16:29:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1275582561; bh=wzXm2tozSRHigpHzcvmZaHE/TxpezVh52gJMNae3fsI=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=Y04ecxTfVUTjA5TDqc33+i6yTJHKLKiBmdGEPfFhkHcM3WT3+gSuppmsvih8QOdIPLG3f3OXk3QlreA/4oQe6b1T2bIye+NdHgQ+cWuG//H0ycpVCYGqHXxa3iOkEYKXEY+bHkBe+nbMNEJiY5u45Tg0hJse+0ugEeIBvqXX1YA= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=naAt0k/0z/cyBKypNPTX1aUyUcyHEYARDDXMk5O1JoOkBHqA9q5nxAlSOebC6JyVicq7TSYGeBv2Ache8j7QCkAFTscWaQa6hjw2Mtb03WyL77YSRK4IAA1/t1By1A9+V/v/nUQAIPcIAwzsOTephlf1g800YWpercI4nnHd+r4=; Message-ID: <247123.29322.qm@web59713.mail.ac4.yahoo.com> X-YMail-OSG: I_mM4r0VM1ns5qg2jU4hAvH3dk0JqIElfTFvnaaoA8PPK1S WJOTDonjkUy6BQHYVrfkqT2ml4tgCpr2CnWABn1qzfNsm4GDAOG1l1j8VXSz hIwcwWLGusoTRHF9QgULeYWTdv8nFT7uMmK9xCELyW21ic.XIsfF8wu_cMAk qCmUG.JrbaiK4EUhFa7DDWCDPtA53QOSuJfETHXpusBG7ejRcsqVh1Sgir1w nC9s- Received: from [89.165.120.190] by web59713.mail.ac4.yahoo.com via HTTP; Thu, 03 Jun 2010 09:29:20 PDT X-Mailer: YahooMailRC/374.4 YahooMailWebService/0.8.103.269680 Date: Thu, 3 Jun 2010 09:29:20 -0700 (PDT) From: bored to death To: freebsd-ipfw MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 16:29:22 -0000 hello, i'm trying to limit my input traffic bandwidth on freebsd. i used ipfw+dummynet. without limitation, i have almost 1Gbit/s input traffic on my system. when i try to limit the bandwidth, it works fine on low to normal limitation number (up to 450 Mbit/s). but when i limit my traffic to an amount bigger than 500MBit/s, my input traffic lowers down to average of 430 MBit/s. no matter what limitations i set(from 500MBit/s to 1000MBit/s) my input traffic rate is getting stucked at 430MBit/s. i suspected low hardware performance, so i tried this on 2 different systems with freebsd-8.0 and the result is exactly the same. my ipfw rules are: Code: ipfw -q flush ipfw -q add 500 set 1 pipe 1 all from any to any in ipfw pipe 1 config bw 700Mbit/s ipfw add 1000 allow all from any to anyso my question is: 1- is ipfw+dummynet traffic limit control, has performance problem that cannot limit traffic correctly if limitation number is bigger than 500MBit/s? 2- is there any other way (other than ipfw+dummynet) to limit input bandwidth in freebsd? thank you. From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 3 17:17:06 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EDFA1065686 for ; Thu, 3 Jun 2010 17:17:06 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 1513D8FC21 for ; Thu, 3 Jun 2010 17:17:05 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 3A2C773098; Thu, 3 Jun 2010 19:27:33 +0200 (CEST) Date: Thu, 3 Jun 2010 19:27:33 +0200 From: Luigi Rizzo To: bored to death Message-ID: <20100603172733.GA16454@onelab2.iet.unipi.it> References: <247123.29322.qm@web59713.mail.ac4.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <247123.29322.qm@web59713.mail.ac4.yahoo.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw Subject: Re: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 17:17:06 -0000 On Thu, Jun 03, 2010 at 09:29:20AM -0700, bored to death wrote: > hello, > > i'm trying to limit my input traffic bandwidth on freebsd. i used > ipfw+dummynet. without limitation, i have almost 1Gbit/s input traffic > on my system. when i try to limit the bandwidth, it works fine on low > to normal limitation number (up to 450 Mbit/s). > but when i limit my traffic to an amount bigger than 500MBit/s, my > input traffic lowers down to average of 430 MBit/s. no matter what > limitations i set(from 500MBit/s to 1000MBit/s) my input traffic rate > is getting stucked at 430MBit/s. try to run the kernel with