Date: Thu, 5 Mar 2009 13:40:36 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Sebastian Mellmann <sebastian.mellmann@net.t-labs.tu-berlin.de> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so Message-ID: <20090305124242.P71460@sola.nimnet.asn.au> In-Reply-To: <49AED3B1.1060209@net.t-labs.tu-berlin.de> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Mar 2009, Sebastian Mellmann wrote: > I've got a IPFW ruleset that looks like this: > > cmd=ipfw > bottleneck_bandwidth=100Mbit/s > in_if="em0" > > $cmd pipe 500 config bw $bottleneck_bandwidth > $cmd add pipe 500 all from any to any via $in_if > > When I do a simple ping from one machine to another (actually the > FreeBSD machine is between those machines), I can see a delay of ~2ms. > Without any rules/pipes I've got under 1ms delay. Presumably each of the other machines are on a separate interface? Configured as a bridge or a router? > The question is: > Why do I have such a "high" delay though I didn't configure any "delay" > in my pipe? > Where does this additional millisecond come from (processing delay for > the packet in the pipe?)? Covered; kern.hz=1000 should give you more like .2ms with this setup. > If I configure another rule (or like 10 more rules) that matches the > packet, I can see the delay increasing. > For example a delay of ~20ms, when I configure 10 pipes. > Am I doing something wrong? Configuring more pipes shouldn't make any difference unless packets are made to traverse each of the pipes in turn. That would imply having set net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so that each packet is reinjected into the firewall at the following rule, after traversing each pipe; is that what you're doing? Also, without using a separate pipe for either traffic direction, you're using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > Thanks in advance for any help and please tell me if you need additional > informations (e.g. kernel configuration). Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your example of using multiple pipes? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090305124242.P71460>