Date: Sat, 23 Jul 2005 11:35:29 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Jone Jas <jas_arlerr@yahoo.com.cn> Cc: freebsd ipfw <freebsd-ipfw@freebsd.org>, Jeremie Le Hen <jeremie@le-hen.org> Subject: Re: ?????? Re: ipfw+dummynet bandwidth control for multi-ip jail Message-ID: <20050723093528.GB39292@obiwan.tataz.chchile.org> In-Reply-To: <20050723014148.19437.qmail@web15006.mail.cnb.yahoo.com> References: <20050722234248.GZ39292@obiwan.tataz.chchile.org> <20050723014148.19437.qmail@web15006.mail.cnb.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
> I get this from the ifpw(8) man page:
> "whereas when dynamic queues are used, each flow will share the
> parent's pipe bandwidth evenly with other flows generated by the same
> queue".
>
> Can we use different weight for the queues, so that the share is not
> even?
Yes, it is possible indeed, but I think this would require to manually
set each queue since dynamic one will always have the same parameters.
> And, why not use the jail id (prisonID)? How to use the jail IP?
> I am confused about the mask src-ip/dst-ip. Can you explaint it for me?
The example rules I gave you use the IP addresses because you can't
simply use dynamic queues with the prison ID since the "mask" keyword
only support source and destination IP address (and ports). If you
really want to use prison ID, you will have to manually set each queue
again.
To understand how the "mask" keyword works, try to conceive you are
building a router for multiple /24 subnets. You want to assign a
symmetrical bandwidth of 1 MBits/s to each. In order to be as complete
as possible, let's say we are routing 10 subnets but we only have
a symmetrical 8 MBits/s link :
%%%
# Upload
ipfw pipe 1 config bw 8 MBits/s
ipfw queue 1 config weight 12 pipe 1 mask src-ip 0xffffff00
# Download
ipfw pipe 2 config bw 8 MBits/s
ipfw queue 2 config weight 12 pipe 2 mask dst-ip 0xffffff00
# fxp0 is the interface on the Internet side, these rule won't work
# if you use them after NAT'ing packets, in which case you should
# use them on the routed subnet's side.
ipfw add queue 1 all from any to any xmit fxp0
ipfw add queue 2 all from any to any recv fxp0
%%%
With the 0xffffff00 mask (corresponding to a /24), only the network
part will be used to identify the queue to use.
Which means :
152.17.111.15, 152.17.111.24 and 152.17.111.232 will use the same
dynamic queue.
152.17.112.72, 152.17.112.99 and 152.17.112.187 will use the same
dynamic queue too, but not the same one as above.
And so on.
Note that we use a weight of 12 be cause this is about 1/8 of 100,
thus each client will be assigned about 1/8 of 8 MBits/s, or in other
words : 1 MBits/s. When all of the 10 subnets will be in use, the pipe
will limit the whole bandwidth to 8 MBits/s, limiting almost equally
all subnets.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050723093528.GB39292>