Date: Mon, 16 Sep 2002 14:08:53 -0700 From: "Jacob S. Barrett" <jbarrett@amduat.net> To: freebsd-ipfw@freebsd.org Subject: MAC Layer Bandwidth Limiting Message-ID: <3D864865.2030607@amduat.net>
next in thread | raw e-mail | index | archive | help
If I wanted to do MAC layer bandwidth limiting would I want to do something like the following using IPFW2 or am I just way off? ipfw add 1000 pipe 1000 layer2 mac $MAC0 any ipfw add 1001 pipe 1001 layer2 mac any $MAC0 ipfw pipe 1000 bw 128Kbit/s ipfw pipe 1001 bw 768Kbit/s ipfw add 1010 pipe 1010 layer2 mac $MAC1 any ipfw add 1011 pipe 1011 layer2 mac any $MAC1 ipfw pipe 1010 bw 256Kbit/s ipfw pipe 1011 bw 512Kbit/s MAC0 is limited to 128kbit/s out and 768kbit/s in MAC1 is limited to 256kbit/s out and 512kbit/s in What I want is the ability to filter links at the MAC level as well as limit the bandwidth that particular link has. Traffic may not always be IP based so filtering on the IP address isn't sufficient. If this all makes sense and works then is it possible to use a MAC address mask in the pipe/queue mask. What I mean is can the limits be based on per MAC rather than per IP so that I can remove the need to have two pipes for each MAC like I do now? Something like this? ipfw add 1000 pipe 1128 layer2 mac $MAC0 any ipfw add 1001 pipe 2768 layer2 mac any $MAC0 ipfw add 1010 pipe 1256 layer2 mac $MAC0 any ipfw add 1011 pipe 2512 layer2 mac any $MAC0 ipfw add 1020 pipe 1128 layer2 mac $MAC2 any ipfw add 1021 pipe 2768 layer2 mac any $MAC2 ipfw pipe 1128 bw 128Kbit/s mask mac-src 0xffffffffffff ipfw pipe 1256 bw 256Kbit/s mask mac-src 0xffffffffffff ipfw pipe 1512 bw 512Kbit/s mask mac-src 0xffffffffffff ipfw pipe 1768 bw 768Kbit/s mask mac-src 0xffffffffffff ipfw pipe 2128 bw 128Kbit/s mask mac-dst 0xffffffffffff ipfw pipe 2256 bw 256Kbit/s mask mac-dst 0xffffffffffff ipfw pipe 2512 bw 512Kbit/s mask mac-dst 0xffffffffffff ipfw pipe 2768 bw 768Kbit/s mask mac-dst 0xffffffffffff MAC0 is limited to 128kbit/s out and 768kbit/s in MAC1 is limited to 256kbit/s out and 512kbit/s in MAC2 is limited to 128kbit/s out and 768kbit/s in Does any of this make sense or am I just way off in my own little world here? Now if all this works then I assume that the byte count field for rules xxx0 and xxx1 should be the total bytes in and out for the link. Is this correct? If I was going to use that field for accounting to determine the bytes transferred per month is there a way to read and zero the counts at the same time, or am I going to just have to let the few bytes that come in between read and zero just drop off? -- Jacob S. Barrett jbarrett@amduat.net www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D864865.2030607>