higher value of HZ (in /boot/loader.conf kern.hz=4000 and see if the situation improves. I think the symptoms you are seeing depend on the fact that packets are released every 1/HZ seconds probably causing some queue overflow at high packet rates and [relatively] low HZ values. cheers luigi > i suspected low hardware performance, so i tried this on 2 different > systems with freebsd-8.0 and the result is exactly the same. > > my ipfw rules are: > > Code: > ipfw -q flush > ipfw -q add 500 set 1 pipe 1 all from any to any in > ipfw pipe 1 config bw 700Mbit/s > ipfw add 1000 allow all from any to anyso my question is: > 1- is ipfw+dummynet traffic limit control, has performance problem that > cannot limit traffic correctly if limitation number is bigger than > 500MBit/s? > 2- is there any other way (other than ipfw+dummynet) to limit input bandwidth in freebsd? > > thank you. > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 4 08:19:34 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE1221065677 for ; Fri, 4 Jun 2010 08:19:34 +0000 (UTC) (envelope-from bored_to_death85@yahoo.com) Received: from n13.bullet.mail.ac4.yahoo.com (n13.bullet.mail.ac4.yahoo.com [74.6.228.93]) by mx1.freebsd.org (Postfix) with SMTP id 576CB8FC19 for ; Fri, 4 Jun 2010 08:19:34 +0000 (UTC) Received: from [76.13.12.66] by n13.bullet.mail.ac4.yahoo.com with NNFMP; 04 Jun 2010 08:19:33 -0000 Received: from [74.6.228.82] by t7.bullet.mail.ac4.yahoo.com with NNFMP; 04 Jun 2010 08:19:33 -0000 Received: from [127.0.0.1] by omp1003.mail.ac4.yahoo.com with NNFMP; 04 Jun 2010 08:19:33 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 643718.9500.bm@omp1003.mail.ac4.yahoo.com Received: (qmail 40248 invoked by uid 60001); 4 Jun 2010 08:19:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1275639573; bh=xk8/IRwDNXmkKTLMItrD8UlcprVSoqJNIU01tsqh1dc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=6lBP1SJ2AwHgcBU/9I8IFj6O4AIFDHPZ6kt1MMekSdCoHKIhgtTDltrg1CP9k1LtxAhphAbzhMUom2qoZlio0XQ017bLWDhwJ2m3OZ3tNmVhKPH+y7YkPJBBhxAmXGZkv8wvcBZK7yQHPtcnKbXdQhNAquDMqTrXRuF3V0nSnRc= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=yLg2wh4gh+eKN3flhhwAJ2JwbpFC76nR0DxG9HvNCgmI7cI26UGFiMyL56dhHJEqJFIo4L8iymJR7jwMthFItilZ8+2rdzveMpN4/A6KnLZKD3d94YdKIhHi1u4/JFf1MA+0ilWzW2QDcRy9RQxqzSK41JkVUpPUqRFR1CQNjBA=; Message-ID: <360703.24596.qm@web59711.mail.ac4.yahoo.com> X-YMail-OSG: TmowvuEVM1mGaPBqMc1I_yi8zIIR.6lluU2C8wiiZot1FLh BtczeKJQmaxzJmkMepPDS6wszyES7SRD4aoSUnjkxL6pO09wtJIZA4D1XGGx OpWAm9btg48xKIkM6UjXosqEGsatYj1Zm9T._3y48r8auXkSkwqq5haIS9QT 0iQUX3nZZqHI9gg5jEU6Pz5rU18kpTu5zIeXt6k_MwtCQ7hRDYK15JEuXipu 1zOFtQRLwUcBfZRr3RhewbGyPdnI_ttgCINdyKQbp_el2yUcTLPb7DChwr67 8R2VdCZg- Received: from [89.165.120.190] by web59711.mail.ac4.yahoo.com via HTTP; Fri, 04 Jun 2010 01:19:32 PDT X-Mailer: YahooMailRC/397.8 YahooMailWebService/0.8.103.269680 References: <247123.29322.qm@web59713.mail.ac4.yahoo.com> <20100603172733.GA16454@onelab2.iet.unipi.it> Date: Fri, 4 Jun 2010 01:19:32 -0700 (PDT) From: bored to death To: Luigi Rizzo In-Reply-To: <20100603172733.GA16454@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw Subject: Re: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 08:19:34 -0000 thank you luigi for your reply, it helped. i changed the hz parameter to 1000 and then 4000 and then 8000 in my /boot/loader.conf. the result got much better. i configured my system as a router and i send 1GB traffic rate passing by it and set an 800MBytes bandwidth limit on input traffic with dummynet. this was the result: with hz=1 (default) between 200MBytes/s and 300MBytes/s with hz=1000 between 200MBytes/s and 300MBytes/s with hz=4000 between 350MBytes/s and 450MBytes/s with hz=8000 between 250MBytes/s and 550MBytes/s the maximum traffic rate is got so much better, but 2 problems still remain: 1- the maximum rate is still not high enough. 