Date: Sun, 19 Mar 2000 14:33:42 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Troy Settle <troy@picus.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Pipes / dummy net Message-ID: <20000319143342.C66632@hades.hell.gr> In-Reply-To: <BPEOKDIIGLACIBFDFLEPMEFMCAAA.troy@picus.com>; from troy@picus.com on Sat, Mar 18, 2000 at 01:39:04PM -0500 References: <BPEOKDIIGLACIBFDFLEPMEFMCAAA.troy@picus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 18, 2000 at 01:39:04PM -0500, Troy Settle wrote: > > What is the practical limit on the number of pipes that FreeBSD's IPFW can > handle? Dozens? Hundreds? Thousands? Tens of thousands? The last rule that you can give a number to with ipfw is 65535. When I tried using 70,000 as the number of a rule this afternoon, as shown in: ipfw add 70000 allow ip from any to any I got a rule with number 4464. Now this is a strange number of rule to get from 70000, but if one sees the two numbers in hex, it's obvious why it was done so. The number 70000 = 0x11170, when AND'ed with a 16-bit mask, 0xffff, gives 0x1170 = 4464 :) This means that you can only use a 16-bit rule number for ipfw. > The application I have in mind, is setting up all our web hosting / > colocations behind a FreeBSD box, and filter everyone through IPFW to > control and monitor bandwidth usage. Bearing in mind that rules in ipfw can have 16-bit numbers assigned to them, even if your ipfw rules are ALL sending data through pipes, you can not use more than 65535 different pipes (2**16 - 1). I suspect not because ipfw would not be able to handle all of them, but just because you can't enumerate more rules than that piping data to them. Ciao, - Giorgos Keramidas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000319143342.C66632>