From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 2 11:07:04 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 679FE1065694 for ; Mon, 2 Mar 2009 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AC6478FCA2 for ; Mon, 2 Mar 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n22B6sOU057340 for ; Mon, 2 Mar 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n22B6s46057336 for freebsd-ipfw@FreeBSD.org; Mon, 2 Mar 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 2 Mar 2009 11:06:54 GMT Message-Id: <200903021106.n22B6s46057336@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2009 11:07:35 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw] [patch] unify message and add a rule number whe o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 55 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 4 19:48:30 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9A5E106564A for ; Wed, 4 Mar 2009 19:48:30 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 8CD178FC19 for ; Wed, 4 Mar 2009 19:48:30 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from [192.168.1.2] (g225037214.adsl.alicedsl.de [92.225.37.214]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 0FE9D700D48E for ; Wed, 4 Mar 2009 20:17:05 +0100 (CET) Message-ID: <49AED3B1.1060209@net.t-labs.tu-berlin.de> Date: Wed, 04 Mar 2009 20:17:05 +0100 From: Sebastian Mellmann User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Subject: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 19:48:31 -0000 Hi everyone! I hope this is the right place to ask. I've got a IPFW ruleset that looks like this: cmd=ipfw bottleneck_bandwidth=100Mbit/s in_if="em0" $cmd pipe 500 config bw $bottleneck_bandwidth $cmd add pipe 500 all from any to any via $in_if When I do a simple ping from one machine to another (actually the FreeBSD machine is between those machines), I can see a delay of ~2ms. Without any rules/pipes I've got under 1ms delay. The question is: Why do I have such a "high" delay though I didn't configure any "delay" in my pipe? Where does this additional millisecond come from (processing delay for the packet in the pipe?)? If I configure another rule (or like 10 more rules) that matches the packet, I can see the delay increasing. For example a delay of ~20ms, when I configure 10 pipes. Am I doing something wrong? Thanks in advance for any help and please tell me if you need additional informations (e.g. kernel configuration). Regards, Sebastian M. From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 4 21:05:56 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A86010656CE for ; Wed, 4 Mar 2009 21:05:56 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id BD7778FC15 for ; Wed, 4 Mar 2009 21:05:55 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from [192.168.1.2] (g225037214.adsl.alicedsl.de [92.225.37.214]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id C80F0700D48E; Wed, 4 Mar 2009 22:05:54 +0100 (CET) Message-ID: <49AEED31.8060801@net.t-labs.tu-berlin.de> Date: Wed, 04 Mar 2009 22:05:53 +0100 From: Sebastian Mellmann User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Luigi Rizzo References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> In-Reply-To: <20090304210017.GA29615@onelab2.iet.unipi.it> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 21:05:56 -0000 > On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote: > >> Hi everyone! >> >> I hope this is the right place to ask. >> >> I've got a IPFW ruleset that looks like this: >> >> cmd=ipfw >> bottleneck_bandwidth=100Mbit/s >> in_if="em0" >> >> $cmd pipe 500 config bw $bottleneck_bandwidth >> $cmd add pipe 500 all from any to any via $in_if >> > > the delay that a packet experiences corresponds to len/bandwidth, > often rounded up to the next clock tick (1ms is the default). > You get one delay inbound, one delay outbound, so that's 2ms. > > Is there any chance to change this clock tick to a lower value? I think it's the 'HZ=' option in the kernel config isn't it? > cheers > luigi > Regards, Sebastian From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 4 21:09:09 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D0F2106567C for ; Wed, 4 Mar 2009 21:09:09 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id D3ECB8FC18 for ; Wed, 4 Mar 2009 21:09:08 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 47068730A6; Wed, 4 Mar 2009 22:14:09 +0100 (CET) Date: Wed, 4 Mar 2009 22:14:09 +0100 From: Luigi Rizzo To: Sebastian Mellmann Message-ID: <20090304211409.GA29824@onelab2.iet.unipi.it> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> <49AEED31.8060801@net.t-labs.tu-berlin.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49AEED31.8060801@net.t-labs.tu-berlin.de> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 21:09:11 -0000 On Wed, Mar 04, 2009 at 10:05:53PM +0100, Sebastian Mellmann wrote: > > > On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote: > > > >> Hi everyone! > >> > >> I hope this is the right place to ask. > >> > >> I've got a IPFW ruleset that looks like this: > >> > >> cmd=ipfw > >> bottleneck_bandwidth=100Mbit/s > >> in_if="em0" > >> > >> $cmd pipe 500 config bw $bottleneck_bandwidth > >> $cmd add pipe 500 all from any to any via $in_if > >> > > > > the delay that a packet experiences corresponds to len/bandwidth, > > often rounded up to the next clock tick (1ms is the default). > > You get one delay inbound, one delay outbound, so that's 2ms. > > > > > Is there any chance to change this clock tick to a lower value? > I think it's the 'HZ=' option in the kernel config isn't it? yes. i believe there is a tunable (so you don't need to rebuild the kernel) but i do not remember exactly which one. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 4 21:11:30 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14E63106564A for ; Wed, 4 Mar 2009 21:11:30 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id CDDEA8FC16 for ; Wed, 4 Mar 2009 21:11:29 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id D519E730A1; Wed, 4 Mar 2009 22:00:17 +0100 (CET) Date: Wed, 4 Mar 2009 22:00:17 +0100 From: Luigi Rizzo To: Sebastian Mellmann Message-ID: <20090304210017.GA29615@onelab2.iet.unipi.it> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49AED3B1.1060209@net.t-labs.tu-berlin.de> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 21:11:30 -0000 On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote: > Hi everyone! > > I hope this is the right place to ask. > > I've got a IPFW ruleset that looks like this: > > cmd=ipfw > bottleneck_bandwidth=100Mbit/s > in_if="em0" > > $cmd pipe 500 config bw $bottleneck_bandwidth > $cmd add pipe 500 all from any to any via $in_if the delay that a packet experiences corresponds to len/bandwidth, often rounded up to the next clock tick (1ms is the default). You get one delay inbound, one delay outbound, so that's 2ms. