From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 17 11:51:15 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42D501065672 for ; Thu, 17 Jun 2010 11:51:15 +0000 (UTC) (envelope-from cosmic17@yandex.ru) Received: from forward14.mail.yandex.net (forward14.mail.yandex.net [95.108.130.92]) by mx1.freebsd.org (Postfix) with ESMTP id ADB818FC08 for ; Thu, 17 Jun 2010 11:51:14 +0000 (UTC) Received: from web141.yandex.ru (web141.yandex.ru [95.108.130.9]) by forward14.mail.yandex.net (Yandex) with ESMTP id 337744E50796 for ; Thu, 17 Jun 2010 15:30:46 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1276774246; bh=fLWtzeDT97XjnTgXZAOkDHmFOdAla0NVoGX6zd0yIOM=; h=From:To:Subject:MIME-Version:Message-Id:Date: Content-Transfer-Encoding:Content-Type; b=r3ndmssPo/wgGtRJ97YKs2hKoRmWIDNMdXsp6SCQJ9QVbMEyvP26eIqT73thBaWDq obyL/13WT8z+H3mO9oDDduMjtDApppq/3oBnYKZIXoRrPaH36CjclZwMQA+5eM7NiN A5vh2ZMFHA6+O7S9KWs2PuzHW09ffCbBnhwVSvdQ= Received: from localhost (localhost.localdomain [127.0.0.1]) by web141.yandex.ru (Yandex) with ESMTP id 3038241F005C for ; Thu, 17 Jun 2010 15:30:46 +0400 (MSD) X-Yandex-Spam: 1 X-Yandex-Front: web141.yandex.ru X-Yandex-TimeMark: 1276774246 Received: from 32.100.vltele.com (32.100.vltele.com [79.174.32.100]) by mail.yandex.ru with HTTP; Thu, 17 Jun 2010 15:30:43 +0400 From: =?koi8-r?B?5M3VyMEg7snLz8zByg==?= To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Message-Id: <640531276774244@web141.yandex.ru> Date: Thu, 17 Jun 2010 15:30:43 +0400 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailman-Approved-At: Thu, 17 Jun 2010 12:39:15 +0000 Subject: ipfw3 pipe more than 24000Kbit/s X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jun 2010 11:51:15 -0000 Hello. We have the computer - if_bridge1. uname -a: FreeBSD 8.0-STABLE FreeBSD 8.0-STABLE #4: Thu May 13 13:08:53 MSD 2010 /usr/src/sys/amd64/compile/MYKERNEL amd64 There are only ipfw+dummynet on this computer. IPFW was updated to version 3 from Luigi Rizzo because of packet scheduling. Kernel options for ipfw are: # IPFW options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_DEFAULT_TO_ACCEPT options DUMMYNET options HZ=2000 When we try to shape speed less than 24000Kbit/s - it is OK. But when we try to shape speed more than 24000Kbit/s - we have no result. /etc/rc.firewall: $IPFW pipe 27 config bw 32000Kbit/s mask dst-ip 0xffffffff $IPFW pipe 28 config bw 34000Kbit/s mask src-ip 0xffffffff ########pipe 27 $IPFW sched 27 config type QFQ mask dst-ip 0xffffff00 $IPFW queue 271 config sched 27 weight 10 $IPFW queue 272 config sched 27 weight 8 $IPFW queue 273 config sched 27 weight 4 $IPFW queue 274 config sched 27 weight 1 $IPFW add queue 271 ip from any to table\(112\) via igb0 out proto udp src-port 5060 $IPFW add queue 272 ip from any to table\(112\) via igb0 out proto tcp src-port 80,443,8080 $IPFW add queue 273 ip from any to table\(112\) via igb0 out proto tcp src-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292 $IPFW add queue 273 ip from any to table\(112\) via igb0 out proto udp src-port 53, 5223, 3478, 3479, 3658, 1200, 5000-5009, 6112-6119, 6881-6999, 7777, 7788 $IPFW add queue 273 ip from any to table\(112\) via igb0 out proto icmp $IPFW add queue 274 ip from any to table\(112\) via igb0 out ########pipe 28 $IPFW sched 28 config type QFQ mask src-ip 0xffffff00 $IPFW queue 281 config sched 28 weight 10 $IPFW queue 282 config sched 28 weight 8 $IPFW queue 283 config sched 28 weight 4 $IPFW queue 284 config sched 28 weight 1 $IPFW add queue 281 ip from table\(113\) to any via igb1 out proto udp dst-port 5060 $IPFW add queue 282 ip from table\(113\) to any via igb1 out proto tcp dst-port 80,443,8080 $IPFW add queue 283 ip from table\(113\) to any via igb1 out proto tcp dst-port 5223, 2009, 2106, 3724, 6112, 6881-6999, 7777, 27000-27050, 42292 $IPFW add queue 283 ip from table\(113\) to any via igb1 out proto udp dst-port 53, 5223, 3478, 3479, 3658, 1200, 5000-5009, 6112-6119, 6881-6999, 7777, 7788 $IPFW add queue 283 ip from table\(113\) to any via igb1 out proto icmp $IPFW add queue 284 ip from table\(113\) to any via igb1 out P.S. we have another computer if_bridge2. uanme -a: FreeBSD 7.2-STABLE-200906 FreeBSD 7.2-STABLE-200906 #1: Tue Oct 6 10:26:41 MSD 2009 /usr/src/sys/amd64/compile/MYKERNEL amd64 We have no any problems with ipfw or shaping on this machine. We use this config on it: $IPFW pipe 27 config bw 32000Kbit/s mask dst-ip 0xffffffff $IPFW pipe 28 config bw 34000Kbit/s mask src-ip 0xffffffff $IPFW add pipe 27 ip from any to table\(112\) via igb0 out $IPFW add pipe 28 ip from table\(113\) to any via igb1 out $IPFW add pipe 27 ip from any to table\(112\) via igb2 out $IPFW add pipe 28 ip from table\(113\) to any via igb3 out $IPFW add allow ip from any to table\(112\) $IPFW add allow ip from table\(113\) to any We try to shape speed on if_bridge1 with config like on if_bridge2 - but the problem repeated. Maybe you deal with this problem?