From owner-freebsd-net@FreeBSD.ORG Wed Nov 29 20:53:04 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A059B16A501 for ; Wed, 29 Nov 2006 20:53:04 +0000 (UTC) (envelope-from tarkhil@webmail.sub.ru) Received: from mail.sub.ru (webmail.sub.ru [213.247.139.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id C539F43CB5 for ; Wed, 29 Nov 2006 20:52:50 +0000 (GMT) (envelope-from tarkhil@webmail.sub.ru) Received: (qmail 17747 invoked by uid 0); 29 Nov 2006 23:52:52 +0300 Received: from tarkhil.rostokino.net (HELO ?85.192.19.9?) (tarkhil%sub.ru@85.192.19.9) by techno.sub.ru with SMTP; 29 Nov 2006 20:52:52 -0000 Message-ID: <456DF2DF.1070702@webmail.sub.ru> Date: Wed, 29 Nov 2006 23:51:43 +0300 From: Alex Povolotsky User-Agent: Thunderbird 1.5 (X11/20060310) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: pipe dropping lots of packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2006 20:53:04 -0000 Hello! I'm trying to set up FreeBSD-based router, and got troubles with bandwidth limiting. My queues drops lots of packets. [23:38] gw:~ # ipfw pipe 200 config bw 30mbit/s queue 100 [23:42] gw:~ # ipfw add 600 pipe 200 ip from any to any out via vlan333 00600 pipe 200 ip from any to any out via vlan333 seems to be easy. now [23:43] gw:~ # ipfw zero Accounting cleared. make sure we'll catch packets out of pipe [23:43] gw:~ # sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 and, waiting a bit [23:43] gw:~ # ipfw show | grep vlan333 00600 2010 140730 pipe 200 ip from any to any out via vlan333 00700 0 0 allow ip from any to table(1) via vlan333 00710 840 142335 allow ip from table(1) to any via vlan333 whoops! No packets left pipe part of ipfw pipe list 00200: 30.000 bit/s 0 ms 100 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 172.23.114.136/6220 217.70.17.154/3931 7292 683466 100 12092 7048 As far as I understand, pipe dropped most of tcp packets, didn't it? Of course, people complaints of network "not working". Eventually, some packets gets out of queue, but with 30 mbit/s pipe on 100 mbit link I'd expect to drop 2/3 packets at most, not 99 of 100 00600 1012 64217 pipe 200 ip from any to any out via vlan333 00700 14 560 allow ip from any to any out via vlan333 What could I do wrong? System is fairly unloaded. External card is Intel PRO 100/1000; last pid: 11209; load averages: 0.52, 0.36, 0.34 up 5+19:37:14 23:52:17 70 processes: 2 running, 68 sleeping CPU states: 1.3% user, 0.0% nice, 6.4% system, 14.1% interrupt, 78.2% idle Mem: 87M Active, 673M Inact, 195M Wired, 33M Cache, 111M Buf, 8324K Free Swap: 4096M Total, 4096M Free top shows quite little load on system. Alex. (FreeBSD 6.1-RELEASE)