2- the rate variation range is high (250-550) and it's not a steady enough. i've also tried setting different "queue" and "burst" values for the pipe. the result is a little better when i set "queue" to a value between 80MBytes and 90MBytes and "burst" to a big number. any other ideas? ________________________________ From: Luigi Rizzo To: bored to death Cc: freebsd-ipfw Sent: Thu, June 3, 2010 9:57:33 PM Subject: Re: traffic bandwidth limit with dummynet On Thu, Jun 03, 2010 at 09:29:20AM -0700, bored to death wrote: > hello, > > i'm trying to limit my input traffic bandwidth on freebsd. i used > ipfw+dummynet. without limitation, i have almost 1Gbit/s input traffic > on my system. when i try to limit the bandwidth, it works fine on low > to normal limitation number (up to 450 Mbit/s). > but when i limit my traffic to an amount bigger than 500MBit/s, my > input traffic lowers down to average of 430 MBit/s. no matter what > limitations i set(from 500MBit/s to 1000MBit/s) my input traffic rate > is getting stucked at 430MBit/s. try to run the kernel with higher value of HZ (in /boot/loader.conf kern.hz=4000 and see if the situation improves. I think the symptoms you are seeing depend on the fact that packets are released every 1/HZ seconds probably causing some queue overflow at high packet rates and [relatively] low HZ values. cheers luigi > i suspected low hardware performance, so i tried this on 2 different > systems with freebsd-8.0 and the result is exactly the same. > > my ipfw rules are: > > Code: > ipfw -q flush > ipfw -q add 500 set 1 pipe 1 all from any to any in > ipfw pipe 1 config bw 700Mbit/s > ipfw add 1000 allow all from any to anyso my question is: > 1- is ipfw+dummynet traffic limit control, has performance problem that > cannot limit traffic correctly if limitation number is bigger than > 500MBit/s? > 2- is there any other way (other than ipfw+dummynet) to limit input bandwidth in freebsd? > > thank you. > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 4 11:46:56 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B3CC21065674 for ; Fri, 4 Jun 2010 11:46:56 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 7987E8FC26 for ; Fri, 4 Jun 2010 11:46:56 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id CFE0F73098; Fri, 4 Jun 2010 13:57:25 +0200 (CEST) Date: Fri, 4 Jun 2010 13:57:25 +0200 From: Luigi Rizzo To: bored to death Message-ID: <20100604115725.GA37274@onelab2.iet.unipi.it> References: <247123.29322.qm@web59713.mail.ac4.yahoo.com> <20100603172733.GA16454@onelab2.iet.unipi.it> <360703.24596.qm@web59711.mail.ac4.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <360703.24596.qm@web59711.mail.ac4.yahoo.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw Subject: Re: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 11:46:56 -0000 On Fri, Jun 04, 2010 at 01:19:32AM -0700, bored to death wrote: > thank you luigi for your reply, it helped. > > i changed the hz parameter to 1000 and then 4000 and then 8000 in my /boot/loader.conf. the result got much better. > i configured my system as a router and i send 1GB traffic rate passing by it and set an 800MBytes bandwidth limit on input traffic with dummynet. > this was the result: > with hz=1 (default) between 200MBytes/s and 300MBytes/s > with hz=1000 between 200MBytes/s and 300MBytes/s > with hz=4000 between 350MBytes/s and 450MBytes/s > with hz=8000 between 250MBytes/s and 550MBytes/s > > the maximum traffic rate is got so much better, but 2 problems still remain: > 1- the maximum rate is still not high enough. > 2- the rate variation range is high (250-550) and it's not a steady enough. > > i've also tried setting different "queue" and "burst" values for the pipe. the result is a little better when i set "queue" to a value between 80MBytes and 90MBytes and "burst" to a big number. > > any other ideas? > HZ=1000 is the default, for the records. Setting the burst size should have no practical effects, whereas setting the queue size e.g. o ipfw pipe 10 config bw 800Mbit/s queue 200kbytes should help a lot, but check your configuration with 'ipfw pipe show' because if you supply an invalid parameter ipfw silently uses a default or something different. As an example, you said you used 80-90 Mbytes but the max queue size is 100 packets or 1023Kbytes and larger values do not produce the desired effect. As a rule of thumb, to make sure that drops are not caused by short queues, you should set the queue size to 1/HZ seconds worth of data -- at HZ=1000 and 1Gbit/s this means 128Kbytes. Note that after the dummynet queue, there might be some other queue that saturates. As an example, when using the box as a router, packets go in bursts to the output interface, and the burst can be as large as 1500 packets per tick on a fully saturated Gig-E (the interface's queue ranges normally between 128 and 1024 slots). The only fix for this is probably using higher values of HZ. chers luigi From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 4 12:25:55 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5A03106566B for ; Fri, 4 Jun 2010 12:25:55 +0000 (UTC) (envelope-from bored_to_death85@yahoo.com) Received: from n13.bullet.mail.ac4.yahoo.com (n13.bullet.mail.ac4.yahoo.com [74.6.228.93]) by mx1.freebsd.org (Postfix) with SMTP id 70A648FC17 for ; Fri, 4 Jun 2010 12:25:55 +0000 (UTC) Received: from [76.13.12.65] by n13.bullet.mail.ac4.yahoo.com with NNFMP; 04 Jun 2010 12:25:54 -0000 Received: from [74.6.228.82] by t6.bullet.mail.ac4.yahoo.com with NNFMP; 04 Jun 2010 12:25:54 -0000 Received: from [127.0.0.1] by omp1003.mail.ac4.yahoo.com with NNFMP; 04 Jun 2010 12:25:54 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 486550.43436.bm@omp1003.mail.ac4.yahoo.com Received: (qmail 34789 invoked by uid 60001); 4 Jun 2010 12:25:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1275654354; bh=15o8ifAMgikeAC/UlmJ7kNMVrt0WAOSwUix6Sl5eFrM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=FrTHxlHevGfMI+XIa3D5iPz4MsWJzBOQsg7Hd3pP38flpkjOs7h1dBKpmrFIi2PbH4IrQifKek1kX3fa2trLVM7qAEODd4iFONc4iMBDp7WHnGMxPt4SsU+us0vRlnNdPnh9L+3mrwtFACEc0vpK8XStAU0N/yqdpu9WhVQS9Sg= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=QQ3pwN5GVHarL1L3s4EwJ++eLY7l+ADTExrzWWUIB4yOc+DbxIe0JLGamqi9oMIr8Xl4Fp9G0/iuX7Tg6SIMyHxFm/vG1ZfyZKKOrDtaU1aV9fpG8Q3Nvgh6L03FZb7H/dfUFM4/QX6/Ro+7gE0b52FBbR5lg77j/tipK4I/uds=; Message-ID: <322466.33198.qm@web59714.mail.ac4.yahoo.com> X-YMail-OSG: 3Op8RpoVM1mpIe9Y_YbG8eWSBi_v_uv9bDmGUntvbb5gykB TOp62GZIk4CWzc1WrPrrgoMzDVztrlmKM4m3F3P1P0HrOero7j7p2XbQTpNn 83rPEW1xMlP8wzSh3lPWJ.kMYSQBsT0eLp7IShGUVoN4WfczJtwbbhrxFdDO KToe_Qn9dLG6E5iPnvUWM5.IRUqmP_oELJBxaZIL9UrOnGBqn7d.zwf90Hsw rpt8iJYc5ml42LoOd5RpWkt.K1cuwBbecUp8sl8m_rq9i1KBlgpvbPWPSDhL .HvLTaG8fRIjbM4PW Received: from [89.165.120.190] by web59714.mail.ac4.yahoo.com via HTTP; Fri, 04 Jun 2010 05:25:54 PDT X-Mailer: YahooMailRC/397.8 YahooMailWebService/0.8.103.269680 References: <247123.29322.qm@web59713.mail.ac4.yahoo.com> <20100603172733.GA16454@onelab2.iet.unipi.it> <360703.24596.qm@web59711.mail.ac4.yahoo.com> <20100604115725.GA37274@onelab2.iet.unipi.it> Date: