From owner-freebsd-isp@FreeBSD.ORG Sat Dec 1 23:32:16 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D64F016A41B for ; Sat, 1 Dec 2007 23:32:16 +0000 (UTC) (envelope-from bsdlist@mail.bg) Received: from mx1.mail.bg (mx1.mail.bg [193.201.172.114]) by mx1.freebsd.org (Postfix) with ESMTP id 5927913C442 for ; Sat, 1 Dec 2007 23:32:16 +0000 (UTC) (envelope-from bsdlist@mail.bg) Received: from localhost (unknown [10.0.0.195]) by mx1.mail.bg (Postfix) with ESMTP id 1256B19E; Sun, 2 Dec 2007 01:32:15 +0200 (EET) Received: from 88.203.136.162 ([88.203.136.162]) by mail.bg (mail.bG Webmail 4.0.1) with HTTP for ; Sun, 02 Dec 2007 01:32:15 +0200 Message-ID: <1196551935.56cf06e9c6080@mail.bg> Date: Sun, 02 Dec 2007 01:32:15 +0200 From: bsdlist@mail.bg To: Sten Daniel Soersdal References: <1194447774.1814d69a23ce8@mail.bg> <474BB7CC.4020208@gmail.com> <474BC441.7030303@gmail.com> In-Reply-To: <474BC441.7030303@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: mail.bG Webmail 4.0-cvs X-Originating-IP: 88.203.136.162 Cc: freebsd-isp@freebsd.org Subject: Re: ipfw + dummynet performance X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Dec 2007 23:32:16 -0000 > Sten Daniel Soersdal wrote: > > bsdlist@mail.bg wrote: > >> > >> My question is obout performance of ipfw and dummynet > with > >> this rules > >> > >> pipe 101 ip from table(1) to any via em1 > >> pipe 100 ip from any to table(1) xmit em1 > >> pipe 200 ip from table(2) to any via em1 > >> pipe 202 ip from any to table(2) xmit em1 > >> pipe 301 ip from table(3) to any via em1 > >> pipe 300 ip from any to table(3) xmit em1 > >> pipe 401 ip from table(4) to any via em1 > >> pipe 400 ip from any to table(4) xmit em1 > >> > >> .. > >> pipe 202 config bw 512K mask dst-ip 0xffffffff > >> pipe 200 config bw 256K mask src-ip 0xffffffff > >> this rules are the same for the 4 table but with > diffrent > >> speed : > >> > > > > 'via' makes you match both 'recv' and 'xmit' packets. > Perhaps this > > clears things up? > > If you want to make this faster you could halve the > number of rules you > > need to process, but it's not easy see from what you > posted. > > Example; > > > > > > skipto 1000 xmit em1 > > skipto 2000 recv em1 > > > > 1000 pipe 100 dst-ip table(1) > > 1001 pipe 202 dst-ip table(2) <-- also note the > pipe number?? > > 1002 pipe 300 dst-ip table(3) > > 1003 pipe 400 dst-ip table(4) > > 1999 accept > > > > 2000 pipe 101 src-ip table(1) > > 2001 pipe 200 src-ip table(2) <-- also note the > pipe number?? > > 2002 pipe 301 src-ip table(3) > > 2003 pipe 401 src-ip table(4) > > 2999 accept > > > > Also, are you sure you want to swap 202 and 200 in your > system? perhaps > > this adds to the problem? > > > > > > That should be; > > skipto 1000 out xmit em1 > skipto 2000 in recv em1 > > To be sure :) > > Also you could change the 1999 and 2999 rules to be > 'deny' rules to rule > out spoofing (not in table =3D deny) depending upon other > configuration > options. > > -- > Sten Daniel Soersdal > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" > > I will try this options , and think that they are better from the current i use , 10x :) I read something about dynamic rules in ipfw pipe , and make some changes : cat /boot/loader.conf kern.ipc.nmbclusters=3D"262144" vm.kmem_size=3D"536870912" vm.kmem_size_max=3D"536870912" but i cant spent more then 640 Mb of kernel memory whit 2G of physical memory on the system cat /etc/sysctl.conf kern.polling.enable=3D1 net.inet.ip.fw.one_pass=3D1 #net.inet.ip.fastforwarding=3D1 net.inet.tcp.delayed_ack=3D0 net.inet.tcp.inflight.enable=3D0 net.inet.tcp.recvspace=3D131072 net.inet.tcp.sendspace=3D131072 net.inet.ip.dummynet.max_chain_len=3D32 net.inet.ip.dummynet.hash_size=3D1024 net.inet.icmp.drop_redirect=3D1 net.inet.ip.redirect=3D0 net.inet.ip.portrange.first=3D5000 ----------------------------- Sportingbet.com 9,000 =E5=E2=F0=EE =E2=F1=FF=EA=E0 =F1=E5=E4=EC=E8=F6=E0 =ED=E0=E3=F0=E0=E4= =E0 =E7=E0 2 =E7=EB=E0=F2=ED=E8 =F1=EF=EE=F0=F2=ED=E8 =E7=E0=EB=EE=E3=E0! http://bg.sportingbet.com/t/index.aspx?affiliate=3Dmailbg10