Bandwidth is limited under defined limit

John Brogan jbrogan at jbrogan.com
Tue May 6 05:14:12 PDT 2003 

I'm not sure what details I should grab from our system but here is a 
breakdown of the problem.

Router: running freebsd 4.7-p10 running ipfw for for firewall and simple 
traffic shaper.

Circuit: 36mbps

Problem: Trying to limit port 25 traffic from inside our network to use no 
more than 30mbps at any time, leaving 6mbps for web and other traffic.  I 
am only getting 22mbps of outbound port 25 traffic no matter how I alter 
the pipe statement (below)

in my rc.firewall at the top of the ruleset I have:

${fwcmd} add pipe 1 tcp from x.x.x.x/24 to any 25
${fwcmd} pipe 1 config bw 30Mbit/s

(I'm showing x's instead of digits for reference)

If I do an ipfw -a list, the pipe shows up as:

00400  57500157 62391158214 pipe 1 tcp from x.x.x.x/24 to any 25

if I do an "ipfw pipe show" I get:

00001:  30.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
   0 tcp   x.x.x.x/3576   x.x.x.x/25    62443512 67705656555  0    0 6649763

I can set that "pipe 1 config bw" statement to 90mbps or 100mbps or 
something outrageous and it still does not want to let bandwidth go over 
22mbps for port 25 traffic

I am delivering news (opt-in only) for a very large cable news company and 
we are trying to figure out how to get more bandwidth for port 25 but not 
to saturate the circuit.  If we remove the pipe alltogether just to make 
certain it's not some hardware issue then we almost immediately saturate 
the link at 100% with just port 25 traffic.

I've read through the archives but have not found something similar to 
this, or at least from what I searched for.   What could be causing this 
and if you have suggestions for other settings to make on this, I would 
appreciate the help.

I'd rather use ipfw than buy a piece of hardware to do the bandwidht 
limiting because I've been a freebsd user back to the 1.1.5.1 days and 
believe in the product and project 100%

Oh, and if anyone knows how I can get in touch with Rod Grimes, please let 
me know or pass my address along to him.  I have a potential project for him.

Many Thanks

John Brogan
jbrogan.com

More information about the freebsd-ipfw mailing list