From owner-freebsd-ipfw@FreeBSD.ORG  Sat Mar  6 10:29:07 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F063216A4CE
	for <freebsd-ipfw@freebsd.org>; Sat,  6 Mar 2004 10:29:06 -0800 (PST)
Received: from mx2.ndsoftware.net (ns2.ndsoftware.net [195.140.149.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 63ADE43D3F
	for <freebsd-ipfw@freebsd.org>; Sat,  6 Mar 2004 10:29:06 -0800 (PST)
	(envelope-from nicolas.deffayet@ndsoftware.net)
Received: from nat.gw1.par1.fr.corp.ndsoftware.net ([195.140.149.50]
	helo=w1-par1-fr.corp.ndsoftware.com)
	by mx2.ndsoftware.net with esmtp (Exim 3.35 #1 (Debian))
	id 1AzgXp-0000R8-00
	for <freebsd-ipfw@freebsd.org>; Sat, 06 Mar 2004 19:29:05 +0100
From: Nicolas DEFFAYET <nicolas.deffayet@ndsoftware.net>
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain
Organization: NDSoftware
Message-Id: <1078597745.1981.15.camel@w1-par1-fr.corp.ndsoftware.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 
Date: Sat, 06 Mar 2004 19:29:05 +0100
Content-Transfer-Encoding: 7bit
Subject: Latency problem with traffic shaping
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2004 18:29:07 -0000

Hello,

I have latency problem when i do traffic shaping with ipfw:

$ ping -c 10 xxx.xxx.xx1.2
PING xxx.xxx.xx1.2 (xxx.xxx.xx1.2): 56 data bytes
64 bytes from xxx.xxx.xx1.2: icmp_seq=0 ttl=64 time=1.037 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=1 ttl=64 time=1.951 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=2 ttl=64 time=1.924 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=3 ttl=64 time=1.852 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=4 ttl=64 time=2.779 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=5 ttl=64 time=1.982 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=6 ttl=64 time=1.778 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=7 ttl=64 time=1.866 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=8 ttl=64 time=1.777 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=9 ttl=64 time=1.876 ms

--- xxx.xxx.xx1.2 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.037/1.882/2.779/0.395 ms

Current maximum traffic is 6 Mbit/s, shapping is at 35 Mbit/s.


I use a vlan interface but i have same problem with a physical
interface:

$ ifconfig vlan3
vlan3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet xxx.xxx.xx1.1 netmask 0xfffffffc broadcast xxx.xxx.xx1.3
<cut>


I use very simple rules:

# ipfw sh
03000  195958827   88359539155 pipe 1 ip from any to any out via vlan3
03000  145717180   37638278479 pipe 1 ip from any to any in via vlan3
65535 7732545351 2700054229295 allow ip from any to any

# ipfw pipe sh
00001:  35.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
  0 igmp  xxx.xxx.xx1.1/0           224.0.0.5/0     341678025
125998357178  0    0 295


If the rule 3000 of ipfw is deleted, latency is good and normal; but i
don't have shaping:

$ ping -c 10 xxx.xxx.xx1.2
PING xxx.xxx.xx1.2 (xxx.xxx.xx1.2): 56 data bytes
64 bytes from xxx.xxx.xx1.2: icmp_seq=0 ttl=64 time=0.375 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=2 ttl=64 time=0.251 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=3 ttl=64 time=0.281 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=4 ttl=64 time=0.290 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=5 ttl=64 time=0.308 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=6 ttl=64 time=0.380 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=7 ttl=64 time=0.254 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=8 ttl=64 time=0.227 ms
64 bytes from xxx.xxx.xx1.2: icmp_seq=9 ttl=64 time=0.227 ms

--- xxx.xxx.xx1.2 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.219/0.281/0.380/0.055 ms


I don't have the problem with FreeBSD 5.0-RELEASE.
I have the problem with FreeBSD 5.1-RELEASE, FreeBSD 5.2-RELEASE,
FreeBSD 5.2.1-RELEASE.

I use a custom kernel with:

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_FORWARD      #enable transparent proxy
support
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
default
options         IPV6FIREWALL            #firewall for IPv6
options         IPV6FIREWALL_VERBOSE
options         IPV6FIREWALL_VERBOSE_LIMIT=100
options         IPV6FIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT                #divert sockets
options         DUMMYNET
options         BRIDGE


How fix this latency problem ?


Thanks

Best regards,

-- 
Nicolas DEFFAYET, NDSoftware
NDSoftware IP Network: http://www.ip.ndsoftware.net/
FNIX6 (French National Internet Exchange IPv6): http://www.fnix6.net/