From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 16 18:19:22 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 502D316A4CE for ; Tue, 16 Mar 2004 18:19:22 -0800 (PST) Received: from mx01.bos.ma.towardex.com (a65-124-16-8.svc.towardex.com [65.124.16.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAB6A43D39 for ; Tue, 16 Mar 2004 18:19:21 -0800 (PST) (envelope-from haesu@mx01.bos.ma.towardex.com) Received: by mx01.bos.ma.towardex.com (TowardEX ESMTP 3.0p11_DAKN, from userid 1001) id 1104C2F906; Tue, 16 Mar 2004 21:19:29 -0500 (EST) Date: Tue, 16 Mar 2004 21:19:29 -0500 From: James To: Nicolas DEFFAYET Message-ID: <20040317021928.GA26065@scylla.towardex.com> References: <1078597745.1981.15.camel@w1-par1-fr.corp.ndsoftware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1078597745.1981.15.camel@w1-par1-fr.corp.ndsoftware.com> User-Agent: Mutt/1.4.1i cc: freebsd-ipfw@freebsd.org Subject: Re: Latency problem with traffic shaping X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 02:19:22 -0000 ohhh... you are concerned about simple 1ms difference due to granuality (sp) in 35 meg pipe, right? this is a simple problem to fix: ipfw add 1 allow icmp from any to any icmptypes 11,0,8 ipfw add 1 allow udp from any to any 33434-33534 < then insert your pipe rules > and also, you realize that you are putting people on vlan3 to a half duplex pipe right? -J On Sat, Mar 06, 2004 at 07:29:05PM +0100, Nicolas DEFFAYET wrote: > Hello, > > I have latency problem when i do traffic shaping with ipfw: > > $ ping -c 10 xxx.xxx.xx1.2 > PING xxx.xxx.xx1.2 (xxx.xxx.xx1.2): 56 data bytes > 64 bytes from xxx.xxx.xx1.2: icmp_seq=0 ttl=64 time=1.037 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=1 ttl=64 time=1.951 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=2 ttl=64 time=1.924 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=3 ttl=64 time=1.852 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=4 ttl=64 time=2.779 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=5 ttl=64 time=1.982 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=6 ttl=64 time=1.778 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=7 ttl=64 time=1.866 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=8 ttl=64 time=1.777 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=9 ttl=64 time=1.876 ms > > --- xxx.xxx.xx1.2 ping statistics --- > 10 packets transmitted, 10 packets received, 0% packet loss > round-trip min/avg/max/stddev = 1.037/1.882/2.779/0.395 ms > > Current maximum traffic is 6 Mbit/s, shapping is at 35 Mbit/s. > > > I use a vlan interface but i have same problem with a physical > interface: > > $ ifconfig vlan3 > vlan3: flags=8843 mtu 1500 > inet xxx.xxx.xx1.1 netmask 0xfffffffc broadcast xxx.xxx.xx1.3 > > > > I use very simple rules: > > # ipfw sh > 03000 195958827 88359539155 pipe 1 ip from any to any out via vlan3 > 03000 145717180 37638278479 pipe 1 ip from any to any in via vlan3 > 65535 7732545351 2700054229295 allow ip from any to any > > # ipfw pipe sh > 00001: 35.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 igmp xxx.xxx.xx1.1/0 224.0.0.5/0 341678025 > 125998357178 0 0 295 > > > If the rule 3000 of ipfw is deleted, latency is good and normal; but i > don't have shaping: > > $ ping -c 10 xxx.xxx.xx1.2 > PING xxx.xxx.xx1.2 (xxx.xxx.xx1.2): 56 data bytes > 64 bytes from xxx.xxx.xx1.2: icmp_seq=0 ttl=64 time=0.375 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=1 ttl=64 time=0.219 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=2 ttl=64 time=0.251 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=3 ttl=64 time=0.281 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=4 ttl=64 time=0.290 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=5 ttl=64 time=0.308 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=6 ttl=64 time=0.380 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=7 ttl=64 time=0.254 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=8 ttl=64 time=0.227 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=9 ttl=64 time=0.227 ms > > --- xxx.xxx.xx1.2 ping statistics --- > 10 packets transmitted, 10 packets received, 0% packet loss > round-trip min/avg/max/stddev = 0.219/0.281/0.380/0.055 ms > > > I don't have the problem with FreeBSD 5.0-RELEASE. > I have the problem with FreeBSD 5.1-RELEASE, FreeBSD 5.2-RELEASE, > FreeBSD 5.2.1-RELEASE. > > I use a custom kernel with: > > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy > support > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by > default > options IPV6FIREWALL #firewall for IPv6 > options IPV6FIREWALL_VERBOSE > options IPV6FIREWALL_VERBOSE_LIMIT=100 > options IPV6FIREWALL_DEFAULT_TO_ACCEPT > options IPDIVERT #divert sockets > options DUMMYNET > options BRIDGE > > > How fix this latency problem ? > > > Thanks > > Best regards, > > -- > Nicolas DEFFAYET, NDSoftware > NDSoftware IP Network: http://www.ip.ndsoftware.net/ > FNIX6 (French National Internet Exchange IPv6): http://www.fnix6.net/ > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- James Jun TowardEX Technologies, Inc. Technical Lead Network Design, Consulting, IT Outsourcing james@towardex.com Boston-based Colocation & Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net