From owner-freebsd-questions@FreeBSD.ORG Fri Feb 6 07:45:28 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 299EC16A4CE for ; Fri, 6 Feb 2004 07:45:28 -0800 (PST) Received: from lark.auton.cs.cmu.edu (LARK.AUTON.CS.CMU.EDU [128.2.222.44]) by mx1.FreeBSD.org (Postfix) with SMTP id 29F8443D46 for ; Fri, 6 Feb 2004 07:45:21 -0800 (PST) (envelope-from dpelleg@lark.auton.cs.cmu.edu) Sender: dpelleg@lark.auton.cs.cmu.edu To: Vincent Poy References: <20040206051414.D8264-100000@oahu.WURLDLINK.NET> From: Dan Pelleg Date: 06 Feb 2004 10:44:57 -0500 In-Reply-To: <20040206051414.D8264-100000@oahu.WURLDLINK.NET> Message-ID: Lines: 90 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: questions@FreeBSD.ORG Subject: Re: FreeBSD Traffic Shaping? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 15:45:28 -0000 Vincent Poy writes: > On 6 Feb 2004, Dan Pelleg wrote: > > > Vincent Poy writes: > > > > > Greetings all: > > > > > > I have a ADSL connection where the upstream pipe is smaller than > > > the downstream with it at 1.5Mbps/384kbps now and will be upgrading to > > > 6Mbps/608kbps soon. The issue I'm having is that whenever I upload, it > > > fills the upstream to full capacity and the downstream would lag as the > > > ACKs can't be send back in time. I was told that with traffic shaping or > > > fair queue routing would solve this issue but I only have one NIC > > > interface as I am running FreeBSD on a fully loaded notebook with a > > > Pentium 4M-2.6Ghz CPU, 2GB RAM and 60GB 7200RPM HDD with a 10/100 3COM xl0 > > > built in NIC. The problem is that I have 8 static IP's with my ISP so > > > that the LAN IP's, x.x.x.224-.231 netmask 255.255.255.0 are all locally on > > > the LAN so I want those to use the full speed of the connection without > > > traffic shaping. The NIC also has the 192.168.x.x netmask 255.255.0.0 > > > addresses for the local LAN as well so how do I setup traffic shaping in > > > this scenario so that only traffic that actually uses x.x.x.1 from the > > > x.x.x.224 IP that isn't local LAN traffic actually use traffic shaping or > > > fair queue routing while LAN traffic will just use the full speed. I > > > already have these options in the KERNEL config. > > > > > > options IPFIREWALL > > > options IPDIVERT > > > options DUMMYNET > > > options BRIDGE > > > > > > Thanks for your help in advance! > > > > See ipfw(8). You can match rules by interface or address mask, so you don't > > need to touch LAN traffic. > > That's the part I'm confused about. Since I only have one > interface, I assume I have to do it by address mask but how would one > define it as for example, > > 10.0.0.224-231 would not use the traffic shaper but 10.0.0.1-223 as well > as 10.0.0.232-254 would? > Whatever rule you have for shaping, you condition it on "from 10.0.0.224/28" (or whatever the appropriate mask is). Or use the negation of the condition and have a special case for non-capped traffic (so internet traffic falls through to the next rule). > > Correct, the problem when you upload on an assymetric link has to do with > > acknowledgment packets that downloading apps need to send back to the > > remote server, and they have to wait in the upload queue (which is > > saturated). You need to prioritize those. One way to do this is to filter > > on small iplen. This has been discussed in the mailing lists in the past > > (try the archive of the ipfw@ list). Just remember you can only shape > > outbound packets (ie, leaving your computer). Doesn't matter if they're up > > or down the DSL line, just that they go out (shaping incoming traffic makes > > no sense). > > True. But when you have the shaping, do you actually set it to > the speed of the line or do you set it to like 5% below the speed of the > line and on the acknowledgement packets, does traffic shaping actually > reserve some space for that to go back or does it just queue it a certain > way? Thanks. > You need to handle the ack packets specially in your rules, it will not reserve bandwidth for them unless you tell it to. With ipfw, there are two ways to do this. Again I'm only talking about packets leaving your computer and heading to the internet (so condition the rules appropriately) 1. two pipes, one with static allocation (say 95% of bw, or whatever works for you), other can have unlimited bw. Non-ack packets go to the capped pipe, ack packets go to the other one. alternatively, 2. one pipe (unlimited bw), two queues in that pipe, one queue has a much much higher weight. Non-ack packets go to one pipe (low weight), ack packets to the other. This approach actually lets you use the entire available bandwidth for either kind of traffic if there is no other demand for it. It also frees you from having to specify the maximum bandwidth, which can change when you, say, upgrade your DSL, or even take the laptop to a wifi cafe. -- Dan Pelleg