Date: Tue, 27 Nov 2007 02:16:17 -0500 From: Sten Daniel Soersdal <netslists@gmail.com> To: bsdlist@mail.bg Cc: freebsd-isp@freebsd.org Subject: Re: ipfw + dummynet performance Message-ID: <474BC441.7030303@gmail.com> In-Reply-To: <474BB7CC.4020208@gmail.com> References: <1194447774.1814d69a23ce8@mail.bg> <474BB7CC.4020208@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sten Daniel Soersdal wrote: > bsdlist@mail.bg wrote: >> >> My question is obout performance of ipfw and dummynet with >> this rules >> >> pipe 101 ip from table(1) to any via em1 >> pipe 100 ip from any to table(1) xmit em1 >> pipe 200 ip from table(2) to any via em1 >> pipe 202 ip from any to table(2) xmit em1 >> pipe 301 ip from table(3) to any via em1 >> pipe 300 ip from any to table(3) xmit em1 >> pipe 401 ip from table(4) to any via em1 >> pipe 400 ip from any to table(4) xmit em1 >> >> .. >> pipe 202 config bw 512K mask dst-ip 0xffffffff >> pipe 200 config bw 256K mask src-ip 0xffffffff >> this rules are the same for the 4 table but with diffrent >> speed : >> > > 'via' makes you match both 'recv' and 'xmit' packets. Perhaps this > clears things up? > If you want to make this faster you could halve the number of rules you > need to process, but it's not easy see from what you posted. > Example; > > > skipto 1000 xmit em1 > skipto 2000 recv em1 > > 1000 pipe 100 dst-ip table(1) > 1001 pipe 202 dst-ip table(2) <-- also note the pipe number?? > 1002 pipe 300 dst-ip table(3) > 1003 pipe 400 dst-ip table(4) > 1999 accept > > 2000 pipe 101 src-ip table(1) > 2001 pipe 200 src-ip table(2) <-- also note the pipe number?? > 2002 pipe 301 src-ip table(3) > 2003 pipe 401 src-ip table(4) > 2999 accept > > Also, are you sure you want to swap 202 and 200 in your system? perhaps > this adds to the problem? > > That should be; skipto 1000 out xmit em1 skipto 2000 in recv em1 To be sure :) Also you could change the 1999 and 2999 rules to be 'deny' rules to rule out spoofing (not in table = deny) depending upon other configuration options. -- Sten Daniel Soersdal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?474BC441.7030303>