Date: Sun, 20 Jul 2003 22:38:16 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Preston Connors <ipfw@preston.ath.cx> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw causing mass amounts of delay when piping a large amount of ips. Message-ID: <20030720223816.A16984@xorpc.icir.org> In-Reply-To: <001f01c34f31$6151d2d0$6401a8c0@kimberly>; from ipfw@preston.ath.cx on Sun, Jul 20, 2003 at 10:39:59PM -0400 References: <001f01c34f31$6151d2d0$6401a8c0@kimberly>
next in thread | previous in thread | raw e-mail | index | archive | help
i believe you are not matching the right traffic. Out of 34 million diverted packets only 20k go to pipes. Additionally, the delay numbers you mention are a bit weird, even a single 1500 byte packets on a 128kbit/s link consumes 100ms so your 8kbytes queues should show a delay up to .5-1s cheers luigi On Sun, Jul 20, 2003 at 10:39:59PM -0400, Preston Connors wrote: > I am trying to implement bandwidth limiting on a large network at a college > apartment complex. There are a possible of 700 residents using our Internet > connection at one time, with an average of 300 users always connected. Most > of them like to abuse P2P services. Allocating upstream and downstream pipes > causes mass amounts of delay. There is not a large increase in latency > (+10ms), the connections are just very intemittant. It seems that > connections time out or are just very delayed. I can't figure out why the > pipes won't work correctly. I've tried different queue sizes and nothing > stops the delay. Below is the ipfw rules I use. > > rl0 is our internet interface (209.114.194.138) - 3Mbits upstream and 3Mbits > downstream connection over 10baseT/UTP (full duplex) > fxp0 is our LAN interface (10.0.0.0/8) - 100baseTX (full duplex) > > /sbin/sysctl -w net.inet.ip.fw.one_pass=0 > > /sbin/natd -interface rl0 > /sbin/ipfw -q add 65000 divert natd all from any to any via rl0 > > /sbin/ipfw -q pipe 1000 config mask src-ip 0xffffffff bw 64kbit/s queue > 8Kbytes > /sbin/ipfw -q add 1000 pipe 1000 all from 10.0.0.0/8 to any > > /sbin/ipfw -q pipe 65100 config mask dst-ip 0xffffffff bw 128kbit/s queue > 8Kbytes > /sbin/ipfw -q add 65100 pipe 65100 all from any to 10.0.0.0/8 > > And here is an ipfw show: > > 01000 23115 4636964 pipe 1000 ip from 10.0.0.0/8 to any > 65000 34258323 19554484874 divert 8668 ip from any to any via rl0 > 65100 19221 10286845 pipe 65100 ip from any to 10.0.0.0/8 > 65535 72375096 40894477147 allow ip from any to any > > Thanks, > > Preston > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030720223816.A16984>