From owner-freebsd-ipfw@FreeBSD.ORG Sun Sep 7 01:20:34 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB85116A4BF for ; Sun, 7 Sep 2003 01:20:34 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14BFE4400B for ; Sun, 7 Sep 2003 01:20:34 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h878KXkN083192; Sun, 7 Sep 2003 01:20:33 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h878KXbk083191; Sun, 7 Sep 2003 01:20:33 -0700 (PDT) (envelope-from rizzo) Date: Sun, 7 Sep 2003 01:20:32 -0700 From: Luigi Rizzo To: Ivo Vachkov Message-ID: <20030907012032.B77367@xorpc.icir.org> References: <20030906200659.10411.qmail@bsdmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030906200659.10411.qmail@bsdmail.com>; from ivo@bsdmail.org on Sat, Sep 06, 2003 at 10:06:58PM +0200 cc: freebsd-ipfw@freebsd.org Subject: Re: Burst X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2003 08:20:34 -0000 the problem with your approach is that the user can easily overcome the limitation by splitting the connection into many small ones, each one below the allowed burst size. If you implement burst properly (which you may have done already), the max amount of traffic that gets out in T seconds is T * bandwidth + burst_size so you really have an advantage only if your traffic has a required throughput lower than the allowed bandwidth (that basically leaves out web browsing), and it has large burts (so the additional delay on each transmission, block_size/bandwidth, becomes noticeable). cheers luigi > Obviously I've understood terms wrong. > > When I said "burst" I was thinking of limitting the speed of active connection when some conditions apply. > > Example: ISP has 10Mbps connection to internet and every user/client has 1Mbps pipe to Internet. So every user has fast browsing, mail, news, ICQ/AIM/etc. But when a user tries to download a big file (.ISO/.AVI/.MPG) the connection, even active, is limitted to 64kbps whithout limitting other connections. So his download keeps running at low speed, while browsing/mail/etc is still fast. The software applies limits when some numbers of bytes passed throught the connection. > > NB!!! Other connections are NOT shaped until they reach the predefined condition. They became shaped only after that. > > My "workaround" is as follows: > ipfw add divert 8670 ip from any to $CLIENT_IP > + a daemon called *burstd* which binds to diverted port 8670, conunts the bytes for every connection to that IP and apply the limits when predefinied byte count is exceeded. It's far away from perfect, although quite accurate, so I was asking for another way to implement a solution to this situation. > > Ivo Vachkov > -- > _______________________________________________ > Get your free email from http://mymail.bsdmail.com > > Powered by Outblaze > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"