Date: Mon, 30 Apr 2007 13:17:46 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: Jack Barnett <jackbarnett@gmail.com>, freebsd-net@freebsd.org Subject: Re: Firewall Message-ID: <20070430131317.B9647@fledge.watson.org> In-Reply-To: <20070430113715.GD838@turion.vk2pj.dyndns.org> References: <dedb607c0704280508nf2c071dh2f76967999f68696@mail.gmail.com> <20070429112838.GH848@turion.vk2pj.dyndns.org> <20070430105659.C37507@fledge.watson.org> <20070430113715.GD838@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 30 Apr 2007, Peter Jeremy wrote:
> On 2007-Apr-30 10:58:18 +0100, Robert Watson <rwatson@freebsd.org> wrote:
>
>> One of the big selling points of IPFW is integration with DUMMYNET, which
>> offers bandwidth management facilities not present in the other systems.
>
> I thought altq(4) could also do most of what dummynet(4) does but based on a
> closer look, it seems that it can't do the packet delay stuff, though it
> seems to have fairly similar bandwidth management facilities.
altq(4) as implemented on FreeBSD operates on outbound network interface
queues. This limits its utility significantly:
(1) It does not affect inbound network traffic at all, so for non-routers, you
can't control the way inbound traffic appears to the stack, only replies.
(2) Most modern network hardware effectively places these queues in hardware,
especially if not running completely saturated.
Robert N M Watson
Computer Laboratory
University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070430131317.B9647>