From owner-freebsd-isp@FreeBSD.ORG Tue Nov 27 06:51:34 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1563116A468 for ; Tue, 27 Nov 2007 06:51:34 +0000 (UTC) (envelope-from netslists@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id BBD6913C4CC for ; Tue, 27 Nov 2007 06:51:32 +0000 (UTC) (envelope-from netslists@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so219729anc for ; Mon, 26 Nov 2007 22:51:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=UFHDGlz7TrBV7MbcZE3wMXHgyJjd3kwOAabL2N5DgMI=; b=C08SiLRsfdJxcttyOWRQd784cRpD6N5YOeAhptI5zzhPeNwi0d27ycRK7C8iPgHG4UAxRG0mzZKqkhlUrIPVY3tuBgdE1a0xdDOKE9FPdK3g6Fz2gjTnBZ3620tJ6R7Va6V2tdpAGcYKv7o7ITMWOsB/AtMD9pA1HIClEM14aKo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=UsxQc1gdmXsqjPNCWWXpOzpBHJy1XaW8edfxdzqMuOR5/wWzUWrNKox2XLRikWCHfwYJs5210nJtCEiRI16VL80kpbsotR8RaXpSNgSsElgf/9U82lh/+00iFGk1NqgvXgXY4Fbf66lD+x9ogY5oR0F7GsbdGacM/vFzHDLjds0= Received: by 10.101.71.16 with SMTP id y16mr5745239ank.1196144610367; Mon, 26 Nov 2007 22:23:30 -0800 (PST) Received: from ?192.168.12.8? ( [97.101.40.241]) by mx.google.com with ESMTPS id d22sm3024535and.2007.11.26.22.23.28 (version=SSLv3 cipher=RC4-MD5); Mon, 26 Nov 2007 22:23:28 -0800 (PST) Message-ID: <474BB7CC.4020208@gmail.com> Date: Tue, 27 Nov 2007 01:23:08 -0500 From: Sten Daniel Soersdal User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: bsdlist@mail.bg References: <1194447774.1814d69a23ce8@mail.bg> In-Reply-To: <1194447774.1814d69a23ce8@mail.bg> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: ipfw + dummynet performance X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2007 06:51:34 -0000 bsdlist@mail.bg wrote: > > My question is obout performance of ipfw and dummynet with > this rules > > pipe 101 ip from table(1) to any via em1 > pipe 100 ip from any to table(1) xmit em1 > pipe 200 ip from table(2) to any via em1 > pipe 202 ip from any to table(2) xmit em1 > pipe 301 ip from table(3) to any via em1 > pipe 300 ip from any to table(3) xmit em1 > pipe 401 ip from table(4) to any via em1 > pipe 400 ip from any to table(4) xmit em1 > > .. > pipe 202 config bw 512K mask dst-ip 0xffffffff > pipe 200 config bw 256K mask src-ip 0xffffffff > this rules are the same for the 4 table but with diffrent > speed : > 'via' makes you match both 'recv' and 'xmit' packets. Perhaps this clears things up? If you want to make this faster you could halve the number of rules you need to process, but it's not easy see from what you posted. Example; skipto 1000 xmit em1 skipto 2000 recv em1 1000 pipe 100 dst-ip table(1) 1001 pipe 202 dst-ip table(2) <-- also note the pipe number?? 1002 pipe 300 dst-ip table(3) 1003 pipe 400 dst-ip table(4) 1999 accept 2000 pipe 101 src-ip table(1) 2001 pipe 200 src-ip table(2) <-- also note the pipe number?? 2002 pipe 301 src-ip table(3) 2003 pipe 401 src-ip table(4) 2999 accept Also, are you sure you want to swap 202 and 200 in your system? perhaps this adds to the problem? -- Sten Daniel Soersdal