From owner-freebsd-net  Tue Jan 16  9:45:17 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mailout04.sul.t-online.com (mailout04.sul.t-online.com [194.25.134.18])
	by hub.freebsd.org (Postfix) with ESMTP id C3BC137B404
	for <freebsd-net@freebsd.org>; Tue, 16 Jan 2001 09:44:59 -0800 (PST)
Received: from fwd06.sul.t-online.com 
	by mailout04.sul.t-online.com with smtp 
	id 14Ia9s-0007bI-05; Tue, 16 Jan 2001 18:44:36 +0100
Received: from ramses.local (320080844193-0001@[217.2.172.82]) by fmrl06.sul.t-online.com
	with esmtp id 14Ia9W-1KZ4SWC; Tue, 16 Jan 2001 18:44:14 +0100
Received: from haribeau by ramses.local with local (Exim 3.12 #1 (Debian))
	id 14Ib75-0000aI-00; Tue, 16 Jan 2001 19:45:47 +0100
Date: Tue, 16 Jan 2001 19:45:47 +0100
From: Clemens Hermann <haribeau@gmx.de>
To: Martin Eggen <martin@copyleft.no>
Cc: freebsd-net@freebsd.org
Subject: Re: bandwith limitation
Message-ID: <20010116194547.A1319@ramses.local>
Mail-Followup-To: Clemens Hermann <haribeau@gmx.de>,
	Martin Eggen <martin@copyleft.no>, freebsd-net@freebsd.org
References: <20010115222805.A1276@ramses.local> <20010116173846.A27210@unity.copyleft.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010116173846.A27210@unity.copyleft.no> von Martin Eggen <martin@copyleft.no> am 16.Jan.2001 um 17:38:46 (+0100)
X-Mailer: Mutt 1.2.5i (Linux 2.2.17 i586)
X-Sender: 320080844193-0001@t-dialin.net
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Am 16.01.2001 um 17:38:46 schrieb Martin Eggen:

Hi Martin,

thanks a lot for your hints.

> You might want to take a look at ALTQ[0] from the KAME people, or just use
> ipfw with a default pass all rule (or IPFIREWALL_DEFAULT_ACCEPT), so that
> it's only used for bw limiting. (The packets will then first go through
> ipfw, and then through ipf, IIRC).

so it is definitely impossible that a packet that passes ipfw (as every
packet does) enters the system even if ipf says "no", right?

I have some additional questions concerning the ipfw approach:

- is it in general a bad thing to have ipf/ipfw together running on one
  machine or ist it just o.k. to have ipf as firewall and IP-accounting
  and ipfw for bandwith limitations?

- is there a performance loss worth mentioning in using both tools
  compared to only have ipfw running for all purposes?

- does the bandwith-limitation that ipfw/dummynet offer tear down the
  effective bandwith of my server? 

- does the bandwith-limitation (ipfw) cost a lot of cpu/memory
  performance?

thanks a lot for your help

/ch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message