Date: Thu, 5 Mar 2009 08:21:48 +0100 (CET) From: "Sebastian Mellmann" <sebastian.mellmann@net.t-labs.tu-berlin.de> To: "Ian Smith" <smithi@nimnet.asn.au> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so Message-ID: <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> In-Reply-To: <20090305124242.P71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090305124242.P71460@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> > When I do a simple ping from one machine to another (actually the > > FreeBSD machine is between those machines), I can see a delay of ~2ms. > > Without any rules/pipes I've got under 1ms delay. > > Presumably each of the other machines are on a separate interface? > Configured as a bridge or a router? Yes separate interfaces. The machine is configured as a router (as far as I know, I didn't set it up.) > > The question is: > > Why do I have such a "high" delay though I didn't configure any "delay" > > in my pipe? > > Where does this additional millisecond come from (processing delay for > > the packet in the pipe?)? > > Covered; kern.hz=1000 should give you more like .2ms with this setup. See my previous mail to the list (syntax of kern.hz). > > If I configure another rule (or like 10 more rules) that matches the > > packet, I can see the delay increasing. > > For example a delay of ~20ms, when I configure 10 pipes. > > Am I doing something wrong? > > Configuring more pipes shouldn't make any difference unless packets are > made to traverse each of the pipes in turn. That would imply having set > net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so > that each packet is reinjected into the firewall at the following rule, > after traversing each pipe; is that what you're doing? Yes, I've set net.inet.ip.fw.one_pass=0 so packets are reinjected into the firewall after passing a pipe. > Also, without using a separate pipe for either traffic direction, you're > using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > > > Thanks in advance for any help and please tell me if you need > additional > > informations (e.g. kernel configuration). > > Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your > example of using multiple pipes? [root@ ~/ipfw]# sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 [root@ ~/ipfw]# ipfw show 00010 0 0 allow ip from any to any via lo0 10000 122 11832 allow ip from any to any via em2 10100 0 0 pipe 100 ip from 192.168.5.0/26 to 192.168.7.0/24 in via em0 10200 0 0 pipe 200 ip from 192.168.7.0/24 to 192.168.5.0/26 out via em0 10300 342 28728 pipe 500 ip from any to any via em0 10400 359 36512 pipe 510 ip from any to any via em1 10500 0 0 pipe 300 udp from 80.80.80.1 to 60.60.60.1 src-port 4000 dst-port 4000 via em1 10600 0 0 pipe 305 udp from 60.60.60.1 to 80.80.80.1 src-port 4000 dst-port 4000 via em0 10700 0 0 pipe 310 udp from 80.80.80.1 to 60.60.60.1 src-port 4001 dst-port 4001 via em1 10800 0 0 pipe 315 udp from 60.60.60.1 to 80.80.80.1 src-port 4001 dst-port 4001 via em0 65535 14144748 9784372451 allow ip from any to any > cheers, Ian Regards, Sebastian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36832.62.206.221.107.1236237708.squirrel>