Date: Thu, 22 Oct 2009 12:20:02 GMT From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth Message-ID: <200910221220.n9MCK2eC088858@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/139581; it has been noted by GNATS. From: Ian Smith <smithi@nimnet.asn.au> To: alexus <alexus@alexus.org> Cc: bug-followup@FreeBSD.org, freebsd@alexus.org Subject: Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth Date: Thu, 22 Oct 2009 23:17:23 +1100 (EST) On Mon, 19 Oct 2009, alexus wrote: > new set of rules > pipe 1 config bw 1Mbit/s mask src-port www > pipe 2 config bw 1Mbit/s mask src-port www Wrong mask syntax entirely. You can see from your pipe masks as shown, it's taken as meaning no mask at all: > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 Anyway, masking pipes creates dynamic pipes per masked flow, each of which gets ALL of the specified bandwidth. If you want to limit total bandwidth to 1Mbit/s, you likely want to use dynamic queues instead. ipfw(8) is a precise reference, but very terse. Suggested reading: http://info.iet.unipi.it/~luigi/dummynet/ and especially the last link from that page: http://info.iet.unipi.it/~luigi/ip_dummynet/original.html for clear examples of sharing evenly a single link - though noting that page is outdated re the sysctls for dummynet, bridging etc. Still looking more like a usage issue than describing a bug, but: > > If this is still an issue, please: > > . say whether the extra ~25% traffic shown is on the same interface > > as the webserver, ie the interface MRTG monitors, or not? > > . the value of sysctl net.inet.ip.fw.one_pass ? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910221220.n9MCK2eC088858>