From owner-freebsd-questions Wed Jan 22 17:55:52 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BB7F37B401; Wed, 22 Jan 2003 17:55:48 -0800 (PST) Received: from arbornet.org (m-net.arbornet.org [209.142.209.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E66343F18; Wed, 22 Jan 2003 17:55:44 -0800 (PST) (envelope-from orlandor@m-net.arbornet.org) Received: from m-net.arbornet.org (localhost [127.0.0.1]) by arbornet.org (8.12.3/8.11.2) with ESMTP id h0N1w5HQ005183; Wed, 22 Jan 2003 20:58:05 -0500 (EST) (envelope-from orlandor@m-net.arbornet.org) Received: from localhost (orlandor@localhost) by m-net.arbornet.org (8.12.3/8.12.3/Submit) with ESMTP id h0N1w5H0005180; Wed, 22 Jan 2003 20:58:05 -0500 (EST) Date: Wed, 22 Jan 2003 20:58:05 -0500 (EST) From: Orlando Reis To: freebsd-questions@FreeBSD.ORG, Subject: IPFW question in 2.2.8 release? Message-ID: <20030122203818.G2277-100000@m-net.arbornet.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm sorry to bother you all, but I have the following questions, I'm using freebsd 2.2.8 with custom gated daemon that supports QoSR, I was told to some tests with ipfw using dummynet "extension" all goes whell when after 5 or 6 minutes of test and I thing IPFW fails, if I do ipfw -a l I got this result: 00100 482 31538 pipe 1 tcp from any to any 00100 482 0 pipe 2 tcp from any to any 00100 84236 123463858 pipe 3 tcp from any to any 00100 83898 123450062 pipe 4 tcp from any 00100 794 31538 deny ip from any to any My guess is the firewall queues are full and it stops forwarding packets? I cannot upgrade the freebsd version on any off the machines :( can someone give me some hint on how to resolve this? I requested some help to Luigi Rizio but I still haven't received reply... This was the message I sen't him(with a more elaborated question, but still the same problem): I'm testing a QoS Routing prototype that we have implemented in Gated. I'm running five minutes test's, every five experiences of five minutes, I change parameters in our changed gated, without ipfw I've reached a pretty good solution. But my problem is when I use ipfw to simulate Wan effect's such as delay, bandwidth, loss, etc... Until this point I'm solving the problem with following sequence of events in my dummynet routers. stop gated; clear all in ipfw(including the pipes); construct the ipfw pipes, and then start gated again. my problem is that after 10 minutes of testing the queues get to full in ipfw and i stop communication between dummynet routers and my normal routers(that's what I thinnk is happening). Rx - means router x DRy - means dummynet router y On R1 and R5 I have 4 endpoint's attached each through a switch in each one, which I use to generate and receive the traffic for further study. / R2 - - - - DR1\ / \ / \ 4 Endp's - - - R1 - - - R3 - - - - DR2----- R5 - - - - - 4 Endp's. \ / \ / \ R4 - - - - DR3 / I'm using the ipfw that comes with freebsd 2.2.8 , hosts are DR1 - Intel celeron 333 , 128 Mg, freebsd 2.2.8 , original gated 3.5.11 DR2 - Intel celeron 333 , 128 Mg, freebsd 2.2.8 , original gated 3.5.11 DR3 - Intel celeron 333 , 128 Mg, freebsd 2.2.8 , original gated 3.5.11 R1 - Intel celeron 466 , 128 Mg, freebsd 2.2.8 , changed gated 3.5.11 R2 - Intel celeron 466 , 128 Mg, freebsd 2.2.8 , changed gated 3.5.11 R3 - Intel celeron 466 , 128 Mg, freebsd 2.2.8 , changed gated 3.5.11 R4 - Intel celeron 466 , 128 Mg, freebsd 2.2.8 , changed gated 3.5.11 R5 - Intel celeron 466 , 128 Mg, freebsd 2.2.8 , changed gated 3.5.11 ipfw rules are simple: ipfw add pipe 1 ip from any to any via xl0 ipfw add pipe 2 ip from any to any ipfw pipe 1 config delay 30ms ipfw pipe 2 config delay 0ms where xl0 connection is between(DR1<->R5, DR2<->R5, DR3<->R5) this is an example output of of ipfw show, after the "failure": 00100 320097 475909018 pipe 1 ip from any to any via xl0 00200 319874 475892138 pipe 2 ip from any to any 65535 230 16756 deny ip from any to any I'm saying that the problem is in ipfw, cause I'm figuring that it's not working hat it's supposed too :( I'm trying to say that after a while it stops bridging packets from on interface to the other, or that it doesn't forward the packets after some amount of traffic going by. I think I'm using all the modules that I need, I read your documentation carefully and more than once, although I think that the documentation you have online is for a more recent freedbsd version(the option bridged only works in freebsd 4.0 or higher). Any help will be great, and once again sorry to bother you :( P.S. I'm generating traffic with netiq tool chariot. I have tools for checking the traffic in routers R1,R3,R4 and R5 I see traffic arriving/leaving on R1,R3,R4 but it doesn't reach R5. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message