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 4 21:48:53 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA32C106564A for ; Wed, 4 Mar 2009 21:48:53 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140]) by mx1.freebsd.org (Postfix) with ESMTP id 999688FC1D for ; Wed, 4 Mar 2009 21:48:53 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from localhost (localhost [127.0.0.1]) by localhost.sd73.bc.ca (Postfix) with ESMTP id 0DD9F1A000B14 for ; Wed, 4 Mar 2009 13:18:51 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at smtp.sd73.bc.ca Received: from coal.localnet (unknown [192.168.0.10]) by smtp.sd73.bc.ca (Postfix) with ESMTP id 8B6071A000B0B for ; Wed, 4 Mar 2009 13:18:23 -0800 (PST) From: Freddie Cash To: freebsd-ipfw@freebsd.org Date: Wed, 4 Mar 2009 13:18:22 -0800 User-Agent: KMail/1.10.4 (Linux/2.6.26-1-686; KDE/4.1.4; i686; ; ) References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <49AEED31.8060801@net.t-labs.tu-berlin.de> <20090304211409.GA29824@onelab2.iet.unipi.it> In-Reply-To: <20090304211409.GA29824@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200903041318.23083.fjwcash@gmail.com> Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 21:48:54 -0000 On March 4, 2009 1:14 pm Luigi Rizzo wrote: > On Wed, Mar 04, 2009 at 10:05:53PM +0100, Sebastian Mellmann wrote: > > > On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote: > > > the delay that a packet experiences corresponds to len/bandwidth, > > > often rounded up to the next clock tick (1ms is the default). > > > You get one delay inbound, one delay outbound, so that's 2ms. > > > > Is there any chance to change this clock tick to a lower value? > > I think it's the 'HZ=' option in the kernel config isn't it? > > yes. i believe there is a tunable (so you don't need to rebuild > the kernel) but i do not remember exactly which one. kern.hz in /boot/loader.conf -- Freddie fjwcash@gmail.com From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 02:40:39 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D297C1065670 for ; Thu, 5 Mar 2009 02:40:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id 502EE8FC0C for ; Thu, 5 Mar 2009 02:40:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n252eaw0015505; Thu, 5 Mar 2009 13:40:36 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 5 Mar 2009 13:40:36 +1100 (EST) From: Ian Smith To: Sebastian Mellmann In-Reply-To: <49AED3B1.1060209@net.t-labs.tu-berlin.de> Message-ID: <20090305124242.P71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 02:40:40 -0000 On Wed, 4 Mar 2009, Sebastian Mellmann wrote: > I've got a IPFW ruleset that looks like this: > > cmd=ipfw > bottleneck_bandwidth=100Mbit/s > in_if="em0" > > $cmd pipe 500 config bw $bottleneck_bandwidth > $cmd add pipe 500 all from any to any via $in_if > > When I do a simple ping from one machine to another (actually the > FreeBSD machine is between those machines), I can see a delay of ~2ms. > Without any rules/pipes I've got under 1ms delay. Presumably each of the other machines are on a separate interface? Configured as a bridge or a router? > The question is: > Why do I have such a "high" delay though I didn't configure any "delay" > in my pipe? > Where does this additional millisecond come from (processing delay for > the packet in the pipe?)? Covered; kern.hz=1000 should give you more like .2ms with this setup. > If I configure another rule (or like 10 more rules) that matches the > packet, I can see the delay increasing. > For example a delay of ~20ms, when I configure 10 pipes. > Am I doing something wrong? Configuring more pipes shouldn't make any difference unless packets are made to traverse each of the pipes in turn. That would imply having set net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so that each packet is reinjected into the firewall at the following rule, after traversing each pipe; is that what you're doing? Also, without using a separate pipe for either traffic direction, you're using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > Thanks in advance for any help and please tell me if you need additional > informations (e.g. kernel configuration). Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your example of using multiple pipes? cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 07:17:51 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E1D8106564A for ; Thu, 5 Mar 2009 07:17:51 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 184118FC13 for ; Thu, 5 Mar 2009 07:17:51 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from anubis.getmyip.com (anubis.getmyip.com [78.46.33.178]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id B9215700D484; Thu, 5 Mar 2009 08:17:49 +0100 (CET) Received: from 62.206.221.107 (SquirrelMail authenticated user smellmann) by anubis.getmyip.com with HTTP; Thu, 5 Mar 2009 08:17:49 +0100 (CET) Message-ID: <36634.62.206.221.107.1236237469.squirrel@anubis.getmyip.com> In-Reply-To: <200903041318.23083.fjwcash@gmail.com> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <49AEED31.8060801@net.t-labs.tu-berlin.de> <20090304211409.GA29824@onelab2.iet.unipi.it> <200903041318.23083.fjwcash@gmail.com> Date: Thu, 5 Mar 2009 08:17:49 +0100 (CET) From: "Sebastian Mellmann" To: "Freddie Cash" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 07:17:51 -0000 >> > Is there any chance to change this clock tick to a lower value? >> > I think it's the 'HZ=' option in the kernel config isn't it? >> >> yes. i believe there is a tunable (so you don't need to rebuild >> the kernel) but i do not remember exactly which one. > > kern.hz in /boot/loader.conf I only got an empty loader.conf file on my system. How is the syntax of the 'kern.hz' option? Regards, Sebastian