Fri, 4 Jun 2010 05:25:54 -0700 (PDT) From: bored to death To: Luigi Rizzo In-Reply-To: <20100604115725.GA37274@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw Subject: Re: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 12:25:55 -0000 thank you luigi, your explanation really cleared everything out for me. i changed my pipe 1 config to: ipfw pipe 1 config bw 800Mbits/s queue 200K and set HZ to 4000 and this solved my problem completely. i checked limitations with various values between 400Mbits/s to more than 1000Mbits/s and it works like a charm. (the problem was when i set queue to 80MBytes, queue value was actually set to "80 slots") thanks again luigi. ________________________________ From: Luigi Rizzo To: bored to death Cc: freebsd-ipfw Sent: Fri, June 4, 2010 4:27:25 PM Subject: Re: traffic bandwidth limit with dummynet On Fri, Jun 04, 2010 at 01:19:32AM -0700, bored to death wrote: > thank you luigi for your reply, it helped. > > i changed the hz parameter to 1000 and then 4000 and then 8000 in my /boot/loader.conf. the result got much better. > i configured my system as a router and i send 1GB traffic rate passing by it and set an 800MBytes bandwidth limit on input traffic with dummynet. > this was the result: > with hz=1 (default) between 200MBytes/s and 300MBytes/s > with hz=1000 between 200MBytes/s and 300MBytes/s > with hz=4000 between 350MBytes/s and 450MBytes/s > with hz=8000 between 250MBytes/s and 550MBytes/s > > the maximum traffic rate is got so much better, but 2 problems still remain: > 1- the maximum rate is still not high enough. > 2- the rate variation range is high (250-550) and it's not a steady enough. > > i've also tried setting different "queue" and "burst" values for the pipe. the result is a little better when i set "queue" to a value between 80MBytes and 90MBytes and "burst" to a big number. > > any other ideas? > HZ=1000 is the default, for the records. Setting the burst size should have no practical effects, whereas setting the queue size e.g. o ipfw pipe 10 config bw 800Mbit/s queue 200kbytes should help a lot, but check your configuration with 'ipfw pipe show' because if you supply an invalid parameter ipfw silently uses a default or something different. As an example, you said you used 80-90 Mbytes but the max queue size is 100 packets or 1023Kbytes and larger values do not produce the desired effect. As a rule of thumb, to make sure that drops are not caused by short queues, you should set the queue size to 1/HZ seconds worth of data -- at HZ=1000 and 1Gbit/s this means 128Kbytes. Note that after the dummynet queue, there might be some other queue that saturates. As an example, when using the box as a router, packets go in bursts to the output interface, and the burst can be as large as 1500 packets per tick on a fully saturated Gig-E (the interface's queue ranges normally between 128 and 1024 slots). The only fix for this is probably using higher values of HZ. chers luigi From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 4 12:33:17 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BBEB51065670 for ; Fri, 4 Jun 2010 12:33:17 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 7F74D8FC08 for ; Fri, 4 Jun 2010 12:33:17 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id A11E773098; Fri, 4 Jun 2010 14:43:46 +0200 (CEST) Date: Fri, 4 Jun 2010 14:43:46 +0200 From: Luigi Rizzo To: bored to death Message-ID: <20100604124346.GA37938@onelab2.iet.unipi.it> References: <247123.29322.qm@web59713.mail.ac4.yahoo.com> <20100603172733.GA16454@onelab2.iet.unipi.it> <360703.24596.qm@web59711.mail.ac4.yahoo.com> <20100604115725.GA37274@onelab2.iet.unipi.it> <322466.33198.qm@web59714.mail.ac4.