freebsd-ipfw Digest, Vol 67, Issue 3
Pedro Paulo de Magalhaes Oliveira Junior
ppj at netfilter.com.br
Fri Jul 9 06:16:13 PDT 2004
Sorry for the wrong message...
-----Original Message-----
From: Pedro Paulo de Magalhaes Oliveira Junior [mailto:ppj at netfilter.com.br]
Sent: sexta-feira, 9 de julho de 2004 10:16
To: 'freebsd-ipfw at freebsd.org'
Subject: RE: freebsd-ipfw Digest, Vol 67, Issue 3
No kit de adm precisa pedir ao Zé para colocar um fazedor de blacklist local
e whitelist local
-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org [mailto:owner-freebsd-ipfw at freebsd.org]
On Behalf Of freebsd-ipfw-request at freebsd.org
Sent: sexta-feira, 9 de julho de 2004 09:01
To: freebsd-ipfw at freebsd.org
Subject: freebsd-ipfw Digest, Vol 67, Issue 3
Send freebsd-ipfw mailing list submissions to
freebsd-ipfw at freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
or, via email, send a message with subject or body 'help' to
freebsd-ipfw-request at freebsd.org
You can reach the person managing the list at
freebsd-ipfw-owner at freebsd.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-ipfw digest..."
Today's Topics:
1. Dummynet Queue Weighting (Thomas S. Crum - 1WISP, Inc.)
2. Blackhole issues when booting into a wm. (Chris)
3. Re: Dummynet Queue Weighting (Louis A. Mamakos)
4. Re: Turning off submission (587) port (Thomas Wolf)
5. Strings (Pedro Paulo Jr)
6. Re: Strings (Darcy Buskermolen)
7. Re: Dummynet Queue Weighting (Ian FREISLICH)
8. Re: Blackhole issues when booting into a wm. (Ian FREISLICH)
9. Re: Dummynet Queue Weighting (Luigi Rizzo)
----------------------------------------------------------------------
Message: 1
Date: Thu, 8 Jul 2004 11:36:59 -0400
From: "Thomas S. Crum - 1WISP, Inc." <tscrum at 1wisp.com>
Subject: Dummynet Queue Weighting
To: "'FreeBSD IPFW'" <freebsd-ipfw at freebsd.org>
Message-ID: <002601c46501$904a7d30$0200a8c0 at wolf>
Content-Type: text/plain; charset="us-ascii"
# SAMPLE CONFIG
ipfw queue 1 ip from A to B
ipfw queue 1 config weight 10 pipe 1
ipfw queue 2 ip from C to D
ipfw queue 2 config weight 5 pipe 1
ipfw queue 3 ip from E to F
ipfw queue 3 config weight 1 pipe 1
ipfw pipe 1 config bw 1000Kbit/s
Question?
When setting up queues as I have done above with different weights they (the
queues) will share the assigned pipe proportionate to their weight.
For example if you had traffic on all three queues, the A&B(1), C&D(2), and
E&F(3); they would get 10/16, 5/16, and 1/16 of the pipe, respectively.
But, what if A&B(1) had no traffic? It is my understanding that queue 2 and
3 would still only get 5/16 and 1/16 of the pipe regardless. In this
example, 3/8 or 375Kb/s total. Or would 2 and 3 share the whole pipe if
queue 1 is inactive, which would make my questions moot?
What I am trying to accomplish here is to give a greater amount of bandwidth
between 2 ip's when they are active. But they are hardly ever active and
therefore I want the rest of the network to use the whole pipe until they
become active.
Any comments and particularly suggestions are appreciated. If I'm entirely
wrong with my presumptions mention that too. :)
Best,
Thomas S. Crum
Senior Technical Associate
tscrum at aaawebsolution.com
Toll-free: (800) 834-0626
AAA Web Solution, Inc.
11924 W Forest Hill Boulevard
Building 22 - Mailstop 200
Wellington, FL 33414 USA
Providing full-service website design, maintenance, hosting, and marketing.
No task is too small or enterprise too large for us to help you!
----------------------------------------------------------------------------
------------------------------
Message: 2
Date: Thu, 8 Jul 2004 10:57:11 -0500
From: Chris <racerx at makeworld.com>
Subject: Blackhole issues when booting into a wm.
To: FreeBSD IPFW <freebsd-ipfw at freebsd.org>
Message-ID: <200407081057.11657.racerx at makeworld.com>
Content-Type: text/plain; charset="us-ascii"
Can someone explain to me why when I add blackhole to my sysctl file,
booting
into a wm is slow as hell? As expected, when I comment out the tcp and udp
blackhole lines, the system responds as normal.