From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 07:21:49 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B83C61065673 for ; Thu, 5 Mar 2009 07:21:49 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 47A1E8FC17 for ; Thu, 5 Mar 2009 07:21:49 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from anubis.getmyip.com (anubis.getmyip.com [78.46.33.178]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 0A607700D491; Thu, 5 Mar 2009 08:21:47 +0100 (CET) Received: from 62.206.221.107 (SquirrelMail authenticated user smellmann) by anubis.getmyip.com with HTTP; Thu, 5 Mar 2009 08:21:48 +0100 (CET) Message-ID: <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> In-Reply-To: <20090305124242.P71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090305124242.P71460@sola.nimnet.asn.au> Date: Thu, 5 Mar 2009 08:21:48 +0100 (CET) From: "Sebastian Mellmann" To: "Ian Smith" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 07:21:50 -0000 > > When I do a simple ping from one machine to another (actually the > > FreeBSD machine is between those machines), I can see a delay of ~2ms. > > Without any rules/pipes I've got under 1ms delay. > > Presumably each of the other machines are on a separate interface? > Configured as a bridge or a router? Yes separate interfaces. The machine is configured as a router (as far as I know, I didn't set it up.) > > The question is: > > Why do I have such a "high" delay though I didn't configure any "delay" > > in my pipe? > > Where does this additional millisecond come from (processing delay for > > the packet in the pipe?)? > > Covered; kern.hz=1000 should give you more like .2ms with this setup. See my previous mail to the list (syntax of kern.hz). > > If I configure another rule (or like 10 more rules) that matches the > > packet, I can see the delay increasing. > > For example a delay of ~20ms, when I configure 10 pipes. > > Am I doing something wrong? > > Configuring more pipes shouldn't make any difference unless packets are > made to traverse each of the pipes in turn. That would imply having set > net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so > that each packet is reinjected into the firewall at the following rule, > after traversing each pipe; is that what you're doing? Yes, I've set net.inet.ip.fw.one_pass=0 so packets are reinjected into the firewall after passing a pipe. > Also, without using a separate pipe for either traffic direction, you're > using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > > > Thanks in advance for any help and please tell me if you need > additional > > informations (e.g. kernel configuration). > > Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your > example of using multiple pipes? [root@ ~/ipfw]# sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 [root@ ~/ipfw]# ipfw show 00010 0 0 allow ip from any to any via lo0 10000 122 11832 allow ip from any to any via em2 10100 0 0 pipe 100 ip from 192.168.5.0/26 to 192.168.7.0/24 in via em0 10200 0 0 pipe 200 ip from 192.168.7.0/24 to 192.168.5.0/26 out via em0 10300 342 28728 pipe 500 ip from any to any via em0 10400 359 36512 pipe 510 ip from any to any via em1 10500 0 0 pipe 300 udp from 80.80.80.1 to 60.60.60.1 src-port 4000 dst-port 4000 via em1 10600 0 0 pipe 305 udp from 60.60.60.1 to 80.80.80.1 src-port 4000 dst-port 4000 via em0 10700 0 0 pipe 310 udp from 80.80.80.1 to 60.60.60.1 src-port 4001 dst-port 4001 via em1 10800 0 0 pipe 315 udp from 60.60.60.1 to 80.80.80.1 src-port 4001 dst-port 4001 via em0 65535 14144748 9784372451 allow ip from any to any > cheers, Ian Regards, Sebastian From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 10:48:07 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FB62106566C for ; Thu, 5 Mar 2009 10:48:07 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: from lath.rinet.ru (lath.rinet.ru [195.54.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 101E38FC08 for ; Thu, 5 Mar 2009 10:48:06 +0000 (UTC) (envelope-from oleg@lath.rinet.ru) Received: by lath.rinet.ru (Postfix, from userid 222) id 4C6FC7007; Thu, 5 Mar 2009 13:32:32 +0300 (MSK) Date: Thu, 5 Mar 2009 13:32:32 +0300 From: Oleg Bulyzhin To: Sebastian Mellmann Message-ID: <20090305103232.GA19726@lath.rinet.ru> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49AED3B1.1060209@net.t-labs.tu-berlin.de> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 10:48:07 -0000 On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote: > Hi everyone! > > I hope this is the right place to ask. > > I've got a IPFW ruleset that looks like this: > > cmd=ipfw > bottleneck_bandwidth=100Mbit/s > in_if="em0" > > $cmd pipe 500 config bw $bottleneck_bandwidth > $cmd add pipe 500 all from any to any via $in_if > > When I do a simple ping from one machine to another (actually the > FreeBSD machine is between those machines), I can see a delay of ~2ms. > Without any rules/pipes I've got under 1ms delay. > > The question is: > Why do I have such a "high" delay though I didn't configure any "delay" > in my pipe? > Where does this additional millisecond come from (processing delay for > the packet in the pipe?)? > If I configure another rule (or like 10 more rules) that matches the > packet, I can see the delay increasing. > For example a delay of ~20ms, when I configure 10 pipes. > Am I doing something wrong? > > Thanks in advance for any help and please tell me if you need additional > informations (e.g. kernel configuration). > > > Regards, > Sebastian M. > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" If you have 7.1R or 6.4R setting net.inet.ip.dummynet.io_fast=1 will probably reduce latency. -- Oleg. ================================================================ === Oleg Bulyzhin -- OBUL-RIPN -- OBUL-RIPE -- oleg@rinet.ru === ================================================================ From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 17:14:50 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C711F1065673 for ; Thu, 5 Mar 2009 17:14:50 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140]) by mx1.freebsd.org (Postfix) with ESMTP id A75C18FC18 for ; Thu, 5 Mar 2009 17:14:50 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from localhost (localhost [127.0.0.1]) by localhost.sd73.bc.ca (Postfix) with ESMTP id 27FCC1A000B14 for ; Thu, 5 Mar 2009 09:14:50 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at smtp.sd73.bc.ca Received: from coal.localnet (s10.sbo [192.168.0.10]) by smtp.sd73.bc.ca (Postfix) with ESMTP id 47B1F1A000B0B for ; Thu, 5 Mar 2009 09:14:49 -0800 (PST) From: Freddie Cash To: freebsd-ipfw@freebsd.org Date: Thu, 5 Mar 2009 09:14:48 -0800 User-Agent: KMail/1.10.4 (Linux/2.6.26-1-686; KDE/4.1.4; i686; ; ) References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <200903041318.23083.fjwcash@gmail.com> <36634.62.206.221.107.1236237469.squirrel@anubis.getmyip.com> In-Reply-To: <36634.62.206.221.107.1236237469.squirrel@anubis.getmyip.