From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 4 23:41:06 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5184106566B for ; Tue, 4 Jan 2011 23:41:06 +0000 (UTC) (envelope-from fjwcash@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6E7288FC12 for ; Tue, 4 Jan 2011 23:41:06 +0000 (UTC) Received: by yxh35 with SMTP id 35so6302910yxh.13 for ; Tue, 04 Jan 2011 15:41:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=p6/eJWYbHhA0DqbCLenZ+oQxr8Dqbqeb2YXg0Ikmnp4=; b=ZXrPM6OamXLMkSIbYV9N0ZtpnyaMf9vTZ0UgDJM/EogENyrDykV6vM4ut65UoYfHsF UremmwPhZim7b3w2fPBOUdv2nL/ZIOuGMny4WsiXvC5ll8jodW5la1qK/FGKWEZ/at9H cW5khHD819cWV7WJ91x1O3sWr8reMT/D/Gg9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=UasseK3A7vT4txq/YIwOVE54up6ZJ98SbAAa0z3sNIkg9ElP+arKwTjeS82qlRzJ/R X6pAV85BkJ+q6l8Gesiz3YsZglXrQrsANYxzK+ISZJFL0KNSdpz+JIgPoTlOCYigzkkY QyqM2fGuZTteLAfk0ZtbfnwPHyXzdZx66YQ4A= MIME-Version: 1.0 Received: by 10.90.86.17 with SMTP id j17mr14505031agb.10.1294182783479; Tue, 04 Jan 2011 15:13:03 -0800 (PST) Received: by 10.90.153.20 with HTTP; Tue, 4 Jan 2011 15:13:03 -0800 (PST) In-Reply-To: <4D23A04A.3040107@magicislandtechnologies.com> References: <20110104145253.GB8235@onelab2.iet.unipi.it> <4D23A04A.3040107@magicislandtechnologies.com> Date: Tue, 4 Jan 2011 15:13:03 -0800 Message-ID: From: Freddie Cash To: Michael Spratt Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ipfw@freebsd.org Subject: Re: soft-cap, X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jan 2011 23:41:06 -0000 On Tue, Jan 4, 2011 at 2:33 PM, Michael Spratt wrote: > Dear friends, =C2=A0linux/ipfw/dummynet/transparent-bridge, am trying to = cap > users to upload/TX rates, but allow them to go over if the link is not > congested. > > The example below limits each src-ip mask-IP's TX from 10.10.0.0/20 to > 128Kbp/s, =C2=A0and from 10.20.0.0/20 to 1024Kbp/s. > -------------------------------------------------------------------------= ------------ > ipfw pipe 1 config bw 128Kbit/s mask src-ip 0xffffffff > ipfw pipe 2 config bw 1024Kbit/s mask src-ip 0xffffffff Create 1 pipe of "1024+128" Kbps. Then create 2 queues, one with weight 1 (the slow queue) and the other with weight 8 (the fast queue). That will guarantee that traffic sent through queue 1 gets at least 128 Kbps of bandwidth, even when the pipe is full. And traffic sent through queue 2 gets at least 1024 Kbps of bandwidth, even when the pipe is full. The beauty of queues, though, is that either queue can "expand" to fill the full pipe, if there's no traffic in the other queues. Thus, queue 1 is guaranteed 128 Kbps of bandwidth, but can use up to the full pipe worth if queue 2 is empty. And queue 2 is guaranteed 1024 Kbps of bandwidth, but can use up to the full pipe worth if queue 1 is empty. > ipfw 10001 add pipe 1 ip from 10.10.0.0/20 to any out xmit br0 > ipfw 10001 add pipe 2 ip from 10.20.0.0/20 to any out xmit br0 Then, change the above rules to use the queues instead. The way dummynet works, is that pipes set hard limits on the bandwidth. And queues provide minimum guarantees for bandwidth inside of that pipe. --=20 Freddie Cash fjwcash@gmail.com