Date: Sun, 22 Jun 2003 15:10:14 -0700 From: "'Luigi Rizzo'" <rizzo@icir.org> To: Don Bowman <don@sandvine.com> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org> Subject: Re: nested ipfw dummynet pipes Message-ID: <20030622151014.B63749@xorpc.icir.org> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C8533702741AFA@mail.sandvine.com>; from don@sandvine.com on Fri, Jun 20, 2003 at 02:58:07PM -0400 References: <FE045D4D9F7AED4CBFF1B3B813C8533702741AFA@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 20, 2003 at 02:58:07PM -0400, Don Bowman wrote: ... > Is there a benefit to having the single wide pipe first, or > the many narrow pipes first, in the ruleset? i'd probably put the narrow pipes first, so that any single flow will not be able to monopolize the entire fat pipe. Still no guarantees of fairness, for that you need to use ipfw "queues" (WF2Q+ ) cheers luigi > $ cvs diff -U5 ipfw.8 > Index: ipfw.8 > =================================================================== > RCS file: /usr/cvs/src/sbin/ipfw/ipfw.8,v > retrieving revision 1.63.2.28 > diff -U5 -r1.63.2.28 ipfw.8 > --- ipfw.8 30 Sep 2002 20:57:05 -0000 1.63.2.28 > +++ ipfw.8 20 Jun 2003 18:49:02 -0000 > @@ -1587,14 +1587,10 @@ > When set, the packet exiting from the > .Xr dummynet 4 > pipe is not passed though the firewall again. > Otherwise, after a pipe action, the packet is > reinjected into the firewall at the next rule. > -.Pp > -Note: bridged and layer 2 packets coming out of a pipe > -are never reinjected in the firewall irrespective of the > -value of this variable. > .It Em net.inet.ip.fw.verbose : No 1 > Enables verbose messages. > .It Em net.inet.ip.fw.verbose_limit : No 0 > Limits the number of messages produced by a verbose firewall. > .It Em net.link.ether.ipfw : No 0 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030622151014.B63749>