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200903050914.48406.fjwcash@gmail.com> Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 17:14:51 -0000 On March 4, 2009 11:17 pm Sebastian Mellmann wrote: > >> > Is there any chance to change this clock tick to a lower value? > >> > I think it's the 'HZ=' option in the kernel config isn't it? > >> > >> yes. i believe there is a tunable (so you don't need to rebuild > >> the kernel) but i do not remember exactly which one. > > > > kern.hz in /boot/loader.conf > > I only got an empty loader.conf file on my system. > > How is the syntax of the 'kern.hz' option? grep kern /boot/defaults/loader.conf: #kern.hz="100" # Set the kernel interval timer rate Thus, just add kern.hz=1000 into /boot/loader.conf to have it set at boot time. -- Freddie fjwcash@gmail.com From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 18:48:36 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91C481065670 for ; Thu, 5 Mar 2009 18:48:36 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id DB7B58FC0A for ; Thu, 5 Mar 2009 18:48:35 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n25ImWfl050690; Fri, 6 Mar 2009 05:48:33 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 6 Mar 2009 05:48:32 +1100 (EST) From: Ian Smith To: Sebastian Mellmann In-Reply-To: <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> Message-ID: <20090306033309.J71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090305124242.P71460@sola.nimnet.asn.au> <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 18:48:36 -0000 On Thu, 5 Mar 2009, Sebastian Mellmann wrote: > > > If I configure another rule (or like 10 more rules) that matches the > > > packet, I can see the delay increasing. > > > For example a delay of ~20ms, when I configure 10 pipes. > > > Am I doing something wrong? > > > > Configuring more pipes shouldn't make any difference unless packets are > > made to traverse each of the pipes in turn. That would imply having set > > net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so > > that each packet is reinjected into the firewall at the following rule, > > after traversing each pipe; is that what you're doing? > > Yes, I've set net.inet.ip.fw.one_pass=0 so packets are reinjected into the > firewall after passing a pipe. Good; your results would have been pretty weird otherwise .. > > Also, without using a separate pipe for either traffic direction, you're > > using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. Paired pipes will speed things up. Maybe not noticeably for pings (call and response work half-duplex) but for esp TCP it could be considerable. > > Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your > > example of using multiple pipes? > > [root@ ~/ipfw]# sysctl net.inet.ip.fw.one_pass > net.inet.ip.fw.one_pass: 0 > > [root@ ~/ipfw]# ipfw show > 00010 0 0 allow ip from any to any via lo0 > 10000 122 11832 allow ip from any to any via em2 > 10100 0 0 pipe 100 ip from 192.168.5.0/26 to 192.168.7.0/24 in via em0 > 10200 0 0 pipe 200 ip from 192.168.7.0/24 to 192.168.5.0/26 out via em0 > 10300 342 28728 pipe 500 ip from any to any via em0 > 10400 359 36512 pipe 510 ip from any to any via em1 > 10500 0 0 pipe 300 udp from 80.80.80.1 to 60.60.60.1 src-port 4000 dst-port 4000 via em1 > 10600 0 0 pipe 305 udp from 60.60.60.1 to 80.80.80.1 src-port 4000 dst-port 4000 via em0 > 10700 0 0 pipe 310 udp from 80.80.80.1 to 60.60.60.1 src-port 4001 dst-port 4001 via em1 > 10800 0 0 pipe 315 udp from 60.60.60.1 to 80.80.80.1 src-port 4001 dst-port 4001 via em0 > 65535 14144748 9784372451 allow ip from any to any A note of caution: using 'via' unqualified can be tricky; 'via em0' on the inbound pass is the same as 'in recv em0', but 'via em0' on the outbound pass includes packets that came IN on em0 but are going out on any interface, as well as those that came in on any interface that are going OUT on em0. I prefer specifying 'in recv' and 'out xmit' where there might be any ambiguity; this usually works naturally with pipes, where you'd normally have one pipe per flow direction anyway. Hopefully increasing kern.hz solves your main issue, and worth trying the new! net.inet.ip.dummynet.io_fast too. Let us know your results? cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 18:58:33 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62E34106564A for ; Thu, 5 Mar 2009 18:58:33 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id E845E8FC17 for ; Thu, 5 Mar 2009 18:58:32 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from [192.168.1.2] (g225034230.adsl.alicedsl.de [92.225.34.230]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 7BA24700D493; Thu, 5 Mar 2009 19:58:31 +0100 (CET) Message-ID: <49B020D8.8070502@net.t-labs.tu-berlin.de> Date: Thu, 05 Mar 2009 19:58:32 +0100 From: Sebastian Mellmann User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Ian Smith References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090305124242.P71460@sola.nimnet.asn.au> <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> <20090306033309.J71460@sola.nimnet.asn.au> In-Reply-To: <20090306033309.J71460@sola.nimnet.asn.au> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 18:58:33 -0000 > > > Also, without using a separate pipe for either traffic direction, you're > > > using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > > Paired pipes will speed things up. Maybe not noticeably for pings (call > and response work half-duplex) but for esp TCP it could be considerable. > > How does this "pairing" of pipes work? Couldn't find any documentation about it. > > > Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your > > > example of using multiple pipes? > > > > [root@ ~/ipfw]# sysctl net.inet.ip.fw.one_pass > > net.inet.ip.fw.one_pass: 0 > > > > [root@ ~/ipfw]# ipfw show > > 00010 0 0 allow ip from any to any via lo0 > > 10000 122 11832 allow ip from any to any via em2 > > 10100 0 0 pipe 100 ip from 192.168.5.0/26 to 192.168.7.0/24 in via em0 > > 10200 0 0 pipe 200 ip from 192.168.7.0/24 to 192.168.5.0/26 out via em0 > > 10300 342 28728 pipe 500 ip from any to any via em0 > > 10400 359 36512 pipe 510 ip from any to any via em1 > > 10500 0 0 pipe 300 udp from 80.80.80.1 to 60.60.60.1 src-port 4000 dst-port 4000 via em1 > > 10600 0 0 pipe 305 udp from 60.60.60.1 to 80.80.80.1 src-port 4000 dst-port 4000 via em0 > > 10700 0 0 pipe 310 udp from 80.80.80.1 to 60.60.60.1 src-port 4001 dst-port 4001 via em1 > > 10800 0 0 pipe 315 udp from 60.60.60.1 to 80.80.80.1 src-port 4001 dst-port 4001 via em0 > > 65535 14144748 9784372451 allow ip from any to any > > A note of caution: using 'via' unqualified can be tricky; 'via em0' on > the inbound pass is the same as 'in recv em0', but 'via em0' on the > outbound pass includes packets that came IN on em0 but are going out on > any interface, as well as those that came in on any interface that are > going OUT on em0. I prefer specifying 'in recv' and 'out xmit' where > there might be any ambiguity; this usually works naturally with pipes, > where you'd normally have one pipe per flow direction anyway. > > Actually I'm using 'in recv' and 'out xmit', but it wasn't applied in this example, but thanks for the hint again (you already mentioned that on the freebsd-question mailing list I think ;-)). > Hopefully increasing kern.hz solves your main issue, and worth trying > the new! net.inet.ip.dummynet.io_fast too. Let us know your results? > > For now we will stick to the delay "issue" and see how it affects our results. > cheers, Ian > Regards, Sebastian From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 19:22:29 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A159C1065676 for ; Thu, 5 Mar 2009 19:22:29 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id 229BD8FC28 for ; Thu, 5 Mar 2009 19:22:28 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n25JMRP6051917; Fri, 6 Mar 2009 06:22:27 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 6 Mar 2009 06:22:26 +1100 (EST) From: Ian Smith To: Sebastian Mellmann In-Reply-To: <49B020D8.8070502@net.t-labs.tu-berlin.de> Message-ID: <20090306060318.O71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090305124242.P71460@sola.nimnet.asn.au> <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> <20090306033309.J71460@sola.nimnet.asn.au> <49B020D8.8070502@net.t-labs.tu-berlin.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 19:22:30 -0000 On Thu, 5 Mar 2009, Sebastian Mellmann wrote: > > Paired pipes will speed things up. Maybe not noticeably for pings (call > > and response work half-duplex) but for esp TCP it could be considerable. > > How does this "pairing" of pipes work? > Couldn't find any documentation about it? Perhaps 'paired' isn't the best term for it, but see the ipfw(8) 'TRAFFIC SHAPING' section for the rationale and relevant examples. > Actually I'm using 'in recv' and 'out xmit', but it wasn't applied in > this example, but thanks for the hint again (you already mentioned that > on the freebsd-question mailing list I think ;-)). Sorry :) > For now we will stick to the delay "issue" and see how it affects our > results. Much more scientific than changing everything at once .. cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 05:23:35 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 76BC1106564A for ; Fri, 6 Mar 2009 05:23:35 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id E7D068FC13 for ; Fri, 6 Mar 2009 05:23:34 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n265NULv072789; Fri, 6 Mar 2009 16:23:32 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 6 Mar 2009 16:23:29 +1100 (EST) From: Ian Smith To: Luigi Rizzo In-Reply-To: <20090304210017.GA29615@onelab2.iet.unipi.it> Message-ID: <20090306153751.D71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org, Sebastian Mellmann Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 05:23:35 -0000 On Wed, 4 Mar 2009, Luigi Rizzo wrote: > On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote: > > Hi everyone! > > > > I hope this is the right place to ask. > > > > I've got a IPFW ruleset that looks like this: > > > > cmd=ipfw > > bottleneck_bandwidth=100Mbit/s > > in_if="em0" > > > > $cmd pipe 500 config bw $bottleneck_bandwidth > > $cmd add pipe 500 all from any to any via $in_if > > the delay that a packet experiences corresponds to len/bandwidth, > often rounded up to the next clock tick (1ms is the default). > You get one delay inbound, one delay outbound, so that's 2ms. After finally getting almost enough sleep, I've just realised, duh, that Sebastian likely already had the default kern.hz=1000, ie 1ms, so would need something faster to achieve less delay. Which led me to take my own medicine and reread the dummynet sections in ipfw(8) at 7.1-RELEASE: delay ms-delay Propagation delay, measured in milliseconds. The value is rounded to the next multiple of the clock tick (typically 10ms, but it is a good practice to run kernels with ``options HZ=1000'' to reduce the granularity to 1ms or less). Default value is 0, meaning no delay. Firstly, this is well out of date; the default has been HZ=1000 since 6.1-R or earlier, a ten-fold increase on the old 100Hz. I'm not sure however that 10000 would be a suitable suggestion, even with today's processor speeds? Secondly, apropos Sebastian's experience, should this say "The value (even if 0) is rounded to the next multiple of the clock tick .." ? ^^^^^^^^^^^ cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 06:55:09 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06CA51065678 for ; Fri, 6 Mar 2009 06:55:09 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id BEA4A8FC14 for ; Fri, 6 Mar 2009 06:55:08 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 64D9A730A1; Fri, 6 Mar 2009 08:00:11 +0100 (CET) Date: Fri, 6 Mar 2009 08:00:11 +0100 From: Luigi Rizzo To: Ian Smith Message-ID: <20090306070011.GA94585@onelab2.iet.unipi.it> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> <20090306153751.D71460@sola.nimnet.asn.