Some info -
AMD 1.6
FBSD 5.2.1-RELEASE-p9 and FBSD 4.10
--
Best regards,
Chris
--
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
ClamAV virus dat updated: Thu Jul 8 2004 at 03:02:52
daily.cvd updated (version: 398, sigs: 758, f-level: 2, builder: tomek)
------------------------------
Message: 3
Date: Thu, 08 Jul 2004 14:48:53 -0400
From: "Louis A. Mamakos" <louie at TransSys.COM>
Subject: Re: Dummynet Queue Weighting
To: "Thomas S. Crum - 1WISP, Inc." <tscrum at 1wisp.com>
Cc: 'FreeBSD IPFW' <freebsd-ipfw at freebsd.org>
Message-ID: <20040708184853.7B9BB20F72 at whizzo.transsys.com>
Content-Type: text/plain; charset=us-ascii
> # SAMPLE CONFIG
> ipfw queue 1 ip from A to B
> ipfw queue 1 config weight 10 pipe 1
> ipfw queue 2 ip from C to D
> ipfw queue 2 config weight 5 pipe 1
> ipfw queue 3 ip from E to F
> ipfw queue 3 config weight 1 pipe 1
> ipfw pipe 1 config bw 1000Kbit/s
>
> Question?
>
> When setting up queues as I have done above with different weights they
(the
> queues) will share the assigned pipe proportionate to their weight.
>
> For example if you had traffic on all three queues, the A&B(1), C&D(2),
and
> E&F(3); they would get 10/16, 5/16, and 1/16 of the pipe, respectively.
>
> But, what if A&B(1) had no traffic? It is my understanding that queue 2
and
> 3 would still only get 5/16 and 1/16 of the pipe regardless. In this
> example, 3/8 or 375Kb/s total. Or would 2 and 3 share the whole pipe if
> queue 1 is inactive, which would make my questions moot?
I use a similar configuration to prioritize VoIP traffic on my
"upstream" network connection. I create a pipe with the bandwidth
sized to the actual capacity of the network link and the multiple
queues just as you did.
The answer to your question is that idle queue do not consume capacity
on the pipe they are associated with. I have queue with weights
100 (for VoIP), 20 (for interactive SSH, NTP) and 1 (everything else)
and the "everything else" traffic can use the full capacity of the
pipe with the other queues are idle.
louie
------------------------------
Message: 4
Date: Thu, 8 Jul 2004 21:12:15 -0000
From: Thomas Wolf <tw at wsf.at>
Subject: Re: Turning off submission (587) port
To: Gregory Neil Shapiro <gshapiro at freebsd.org>, Thomas Wolf
<tw at wsf.at>
Cc: FreeBSD IPFW <freebsd-ipfw at freebsd.org>
Message-ID: <20040708231215.fsp0rn91py8gw0 at .mailhost.wsf.at>
Content-Type: text/plain; charset=us-ascii
Gregory Neil Shapiro <gshapiro at freebsd.org> schrieb:
> > AFAIK, it is sufficient to edit /etc/mail/sendmail.cf and
> > comment or delete the follwoing line:
> > O DaemonPortOptions=Port=587, Name=MSA, M=E
> > and restart sendmail afterwards.
>
> Hand editing the sendmail.cf is a bad idea.
You're right. Bad habit. Sorry for advising this.
Thomas
--
Thomas Wolf
Wiener Software Fabrik
Dubas u. Wolf GMBH
1050 Wien, Mittersteig 4
------------------------------
Message: 5
Date: Thu, 8 Jul 2004 18:47:00 -0300
From: "Pedro Paulo Jr" <ppj at netfilter.com.br>
Subject: Strings
To: <freebsd-ipfw at freebsd.org>
Message-ID: <002501c46535$19890a20$2c1906c9 at vilapnq0uu055v>
Content-Type: text/plain; charset="iso-8859-1"
Sorry for another post ...
I was planning to use freebsd to avoid P2P in my network. The problem is
that every gpl solution for this uses de string module of iptables.
There are something similar in IPFW?
Thanks in advance,
Pedro Paulo Jr
------------------------------
Message: 6
Date: Thu, 8 Jul 2004 16:22:24 -0700
From: Darcy Buskermolen <darcy at wavefire.com>
Subject: Re: Strings
To: freebsd-ipfw at freebsd.org
Message-ID: <200407081622.24343.darcy at wavefire.com>
Content-Type: text/plain; charset="iso-8859-1"
On July 8, 2004 02:47 pm, Pedro Paulo Jr wrote:
> Sorry for another post ...
>
> I was planning to use freebsd to avoid P2P in my network. The problem is
> that every gpl solution for this uses de string module of iptables.
>
> There are something similar in IPFW?
ipfw is not a content firewall, if you are looking to do that perhaps you
should look at something like hogwash. (based of the same code as snort)
>
> Thanks in advance,
>
> Pedro Paulo Jr
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
--
Darcy Buskermolen
Wavefire Technologies Corp.
ph: 250.717.0200
fx: 250.763.1759
http://www.wavefire.com
------------------------------
Message: 7
Date: Fri, 09 Jul 2004 10:19:17 +0200
From: Ian FREISLICH <if at hetzner.co.za>
Subject: Re: Dummynet Queue Weighting
To: "Louis A. Mamakos" <louie at TransSys.COM>
Cc: 'FreeBSD IPFW' <freebsd-ipfw at freebsd.org>
Message-ID: <E1BiqbF-000DWn-00 at hetzner.co.za>
> > # SAMPLE CONFIG
> > ipfw queue 1 ip from A to B
> > ipfw queue 1 config weight 10 pipe 1
> > ipfw queue 2 ip from C to D
> > ipfw queue 2 config weight 5 pipe 1
> > ipfw queue 3 ip from E to F
> > ipfw queue 3 config weight 1 pipe 1
> > ipfw pipe 1 config bw 1000Kbit/s
> >
> > Question?
