Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 03 Oct 2005 13:07:56 -0300
From:      Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
To:        ipfw@freebsd.org
Subject:   layer2 filtering and dummynet, bw reduced by half
Message-ID:  <4341575C.8080409@freebsdbrasil.com.br>
next in thread | raw e-mail | index | archive | help 

Hello,

I am doing some simple tests in a specific enviroment where layer2 
filtering and dummynet will work together. There is a complex set of FW 
rules, which showed a behaviour where, whenever I turn layer2 filtering 
on, dummynet configured pipes get the configured BW reduced by half. To 
check it out I reduced the production ruleset into a few, simple and 
clear set of rules in a testing enviroment.

The current rules are:

layer2() {
         ipfw add skipto 400 all from any to any mac-type ip,arp layer2
         ipfw add deny all from any to any layer2
}

countlog() {
         ipfw add 400 count log all from any to any in
         ipfw add 401 count log all from any to any out
}

pipe() {
         ipfw add pipe 1 all from any to 172.16.52.254/32 in
         ipfw add pipe 2 all from 172.16.52.254/32 to any out
         ipfw pipe 1 config bw 64Kbps queue 5
         ipfw pipe 2 config bw 64Kbps queue 5
}

Very simple, nothing special.
FYI, one_pass feature for ipfw is '1' (default).

When net.link.ether.ipfw=0, dummynet works perfectly. The piped IP 
address can only up/down at the configured speed. But when I turn 
net.link.ether.ipfw=1 the maximum speedk gets reduced exactly by half, 
just like if I had pipes configured at 32Kbps.

I have tested even without any layer2 rule loaded. The behaviour is just 
  the same.

I am not sure what might be causing this weird behaviour. Is there any 
thing that should be tunned up? Any ideas on why it happens, and how to 
deal with it instead of configuring bw by 2 to get the desired speed? If 
there is a logical reason for that which I ignore, there is no problem 
in * it by 2, but I would like to hear about it, technically, which is 
the reason.

And specially, if it something I am doing wrong, I would appreciate if 
someone could point it out.

Thank you a lot :-)

-- 
Patrick Tracanelli

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4341575C.8080409>