From owner-freebsd-net@FreeBSD.ORG Tue Oct 6 13:15:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C52B1065672 for ; Tue, 6 Oct 2009 13:15:07 +0000 (UTC) (envelope-from rihad@mail.ru) Received: from mx75.mail.ru (mx75.mail.ru [94.100.176.90]) by mx1.freebsd.org (Postfix) with ESMTP id E7E538FC21 for ; Tue, 6 Oct 2009 13:15:06 +0000 (UTC) Received: from [217.25.27.27] (port=16015 helo=[217.25.27.27]) by mx75.mail.ru with asmtp id 1Mv9sd-0002t2-00; Tue, 06 Oct 2009 17:15:03 +0400 Message-ID: <4ACB42D2.2070909@mail.ru> Date: Tue, 06 Oct 2009 18:14:58 +0500 From: rihad User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706) MIME-Version: 1.0 To: Eugene Grosbein References: <4AC9CFF7.3090208@mail.ru> <20091005110726.GA62598@onelab2.iet.unipi.it> <4AC9D87E.7000005@mail.ru> <20091005120418.GA63131@onelab2.iet.unipi.it> <4AC9E29B.6080908@mail.ru> <20091005123230.GA64167@onelab2.iet.unipi.it> <4AC9EFDF.4080302@mail.ru> <4ACA2CC6.70201@elischer.org> <4ACAFF2A.1000206@mail.ru> <4ACB0C22.4000008@mail.ru> <20091006100726.GA26426@svzserv.kemerovo.su> In-Reply-To: <20091006100726.GA26426@svzserv.kemerovo.su> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Mras: Ok Cc: freebsd-net@freebsd.org, Luigi Rizzo , Julian Elischer Subject: Re: dummynet dropping too many packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2009 13:15:07 -0000 Eugene Grosbein wrote: > On Tue, Oct 06, 2009 at 02:21:38PM +0500, rihad wrote: > >> Is there some limit on the number of IP addresses in an ipfw table? > > No, generally handles much more. Please show your ipfw rule(s) > containing 'tablearg'. > 01031 x x allow ip from any to any 01040 x x skipto 1100 ip from table(127) to any out recv bce0 xmit bce1 01060 x x pipe tablearg ip from any to table(0) out recv bce0 xmit bce1 01070 x x allow ip from any to table(0) out recv bce0 xmit bce1 01100 x x pipe tablearg ip from any to table(2) out 65535 x x allow ip from any to any table(127) contains country-wide ISPs' netblocks (under 100 entries). table(0) and table(2) contain same user IP addresses, but different pipe IDs - normally around 3-4k entries each. Now please pay special attention to rule 1031. I've added it to bypass dummynet and stop packets from being dropped for now. Normally the rule isn't there. As I found out today after rebooting, drops only start occurring when the number of entries in table(0) exceeds 2000 or so (please see my previous email). Maybe it's a coincidence - I don't know. Global traffic load doesn't matter - it was approximately the same before and after the drops (around 450 mbit/s).