From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 6 15:31:31 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD0C216A4CE for ; Sat, 6 Mar 2004 15:31:31 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7856943D1F for ; Sat, 6 Mar 2004 15:31:31 -0800 (PST) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.8) with ESMTP id i26NVV9Q046273; Sat, 6 Mar 2004 15:31:31 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id i26NVVOF046272; Sat, 6 Mar 2004 15:31:31 -0800 (PST) (envelope-from rizzo) Date: Sat, 6 Mar 2004 15:31:31 -0800 From: Luigi Rizzo To: Nicolas DEFFAYET Message-ID: <20040306153131.A46112@xorpc.icir.org> References: <1078597745.1981.15.camel@w1-par1-fr.corp.ndsoftware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1078597745.1981.15.camel@w1-par1-fr.corp.ndsoftware.com>; from nicolas.deffayet@ndsoftware.net on Sat, Mar 06, 2004 at 07:29:05PM +0100 cc: freebsd-ipfw@freebsd.org Subject: Re: Latency problem with traffic shaping X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2004 23:31:31 -0000 so where is the problem ? 1ms is the granularity of the timer, so it is hard to go below, and any packet that you happen to find in front of you might cause further delay. (1500bytes = 12000 bit = 0.3ms for your 35Mbit pipe). Additionally, you have a curious ipfw config, with both input and output traffic competing for the same pipe (and, "in via" and "out via" are probably not what you want). cheers luigi On Sat, Mar 06, 2004 at 07:29:05PM +0100, Nicolas DEFFAYET wrote: > Hello, > > I have latency problem when i do traffic shaping with ipfw: > > $ ping -c 10 xxx.xxx.xx1.2 > PING xxx.xxx.xx1.2 (xxx.xxx.xx1.2): 56 data bytes > 64 bytes from xxx.xxx.xx1.2: icmp_seq=0 ttl=64 time=1.037 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=1 ttl=64 time=1.951 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=2 ttl=64 time=1.924 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=3 ttl=64 time=1.852 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=4 ttl=64 time=2.779 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=5 ttl=64 time=1.982 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=6 ttl=64 time=1.778 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=7 ttl=64 time=1.866 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=8 ttl=64 time=1.777 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=9 ttl=64 time=1.876 ms > > --- xxx.xxx.xx1.2 ping statistics --- > 10 packets transmitted, 10 packets received, 0% packet loss > round-trip min/avg/max/stddev = 1.037/1.882/2.779/0.395 ms > > Current maximum traffic is 6 Mbit/s, shapping is at 35 Mbit/s. > > > I use a vlan interface but i have same problem with a physical > interface: > > $ ifconfig vlan3 > vlan3: flags=8843 mtu 1500 > inet xxx.xxx.xx1.1 netmask 0xfffffffc broadcast xxx.xxx.xx1.3 > > > > I use very simple rules: > > # ipfw sh > 03000 195958827 88359539155 pipe 1 ip from any to any out via vlan3 > 03000 145717180 37638278479 pipe 1 ip from any to any in via vlan3 > 65535 7732545351 2700054229295 allow ip from any to any > > # ipfw pipe sh > 00001: 35.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes > Pkt/Byte Drp > 0 igmp xxx.xxx.xx1.1/0 224.0.0.5/0 341678025 > 125998357178 0 0 295 > > > If the rule 3000 of ipfw is deleted, latency is good and normal; but i > don't have shaping: > > $ ping -c 10 xxx.xxx.xx1.2 > PING xxx.xxx.xx1.2 (xxx.xxx.xx1.2): 56 data bytes > 64 bytes from xxx.xxx.xx1.2: icmp_seq=0 ttl=64 time=0.375 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=1 ttl=64 time=0.219 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=2 ttl=64 time=0.251 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=3 ttl=64 time=0.281 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=4 ttl=64 time=0.290 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=5 ttl=64 time=0.308 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=6 ttl=64 time=0.380 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=7 ttl=64 time=0.254 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=8 ttl=64 time=0.227 ms > 64 bytes from xxx.xxx.xx1.2: icmp_seq=9 ttl=64 time=0.227 ms > > --- xxx.xxx.xx1.2 ping statistics --- > 10 packets transmitted, 10 packets received, 0% packet loss > round-trip min/avg/max/stddev = 0.219/0.281/0.380/0.055 ms > > > I don't have the problem with FreeBSD 5.0-RELEASE. > I have the problem with FreeBSD 5.1-RELEASE, FreeBSD 5.2-RELEASE, > FreeBSD 5.2.1-RELEASE. > > I use a custom kernel with: > > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy > support > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by > default > options IPV6FIREWALL #firewall for IPv6 > options IPV6FIREWALL_VERBOSE > options IPV6FIREWALL_VERBOSE_LIMIT=100 > options IPV6FIREWALL_DEFAULT_TO_ACCEPT > options IPDIVERT #divert sockets > options DUMMYNET > options BRIDGE > > > How fix this latency problem ? > > > Thanks > > Best regards, > > -- > Nicolas DEFFAYET, NDSoftware > NDSoftware IP Network: http://www.ip.ndsoftware.net/ > FNIX6 (French National Internet Exchange IPv6): http://www.fnix6.net/ > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"