From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 20 19:40:27 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECB3737B401 for ; Sun, 20 Jul 2003 19:40:27 -0700 (PDT) Received: from ms-smtp-03.tampabay.rr.com (ms-smtp-03.tampabay.rr.com [65.32.1.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E2C743FBF for ; Sun, 20 Jul 2003 19:40:27 -0700 (PDT) (envelope-from ipfw@preston.ath.cx) Received: from preston.ath.cx (200.140.8.67.cfl.rr.com [67.8.140.200]) h6L2eQ4U002386 for ; Sun, 20 Jul 2003 22:40:26 -0400 (EDT) Received: from kimberly (fabben.kimberly.vasd [10.0.6.30]) by preston.ath.cx (8.12.8p1/8.12.8) with SMTP id h6L2dcEq002027 for ; Sun, 20 Jul 2003 22:39:38 -0400 (EDT) (envelope-from ipfw@preston.ath.cx) Message-ID: <001f01c34f31$6151d2d0$6401a8c0@kimberly> From: "Preston Connors" To: Date: Sun, 20 Jul 2003 22:39:59 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: ipfw causing mass amounts of delay when piping a large amount of ips. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2003 02:40:28 -0000 I am trying to implement bandwidth limiting on a large network at a college apartment complex. There are a possible of 700 residents using our Internet connection at one time, with an average of 300 users always connected. Most of them like to abuse P2P services. Allocating upstream and downstream pipes causes mass amounts of delay. There is not a large increase in latency (+10ms), the connections are just very intemittant. It seems that connections time out or are just very delayed. I can't figure out why the pipes won't work correctly. I've tried different queue sizes and nothing stops the delay. Below is the ipfw rules I use. rl0 is our internet interface (209.114.194.138) - 3Mbits upstream and 3Mbits downstream connection over 10baseT/UTP (full duplex) fxp0 is our LAN interface (10.0.0.0/8) - 100baseTX (full duplex) /sbin/sysctl -w net.inet.ip.fw.one_pass=0 /sbin/natd -interface rl0 /sbin/ipfw -q add 65000 divert natd all from any to any via rl0 /sbin/ipfw -q pipe 1000 config mask src-ip 0xffffffff bw 64kbit/s queue 8Kbytes /sbin/ipfw -q add 1000 pipe 1000 all from 10.0.0.0/8 to any /sbin/ipfw -q pipe 65100 config mask dst-ip 0xffffffff bw 128kbit/s queue 8Kbytes /sbin/ipfw -q add 65100 pipe 65100 all from any to 10.0.0.0/8 And here is an ipfw show: 01000 23115 4636964 pipe 1000 ip from 10.0.0.0/8 to any 65000 34258323 19554484874 divert 8668 ip from any to any via rl0 65100 19221 10286845 pipe 65100 ip from any to 10.0.0.0/8 65535 72375096 40894477147 allow ip from any to any Thanks, Preston