From owner-freebsd-net@FreeBSD.ORG Sun Jun 22 15:10:15 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE9B737B401 for ; Sun, 22 Jun 2003 15:10:15 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3106343FBF for ; Sun, 22 Jun 2003 15:10:15 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h5MMAFQg063826; Sun, 22 Jun 2003 15:10:15 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h5MMAE9E063825; Sun, 22 Jun 2003 15:10:14 -0700 (PDT) (envelope-from rizzo) Date: Sun, 22 Jun 2003 15:10:14 -0700 From: "'Luigi Rizzo'" To: Don Bowman Message-ID: <20030622151014.B63749@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from don@sandvine.com on Fri, Jun 20, 2003 at 02:58:07PM -0400 cc: "'freebsd-net@freebsd.org'" Subject: Re: nested ipfw dummynet pipes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jun 2003 22:10:16 -0000 On Fri, Jun 20, 2003 at 02:58:07PM -0400, Don Bowman wrote: ... > Is there a benefit to having the single wide pipe first, or > the many narrow pipes first, in the ruleset? i'd probably put the narrow pipes first, so that any single flow will not be able to monopolize the entire fat pipe. Still no guarantees of fairness, for that you need to use ipfw "queues" (WF2Q+ ) cheers luigi > $ cvs diff -U5 ipfw.8 > Index: ipfw.8 > =================================================================== > RCS file: /usr/cvs/src/sbin/ipfw/ipfw.8,v > retrieving revision 1.63.2.28 > diff -U5 -r1.63.2.28 ipfw.8 > --- ipfw.8 30 Sep 2002 20:57:05 -0000 1.63.2.28 > +++ ipfw.8 20 Jun 2003 18:49:02 -0000 > @@ -1587,14 +1587,10 @@ > When set, the packet exiting from the > .Xr dummynet 4 > pipe is not passed though the firewall again. > Otherwise, after a pipe action, the packet is > reinjected into the firewall at the next rule. > -.Pp > -Note: bridged and layer 2 packets coming out of a pipe > -are never reinjected in the firewall irrespective of the > -value of this variable. > .It Em net.inet.ip.fw.verbose : No 1 > Enables verbose messages. > .It Em net.inet.ip.fw.verbose_limit : No 0 > Limits the number of messages produced by a verbose firewall. > .It Em net.link.ether.ipfw : No 0 >