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090306153751.D71460@sola.nimnet.asn.au> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org, Sebastian Mellmann Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 06:55:09 -0000 On Fri, Mar 06, 2009 at 04:23:29PM +1100, Ian Smith wrote: ... > Which led me to take my own medicine and reread the dummynet sections in > ipfw(8) at 7.1-RELEASE: > > delay ms-delay > Propagation delay, measured in milliseconds. The value is > rounded to the next multiple of the clock tick (typically 10ms, > but it is a good practice to run kernels with ``options HZ=1000'' > to reduce the granularity to 1ms or less). Default value is 0, > meaning no delay. > > Firstly, this is well out of date; the default has been HZ=1000 since > 6.1-R or earlier, a ten-fold increase on the old 100Hz. I'm not sure > however that 10000 would be a suitable suggestion, even with today's > processor speeds? You can bump it up HZ but there are things that do not scale as well as CPU clock frequencies. E.g. the access to slow peripherals on the PCI or ISA buses is still as slow as it was 15 years ago, and if your timer-driven routine needs to access one of those peripherals it might consume a significant number of microseconds. At HZ=1000 this is probably negligible; at HZ=10k you might start noticing. > Secondly, apropos Sebastian's experience, should this say "The value > (even if 0) is rounded to the next multiple of the clock tick .." ? > ^^^^^^^^^^^ 0 is rounded to 0 so that's not an issue. The delay Sebastian is seeing comes from the babdnwidth limitation, which is causing a non-zero "transmission time" which is rounded up. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 07:06:52 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72171106566B for ; Fri, 6 Mar 2009 07:06:52 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 2CDD48FC08 for ; Fri, 6 Mar 2009 07:06:51 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from anubis.getmyip.com (anubis.getmyip.com [78.46.33.178]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id C193A700D46D; Fri, 6 Mar 2009 08:06:50 +0100 (CET) Received: from 62.206.221.107 (SquirrelMail authenticated user smellmann) by anubis.getmyip.com with HTTP; Fri, 6 Mar 2009 08:06:50 +0100 (CET) Message-ID: <64393.62.206.221.107.1236323210.squirrel@anubis.getmyip.com> In-Reply-To: <20090306070011.GA94585@onelab2.iet.unipi.it> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> <20090306153751.D71460@sola.nimnet.asn.au> <20090306070011.GA94585@onelab2.iet.unipi.it> Date: Fri, 6 Mar 2009 08:06:50 +0100 (CET) From: "Sebastian Mellmann" To: "Luigi Rizzo" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 07:06:52 -0000 >> Secondly, apropos Sebastian's experience, should this say "The value >> (even if 0) is rounded to the next multiple of the clock tick .." ? >> ^^^^^^^^^^^ > > 0 is rounded to 0 so that's not an issue. > The delay Sebastian is seeing comes from the babdnwidth limitation, > which is causing a non-zero "transmission time" which is rounded up. Let me get this right: When I configure a pipe with bandwidth limitations, I'll always get some additional delay when a packet passes this pipe? > cheers > luigi Regards, Sebastian From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 07:17:26 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D5CC4106564A for ; Fri, 6 Mar 2009 07:17:26 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id 982668FC18 for ; Fri, 6 Mar 2009 07:17:26 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id D3F5A73098; Fri, 6 Mar 2009 08:22:29 +0100 (CET) Date: Fri, 6 Mar 2009 08:22:29 +0100 From: Luigi Rizzo To: Sebastian Mellmann Message-ID: <20090306072229.GB94585@onelab2.iet.unipi.it> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> <20090306153751.D71460@sola.nimnet.asn.au> <20090306070011.GA94585@onelab2.iet.unipi.it> <64393.62.206.221.107.1236323210.squirrel@anubis.getmyip.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64393.62.206.221.107.1236323210.squirrel@anubis.getmyip.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 07:17:27 -0000 On Fri, Mar 06, 2009 at 08:06:50AM +0100, Sebastian Mellmann wrote: > > >> Secondly, apropos Sebastian's experience, should this say "The value > >> (even if 0) is rounded to the next multiple of the clock tick .." ? > >> ^^^^^^^^^^^ > > > > 0 is rounded to 0 so that's not an issue. > > The delay Sebastian is seeing comes from the babdnwidth limitation, > > which is causing a non-zero "transmission time" which is rounded up. > > Let me get this right: > > When I configure a pipe with bandwidth limitations, I'll always get some > additional delay when a packet passes this pipe? "additional" compared to the case of no bandwidth limitations. But the delay is exactly the effect of bandwidth limitations and the presence of the queue (and possibly +/- 1 tick of rounding), so you have to understand what is modeled if you want to account for it precisely. From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 10:45:46 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A28D8106566C for ; Fri, 6 Mar 2009 10:45:46 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 60DC38FC08 for ; Fri, 6 Mar 2009 10:45:46 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from anubis.getmyip.com (anubis.getmyip.com [78.46.33.178]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 5C21C700D496 for ; Fri, 6 Mar 2009 11:45:45 +0100 (CET) Received: from 62.206.221.107 (SquirrelMail authenticated user smellmann) by anubis.getmyip.com with HTTP; Fri, 6 Mar 2009 11:45:45 +0100 (CET) Message-ID: <5431.62.206.221.107.1236336345.squirrel@anubis.getmyip.com> Date: Fri, 6 Mar 2009 11:45:45 +0100 (CET) From: "Sebastian Mellmann" To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: ipfw: Can't see other flows in pipe X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 10:45:47 -0000 Hi everyone! I've got the following ipfw rules: cmd="ipfw" webclient_upload_bandwidth="1024kbit/s" webclient_download_bandwidth="6144Kbit/s" bottleneck_bandwidth="100Mbit/s" client_rtt_delay=10 queue=50 client1_subnet="192.168.5.0/26" server1_subnet="192.168.7.0/24" $cmd pipe 100 config mask all bw $webclient_upload_bandwidth queue queue_size delay $client_rtt_delay $cmd pipe 200 config mask all bw $webclient_download_bandwidth queue queue_size delay $client_rtt_delay $cmd add pipe 100 all from $client1_subnet to $server1_subnet in recv $in_if $cmd add pipe 200 all from $server1_subnet to $client1_subnet out xmit $in_if $cmd pipe 500 config bw $bottleneck_bandwidth $cmd add pipe 500 all from any to any via $in_if $cmd pipe 510 config bw $bottleneck_bandwidth $cmd add pipe 510 all from any to any via $out_if For testing purposes I've got 4 concurrent downloads via scp from the server1_subnet to the client1_subnet. ipfw pipe show gives me the following: 00510: 100.