From owner-freebsd-questions@FreeBSD.ORG Mon Sep 12 01:16:57 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BB2D106566C for ; Mon, 12 Sep 2011 01:16:57 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 0E8AC8FC13 for ; Mon, 12 Sep 2011 01:16:56 +0000 (UTC) Received: by wwe3 with SMTP id 3so1430230wwe.31 for ; Sun, 11 Sep 2011 18:16:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.191.222 with SMTP id g72mr1441769wen.23.1315790215719; Sun, 11 Sep 2011 18:16:55 -0700 (PDT) Received: by 10.216.156.140 with HTTP; Sun, 11 Sep 2011 18:16:55 -0700 (PDT) In-Reply-To: References: <108373957.20110912012809@yandex.ru> Date: Sun, 11 Sep 2011 18:16:55 -0700 Message-ID: From: Michael Sierchio To: alexus Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: =?KOI8-R?B?68/O2MvP1yDl18fFzsnK?= , "freebsd-questions@freebsd.org" Subject: Re: traffic shaping freebsd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2011 01:16:57 -0000 You don't seem to have any rules that match packets. This won't work. On Sunday, September 11, 2011, alexus wrote: > su-4.2# grep pipe /etc/ipfw.rules > pipe flush > pipe 1 config bw 1Mbit/s mask dst-port www > pipe 2 config bw 1Mbit/s mask src-port www > pipe 3 config bw 1Mbit/s mask dst-port 3128 > add 3128 pipe 3 tcp from any to any src-port 3128 uid root > add 8381 pipe 1 tcp from any to any dst-port www uid daemon > add 8382 pipe 2 tcp from any to any src-port www uid daemon > su-4.2# > > > su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw > pipe show 2 > 08381 11190 815447 pipe 1 tcp from any to any dst-port 80 uid daemon > 08382 14394 16926849 pipe 2 tcp from any 80 to any uid daemon > 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 64.237.55.83/64730 69.10.58.25/80 11190 815447 0 0 0 > 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 69.10.58.25/80 64.237.55.83/64730 14394 16926849 0 0 10 > su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw > pipe show 2 > 08381 11218 817225 pipe 1 tcp from any to any dst-port 80 uid daemon > 08382 14434 16979213 pipe 2 tcp from any 80 to any uid daemon > 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 64.237.55.83/64730 69.10.58.25/80 11218 817225 0 0 0 > 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 69.10.58.25/80 64.237.55.83/64730 14434 16979213 0 0 10 > su-4.2# > > as you see ipfw rules matches as count is increasing, yet pipe i'm not > seeing any difference at all, its like it matched first time and > that's it... > > yet pipe shows different output > > su-4.2# ipfw show | grep 'pipe 3' && ipfw pipe show 3 > 03128 37483 71276160 pipe 3 tcp from any 3128 to any uid root > 00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 ip 0.0.0.0/0 0.0.0.0/1056 16 2383 0 0 0 > 16 ip 0.0.0.0/0 0.0.0.0/1032 8 9398 0 0 0 > 32 ip 0.0.0.0/0 0.0.0.0/2096 41 43167 0 0 0 > 48 ip 0.0.0.0/0 0.0.0.0/56 2 7074 0 0 0 > su-4.2# !! > ipfw show | grep 'pipe 3' && ipfw pipe show 3 > 03128 39285 74616912 pipe 3 tcp from any 3128 to any uid root > 00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 ip 0.0.0.0/0 0.0.0.0/1056 19 20651 0 0 0 > 16 ip 0.0.0.0/0 0.0.0.0/1064 36 41781 0 0 0 > 32 ip 0.0.0.0/0 0.0.0.0/1072 43 53920 0 0 0 > 48 ip 0.0.0.0/0 0.0.0.0/2104 3 595 0 0 0 > su-4.2# > > why is it seeing source ip/port as 0/0 and dest 0/? i dont understand > that at all > > On Sun, Sep 11, 2011 at 7:06 PM, Michael Sierchio wrote: >> On Sun, Sep 11, 2011 at 3:38 PM, alexus wrote: >>> thanks, but did u actually tried it? >> >> If what you're asking is, "does traffic shaping work?" the answer is >> yes. There are some provisos - you must create an outbound pipe and >> an inbound pipe that accurately reflect the observed network >> performance (not what your ISP told you). This is because when you >> create queues of different weights, the weights are only imposed when >> one or more queues are full. >> >> See http://info.iet.unipi.it/~luigi/dummynet/ >> >> The place to start is to find out what kind of upload and download >> throughput you get, then create pipes that are 95% of those observed >> values (one up, one down), then instantiate queues with different >> weights on each pipe, then create rules that match packets according >> to which pipe they should go in. Also consider that the sysctl >> variable, net.inet.ip.fw.one_pass, might need to be 0 and not 1, >> depending on whether queued packets need further processing. >> > > > > -- > http://alexus.org/ >