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <322466.33198.qm@web59714.mail.ac4.yahoo.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw Subject: Re: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 12:33:17 -0000 On Fri, Jun 04, 2010 at 05:25:54AM -0700, bored to death wrote: > thank you luigi, > > your explanation really cleared everything out for me. > > i changed my pipe 1 config to: > ipfw pipe 1 config bw 800Mbits/s queue 200K > > and set HZ to 4000 > > and this solved my problem completely. glad it helped luigi > i checked limitations with various values between 400Mbits/s to more than 1000Mbits/s and it works like a charm. > > (the problem was when i set queue to 80MBytes, queue value was actually set to "80 slots") > > thanks again luigi. > > > > > > ________________________________ > From: Luigi Rizzo > To: bored to death > Cc: freebsd-ipfw > Sent: Fri, June 4, 2010 4:27:25 PM > Subject: Re: traffic bandwidth limit with dummynet > > On Fri, Jun 04, 2010 at 01:19:32AM -0700, bored to death wrote: > > thank you luigi for your reply, it helped. > > > > i changed the hz parameter to 1000 and then 4000 and then 8000 in my /boot/loader.conf. the result got much better. > > i configured my system as a router and i send 1GB traffic rate passing by it and set an 800MBytes bandwidth limit on input traffic with dummynet. > > this was the result: > > with hz=1 (default) between 200MBytes/s and 300MBytes/s > > with hz=1000 between 200MBytes/s and 300MBytes/s > > with hz=4000 between 350MBytes/s and 450MBytes/s > > with hz=8000 between 250MBytes/s and 550MBytes/s > > > > the maximum traffic rate is got so much better, but 2 problems still remain: > > 1- the maximum rate is still not high enough. > > 2- the rate variation range is high (250-550) and it's not a steady enough. > > > > i've also tried setting different "queue" and "burst" values for the pipe. the result is a little better when i set "queue" to a value between 80MBytes and 90MBytes and "burst" to a big number. > > > > any other ideas? > > > > HZ=1000 is the default, for the records. > Setting the burst size should have no practical effects, > whereas setting the queue size e.g. > o > ipfw pipe 10 config bw 800Mbit/s queue 200kbytes > > should help a lot, but check your configuration with 'ipfw pipe show' > because if you supply an invalid parameter ipfw silently uses > a default or something different. > As an example, you said you used 80-90 Mbytes but the max queue > size is 100 packets or 1023Kbytes and larger values do not produce > the desired effect. > > As a rule of thumb, to make sure that drops are not caused > by short queues, you should set the queue size to 1/HZ seconds > worth of data -- at HZ=1000 and 1Gbit/s this means 128Kbytes. > Note that after the dummynet queue, there might be some other > queue that saturates. As an example, when using the box as a router, > packets go in bursts to the output interface, and the burst can > be as large as 1500 packets per tick on a fully saturated Gig-E > (the interface's queue ranges normally between 128 and 1024 slots). > The only fix for this is probably using higher values of HZ. > > chers > luigi > > > > From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 4 16:30:48 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17763106564A for ; Fri, 4 Jun 2010 16:30:48 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id CECF68FC15 for ; Fri, 4 Jun 2010 16:30:47 +0000 (UTC) Received: by iwn5 with SMTP id 5so1518293iwn.13 for ; Fri, 04 Jun 