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 192.168.5.4/47753 192.168.7.1/22 610244 609078476 2 104 1 00100: 1.024 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail mask: 0xff 0xffffffff/0xffff -> 0xffffffff/0xffff BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 18 tcp 192.168.5.4/47753 192.168.7.1/22 15067 820472 0 0 0 29 tcp 192.168.5.1/59724 192.168.7.1/22 64519 3512539 0 0 0 34 tcp 192.168.5.2/58805 192.168.7.1/22 64035 3481423 0 0 0 54 tcp 192.168.5.3/40995 192.168.7.1/22 66705 3633640 0 0 0 00305: unlimited 0 ms 50 sl. 0 queues (1 buckets) droptail 00310: unlimited 0 ms 50 sl. 0 queues (1 buckets) droptail 00200: 6.144 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail mask: 0xff 0xffffffff/0xffff -> 0xffffffff/0xffff BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 2 tcp 192.168.7.1/22 192.168.5.2/58805 121901 182399179 29 43124 234 47 tcp 192.168.7.1/22 192.168.5.3/40995 126392 189093880 43 64124 241 51 tcp 192.168.7.1/22 192.168.5.1/59724 122550 183349839 34 50624 251 60 tcp 192.168.7.1/22 192.168.5.4/47753 28565 42735852 0 0 55 00315: unlimited 0 ms 50 sl. 0 queues (1 buckets) droptail 00500: 100.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 192.168.5.4/47753 192.168.7.1/22 609337 607754332 2 1552 0 00300: unlimited 0 ms 50 sl. 0 queues (1 buckets) droptail Why do I only see ONE connection inside the 500/510 pipe? I thought I could see any connection going through that pipe. Regards, Sebastian P.S.: Sorry for sending it on 'freebsd-questions' too, I've messed up my address book :-( From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 13:27:35 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 14BFE1065677; Fri, 6 Mar 2009 13:27:35 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id 84DEC8FC12; Fri, 6 Mar 2009 13:27:34 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n26DRVlc089666; Sat, 7 Mar 2009 00:27:32 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 7 Mar 2009 00:27:31 +1100 (EST) From: Ian Smith To: Sebastian Mellmann In-Reply-To: <5431.62.206.221.107.1236336345.squirrel@anubis.getmyip.com> Message-ID: <20090306234700.F71460@sola.nimnet.asn.au> References: <5431.62.206.221.107.1236336345.squirrel@anubis.getmyip.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org, questions@freebsd.org Subject: Re: ipfw: Can't see other flows in pipe X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 13:27:36 -0000 On Fri, 6 Mar 2009, Sebastian Mellmann wrote: [.. after merciless snippage ..] > $cmd pipe 500 config bw $bottleneck_bandwidth > $cmd add pipe 500 all from any to any via $in_if > > $cmd pipe 510 config bw $bottleneck_bandwidth > $cmd add pipe 510 all from any to any via $out_if > ipfw pipe show gives me the following: > > 00510: 100.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 tcp 192.168.5.4/47753 192.168.7.1/22 610244 609078476 2 > 104 1 > 00500: 100.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 tcp 192.168.5.4/47753 192.168.7.1/22 609337 607754332 2 > 1552 0 > Why do I only see ONE connection inside the 500/510 pipe? > I thought I could see any connection going through that pipe. With no masking specified, all flows use the same bucket (0) so totals shown are of all packets through that pipe. src/dest addr/ports shown are those of the first packet using that bucket, not the most recent. You may also find http://info.iet.unipi.it/~luigi/ip_dummynet/ helpful. cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 14:15:14 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F6C5106566C for ; Fri, 6 Mar 2009 14:15:14 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id CD6E28FC2B for ; Fri, 6 Mar 2009 14:15:13 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n26EFBsB091359; Sat, 7 Mar 2009 01:15:12 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 7 Mar 2009 01:15:11 +1100 (EST) From: Ian Smith To: Luigi Rizzo In-Reply-To: <20090306070011.GA94585@onelab2.iet.unipi.it> Message-ID: <20090307003515.W71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090304210017.GA29615@onelab2.iet.unipi.it> <20090306153751.D71460@sola.nimnet.asn.au> <20090306070011.GA94585@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org, Sebastian Mellmann Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 14:15:14 -0000 On Fri, 6 Mar 2009, Luigi Rizzo wrote: > On Fri, Mar 06, 2009 at 04:23:29PM +1100, Ian Smith wrote: > ... > > ipfw(8) at 7.1-RELEASE: > > > > delay ms-delay > > Propagation delay, measured in milliseconds. The value is > > rounded to the next multiple of the clock tick (typically 10ms, > > but it is a good practice to run kernels with ``options HZ=1000'' > > to reduce the granularity to 1ms or less). Default value is 0, > > meaning no delay. > > > > Firstly, this is well out of date; the default has been HZ=1000 since > > 6.1-R or earlier, a ten-fold increase on the old 100Hz. I'm not sure > > however that 10000 would be a suitable suggestion, even with today's > > processor speeds? > > You can bump it up HZ but there are things that do not scale as well > as CPU clock frequencies. E.g. the access to slow peripherals on > the PCI or ISA buses is still as slow as it was 15 years ago, > and if your timer-driven routine needs to access one of those > peripherals it might consume a significant number of microseconds. > At HZ=1000 this is probably negligible; at HZ=10k you might start > noticing. Indeed. HZ=1000 is a bit busy (like ~+10% CPU) on a Celeron 300 laptop, now at 250Hz, no dummynet. I expect 10kHz slicing would drown it, ie without some qualification re CPU clock, suggested defaults are risky. > > Secondly, apropos Sebastian's experience, should this say "The value > > (even if 