From owner-freebsd-net@FreeBSD.ORG Tue May 2 03:27:29 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FC6A16A401 for ; Tue, 2 May 2006 03:27:29 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id B1D2E43D45 for ; Tue, 2 May 2006 03:27:27 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [10.251.19.131]) ([10.251.19.131]) by a50.ironport.com with ESMTP; 01 May 2006 20:27:28 -0700 Message-ID: <4456D19F.7030101@elischer.org> Date: Mon, 01 May 2006 20:27:27 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: tpeixoto@widesoft.com.br References: <49594.200.230.201.250.1146063341.squirrel@www.widemail.com.br> <444F8E89.2050905@wildcard.net.uk> <56286.200.230.201.250.1146067775.squirrel@www.widemail.com.br> <1146073590.1089.80.camel@sky.mediasat.ro> <59615.200.230.201.250.1146083577.squirrel@www.widemail.com.br> <445038CA.2050008@pacific.net.sg> <4456AD8E.2060703@widesoft.com.br> <4456B415.3080901@elischer.org> <4456BF4A.7050107@widesoft.com.br> In-Reply-To: <4456BF4A.7050107@widesoft.com.br> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Lee Johnston , freebsd-net@freebsd.org, mihai@duras.ro Subject: Re: Packet loss with traffic shaper and routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 May 2006 03:27:29 -0000 tpeixoto@widesoft.com.br wrote: > > Julian Elischer wrote: > >> tpeixoto@widesoft.com.br wrote: >> >>> Hello! >>> >>> Erich Dollansky wrote: >>> >>>> Hi, >>>> >>>> tpeixoto@widesoft.com.br wrote: >>>> >>>>> >>>>> At this moment, I'm getting more than 50% interrupts and 20% >>>>> packets lost. >>>> >>>> >>>> >>>> you must have something very basic done the wrong way. >>> >>> >>> > >>> >>> Hope so. So I can fix and learn from it! >>> >>> >>>> I would suggest to upgrade that box to 6.1. >>>> >>> >>> We tried 6.0-RELEASE. Please, keep reading... >>> >>> >>>> You need then a systematic approach. >>>> >>>> Run the GENERIC kernel and see what happens there. >>>> >>> >>> Ok, 15% interrupts. System worked fine. >>> >>> >>>> Then take all out you believe you do not need and see what happens >>>> then. >>>> >>>> Finally, switch to SMP and start the fine tuning. >>>> >>> >>> Kernel recompiled with SMP+IPFW+DUMMYNET and system running with >>> firewall_type="OPEN". Low interrupts, great. >>> >>> As I inserted the bandwidth rules, the problem arose again! >>> Interrupts getting at 80% and packets being lost. >>> >>> >>>> Do not use HT as it should slow down the machine. >>>> >>> >>> I switched it off but didn't notice any major difference. Anyway I >>> left it disabled. >>> >>> >>>> If even the first step fails, check the connections including the >>>> network card if it is one. >>>> >>>> Erich >>>> >>> >>> I guess we found where the problem is. IPFW and dummynet seems to be >>> the ones to blame here, or the way we are using them. >>> For each MAC address we want to shape, we use 2 pipes and 2 rules, 1 >>> for download and 1 for upload. >>> I believe the problem is that the number of clients (MAC addresses) >>> grew from 200 to around 1600, and this means lots of pipes and lots >>> of rules. >>> >>> Anyone knows a better way to get this job done? >> >> >> >> for 1600 hosts are you runing 1600 rules? >> > > No. For 1600 hosts we're running 3200 rules... (and also 3200 pipes). > > >> That would do it.. >> >> In all versions of FreeBSD >> you can use the skipto rule to make sure that only a few rules are >> run for any >> address. Use it to to a binary search for the right pipe.' >> carefully using 'skipto' and 'table' can make it efficient to do very >> complex >> filters like that. >> > > Sorry, but I didn't realized how to use that as we have to shape each > user individually, i.e., each MAC address on the LAN has its own > download and upload speeds. > > Could you clarify how to improve the situation with the tools you > mentioned? Assuming you can not use "tablearg" yet (it will make this REALLY EASY) then if you have 30 IPs you want to shape from 1.1.1.1 to 1.1.1.30 then consider: ipfw add 1000 skipto 2000 ip from any to 1.1.1.16/28 ipfw add 1010 skipto 1020 ip from any to 1.1.1.8/29 ipfw add 1012 skipto 1026 ip from any to 1.1.1.4./30 ipfw add 1013 [anything] ip from any to 1.1.1.1 ipfw add 1013 [anything] ip from any to 1.1.1.1 ipfw add 1013 [anything] ip from any to 1.1.1.1 ipfw add 1013 [anything] ip from any to 1.1.1.1 > > Thanks. > > >> >> in 7.0 you can use the 'tablearg' operator to ensure that only 1 rule >> is run per host . >> I don't know if it is in 6.1.. >> if not you may be able to simply apply the diffs. >> >> >>> >>> Thanks! >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> >>