2010 09:30:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=k4PhNKw8pD+e4G++AKCXmcbgdygYu9zg+whnrYdKUhg=; b=xt/bZAsrBWuPfei0t0cMnSX4MY9gVH4wjqgz+epIYux0VqYeJ1rGieKPDuiOBjPSrF Oe1xRTndwTxiDCE345g+jr6a5U4giz95zGOpbPfg7Zb5x+LiIWqT5ES5lkcTHk7zWV4o ze/hl/jkZcUgQDs5HJkoMPt0KerVi7WF5gp/0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=l30bt8UrXlW9iss5lkArQVJ6GRCnGzdLgTN6Ay+tS8nl5uKI3FNgWuKuHSFsWGT6Hi N+w2g6CLiUbSChW93tqfSe2GYLe09o5Qmn9kse2ch4sXqwiPO5os+1nT40U0ix9Ku1WJ xJCKdUHO+YKVApGoUM3mBSKLrVVR7PCY3F/yA= MIME-Version: 1.0 Received: by 10.231.155.131 with SMTP id s3mr13976876ibw.2.1275669046839; Fri, 04 Jun 2010 09:30:46 -0700 (PDT) Received: by 10.231.182.196 with HTTP; Fri, 4 Jun 2010 09:30:46 -0700 (PDT) In-Reply-To: <20100604115725.GA37274@onelab2.iet.unipi.it> References: <247123.29322.qm@web59713.mail.ac4.yahoo.com> <20100603172733.GA16454@onelab2.iet.unipi.it> <360703.24596.qm@web59711.mail.ac4.yahoo.com> <20100604115725.GA37274@onelab2.iet.unipi.it> Date: Fri, 4 Jun 2010 11:30:46 -0500 Message-ID: From: Brandon Gooch To: Luigi Rizzo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ipfw , bored to death Subject: Re: traffic bandwidth limit with dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2010 16:30:48 -0000 On Fri, Jun 4, 2010 at 6:57 AM, Luigi Rizzo wrote: > On Fri, Jun 04, 2010 at 01:19:32AM -0700, bored to death wrote: >> thank you luigi for your reply, it helped. >> >> i changed the hz parameter to 1000 and then 4000 and then 8000 in my /bo= ot/loader.conf. the result got much better. >> i configured my system as a router and i send 1GB traffic rate passing b= y it and set an 800MBytes bandwidth limit on input traffic with dummynet. >> this was the result: >> with hz=3D1 (default) between 200MBytes/s and 300MBytes/s >> with hz=3D1000 between 200MBytes/s and 300MBytes/s >> with hz=3D4000 between 350MBytes/s and 450MBytes/s >> with hz=3D8000 between 250MBytes/s and 550MBytes/s >> >> the maximum traffic rate is got so much better, but 2 problems still rem= ain: >> 1- the maximum rate is still not high enough. >> 2- the rate variation range is high (250-550) and it's not a steady enou= gh. >> >> i've also tried setting different "queue" and "burst" values for the pip= e. the result is a little better when i set "queue" to a value between 80MB= ytes and 90MBytes and "burst" to a big number. >> >> any other ideas? >> > > HZ=3D1000 is the default, for the records. > Setting the burst size should have no practical effects, > whereas setting the queue size e.g. > o > =A0 =A0 =A0 =A0ipfw pipe 10 config bw 800Mbit/s queue 200kbytes > > should help a lot, but check your configuration with 'ipfw pipe show' > because if you supply an invalid parameter ipfw silently uses > a default or something different. > As an example, you said you used 80-90 Mbytes but the max queue > size is 100 packets or 1023Kbytes and larger values do not produce > the desired effect. > > As a rule of thumb, to make sure that drops are not caused > by short queues, you should set the queue size to 1/HZ seconds > worth of data -- at HZ=3D1000 and 1Gbit/s this means 128Kbytes. > Note that after the dummynet queue, there might be some other > queue that saturates. As an example, when using the box as a router, > packets go in bursts to the output interface, and the burst can > be as large as 1500 packets per tick on a fully saturated Gig-E > (the interface's queue ranges normally between 128 and 1024 slots). > The only fix for this is probably using higher values of HZ. > > chers > luigi Thanks for the explanation Luigi, this is bound to help others in regard to queue configuration. -Brandon