0) is rounded to the next multiple of the clock tick .." ? > > ^^^^^^^^^^^ > > 0 is rounded to 0 so that's not an issue. > The delay Sebastian is seeing comes from the babdnwidth limitation, > which is causing a non-zero "transmission time" which is rounded up. Think I've almost starting to get this, thanks. cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 18:59:06 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1B7C1065693 for ; Fri, 6 Mar 2009 18:59:06 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 5E8568FC08 for ; Fri, 6 Mar 2009 18:59:06 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id n26Ix4n5070306; Fri, 6 Mar 2009 19:59:05 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id n26Ix4QA070286; Fri, 6 Mar 2009 19:59:04 +0100 (CET) (envelope-from olli) Date: Fri, 6 Mar 2009 19:59:04 +0100 (CET) Message-Id: <200903061859.n26Ix4QA070286@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG, sebastian.mellmann@net.t-labs.tu-berlin.de In-Reply-To: <64393.62.206.221.107.1236323210.squirrel@anubis.getmyip.com> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 06 Mar 2009 19:59:05 +0100 (CET) Cc: Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG, sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2009 18:59:07 -0000 Sebastian Mellmann wrote: > Luigi Rizzo wrote: > > The delay Sebastian is seeing comes from the babdnwidth limitation, > > which is causing a non-zero "transmission time" which is rounded up. > > Let me get this right: > > When I configure a pipe with bandwidth limitations, I'll always get some > additional delay when a packet passes this pipe? Yes, of course. That's expected. Transmitting a packet through a 10 Mbit link takes longer than transmitting the same packet through a 100 Mbit link. Dummynet correctly emulates that behaviour, but it is limited by the granularity of the kernel clock, which runs at 1000 Hz by default, so the delays are rounded to 1 ms. For example, transferring a 1 KB data packet (that's about 10 kbits including headers of the various protocols) will take about 1 ms on a 10 Mbit link, and 0.1 ms on 100 Mbit. Voila. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "In My Egoistical Opinion, most people's C programs should be indented six feet downward and covered with dirt." -- Blair P. Houghton From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 7 18:36:49 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0CFD106567A for ; Sat, 7 Mar 2009 18:36:49 +0000 (UTC) (envelope-from bounces@apoteelia.net) Received: from mail.apoteelia.net (mail.apoteelia.net [91.184.56.170]) by mx1.freebsd.org (Postfix) with ESMTP id BB90C8FC13 for ; Sat, 7 Mar 2009 18:36:49 +0000 (UTC) (envelope-from bounces@apoteelia.net) Received: by mail.apoteelia.net (Postfix, from userid 0) id 3FC081ECFC6F; Sat, 7 Mar 2009 19:10:22 +0100 (CET) To: freebsd-ipfw@freebsd.org Recieved: Date: Sat, 7 Mar 2009 19:10:22 +0100 From: Bettina Schmidtberger Message-ID: <66c8068d0bb63321e1305c4a809b72f8@localhost.localdomain> X-Priority: 3 X-MessageID: 5 X-ListMember: freebsd-ipfw@freebsd.org Errors-To: bounces@apoteelia.net MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Subject: RE: Der versprochene Geheimtipp X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Mar 2009 18:36:50 -0000 Hi Du! Wie ich es Dir versprochen habe, wollte ich Dir ja noch die Adresse sagen wo wir die Dinger bestellt haben. Gibt ja viele Seiten wo man echt nur übers Ohr gehauen wird. Aber bei der Adresse bekommen wir immer nur Originalware und das innheralb kürzester Zeit zugeschickt. Mit dem Zoll hatten wir da auch nie Probleme, da der Versand direkt aus Europa erfolgt. Klasse oder? Also hier nun die Adresse: http://www.apoteelia.net Viel Spass wünsch ich Dir und das es gut funktioniert! Gruß, Deine Bettina . . - . . . . . . . . . . : . Gib Acht! Man hatte dir eingeredet, du hättest es schwer, dein Leben sei verpfuscht, das Leben sei eine Schuld, sei schlecht, ohne Sinn, ohne Wert; man wollte dich ducken, dich in die große Armee der Leidenden schmuggeln, du solltest bemitleidenswert werden und bemitleiden: und du glaubtest ihnen – wie ungern! – und wieder nicht – wie gern! Denn du bist stark, aber warst krank – wo? wie? was weiß ich. Und deine Sehnsucht war, herauszukommen aus allen diesen müden Verneinungen, diesen törichten Formeln, die im Nein ihr Ja haben, diesen tönenden Wissenschaften, diesen Worten –. Deswegen sprangst du von Buch zu Buch, spieltest mit ihren Formeln und ließest sie wieder fallen, die Neins und Wenns, um selber eine zu finden, aber ein Ja! sollte sie klingen – denn du wolltest leben! Aber nicht wie der Pöbel lebt – einen Grund, ein Ziel, eine Lebensformel suchtest du. Nun, hier ist sie: Weißt du: das Himmelsweinglas, das du ausschlürfen wolltest – – nun niete dir die Formel: Die Welt schaffst du. Du vergeistigst das Chaos zur Welt; das Andere, das Noch-nicht-Du, das alte Ding an sich, ist nur das, was von dir noch nicht geschaffen, vermenschlicht, noch nicht dein Eigentum geworden ist. – Du schaffst die Welt: nun lebe, lebe! – Die kleine blaue Blume läutete so froh und stark – warum soll ich ihr nicht glauben? Und dann bin ich baden gegangen – – – und habe stundenlang im Grase gelegen; und während die weißen Wolken durch den Himmel segelten und der Fluß geruhig durch Schilfduft und Ried und schwatzendes Vogelvolk hinströmte, habe ich das Ding an sich, den Intellekt und den Willen verlacht und mir ein Ich-weiß-nicht-was? gewünscht. Gegen Abend entstiegen Schwärme von Eintagsfliegen dem Fluß, an den Gräsern, Halmen und Pfosten kletterten sie hoch und warfen aus der Hülle sich in die Luft zum kurzen Hochzeitsleben. Die Luft war weiß über den Wassern von den auf und nieder tanzenden Massen – und die sinkende Sonne in dem Höhenrauch, den der Nordwind gebracht hatte, rot wie ein Rubin: das hätte mich fast bezwungen, daß ich schon begann, die stundenkurze Existenz der Imago zu beklagen und daran sentimentale Folgerungen zu knüpfen – aber da hörte ich den Enzian läuten und ich lachte: Das Tier freut sich jahrelang seines Räuberlebens, und dieser Liebesflug ist sein taumelnder Höhepunkt. Es lebe das Leben und seine ewige Brücke: Venus genetrix! Vor acht Tagen hätte ich ihr geflucht und geklagt: Was ist das Leben? So ist das Leben: es fließt dahin wie Wellenschaum, kommt u