> >
> > When setting up queues as I have done above with different weights
> > they (the queues) will share the assigned pipe proportionate to
> > their weight.
> >
> > For example if you had traffic on all three queues, the A&B(1),
> > C&D(2), and E&F(3); they would get 10/16, 5/16, and 1/16 of the
> > pipe, respectively.
> >
> > But, what if A&B(1) had no traffic? It is my understanding that
> > queue 2 and 3 would still only get 5/16 and 1/16 of the pipe
> > regardless. In this example, 3/8 or 375Kb/s total. Or would 2 and
> > 3 share the whole pipe if queue 1 is inactive, which would make my
> > questions moot?
>
> The answer to your question is that idle queue do not consume capacity
> on the pipe they are associated with. I have queue with weights 100
> (for VoIP), 20 (for interactive SSH, NTP) and 1 (everything else) and
> the "everything else" traffic can use the full capacity of the pipe
> with the other queues are idle.
This raises another question: how do the idle queues get shared?
Using the above sample configuration, if queue 2 is idle, does the
pipe get shared between queue 1 and queue 3 in proportions 10/11
and 1/11 respectively or 10/16 and 1/16 respectivly with the remaining
5/16 shared evenly between them?
Ian
--
Ian Freislich
------------------------------
Message: 8
Date: Fri, 09 Jul 2004 10:29:14 +0200
From: Ian FREISLICH <if at hetzner.co.za>
Subject: Re: Blackhole issues when booting into a wm.
To: racerx at makeworld.com
Cc: FreeBSD IPFW <freebsd-ipfw at freebsd.org>
Message-ID: <E1Biqks-000DYs-00 at hetzner.co.za>
> Can someone explain to me why when I add blackhole to my sysctl file,
booting
> into a wm is slow as hell? As expected, when I comment out the tcp and udp
> blackhole lines, the system responds as normal.
>
> Some info -
> AMD 1.6
> FBSD 5.2.1-RELEASE-p9 and FBSD 4.10
The window manager (at least mine does) may be trying to resolve
your machine's IP address. If you don't have a resolver listening
then with blackhole turned on, your WM won't get any icmp port
unreachable messages back and it will have to wait until the query
times out before continuing.
Maybe it's not trying to resolve, but trying to connect to some
port that doesn't have a listner. Either way, you can use tcpdump
on your loopback device to figure out what's going on.
If that's too complicated, try adding an entry in /etc/hosts for
your IP address and host name and see if that fixes it.
Ian
--
Ian Freislich
------------------------------
Message: 9
Date: Fri, 9 Jul 2004 01:41:07 -0700
From: Luigi Rizzo <rizzo at icir.org>
Subject: Re: Dummynet Queue Weighting
To: Ian FREISLICH <if at hetzner.co.za>
Cc: 'FreeBSD IPFW' <freebsd-ipfw at freebsd.org>
Message-ID: <20040709014107.A35991 at xorpc.icir.org>
Content-Type: text/plain; charset=us-ascii
On Fri, Jul 09, 2004 at 10:19:17AM +0200, Ian FREISLICH wrote:
...
> > > But, what if A&B(1) had no traffic? It is my understanding that
> > > queue 2 and 3 would still only get 5/16 and 1/16 of the pipe
> > > regardless. In this example, 3/8 or 375Kb/s total. Or would 2 and
> > > 3 share the whole pipe if queue 1 is inactive, which would make my
> > > questions moot?
> >
> > The answer to your question is that idle queue do not consume capacity
> > on the pipe they are associated with. I have queue with weights 100
> > (for VoIP), 20 (for interactive SSH, NTP) and 1 (everything else) and
> > the "everything else" traffic can use the full capacity of the pipe
> > with the other queues are idle.
>
> This raises another question: how do the idle queues get shared?
the only thing that is shared is the total pipe's capacity,
and it is shared by non-idle queues in proportion to their
weights. That's as simple as that. No special cases.
There is a copious literature on Proportional Share
algorithms, if you google for WF2Q+ (which is the algorithm
implemented in dummynet) you should come up with a lot of
papers to answer your doubts.
We are finishing up a tutorial paper on the topic for which i will
post a URL in a week or two when it is ready.
cheers
luigi
------------------------------
_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
End of freebsd-ipfw Digest, Vol 67, Issue 3
*******************************************
More information about the freebsd-ipfw
mailing list