ipfw, pipes, queues, weights and managing an Internet connection

Lubomir Georgiev 0shady0recs0 at gmail.com
Tue Jun 12 20:29:37 UTC 2007 

h1 all,

  Here's what I want to do - i have a 3mbps Internet connection. I want to
do something similar to QoS  - that is, I want to be able to browse without
feeling that for example I /or someone else behind the NAT/ is leeching a
torrent. Since I found out that there is no pure incarnation of QoS in ipfw
I believe that there is a way to accomplish this using the queues and
weights. I have tried to do this by myself but it seems that there is no
actual benefit of the weight parameter - I mean I do see the torrent speed
go down but its after 4-8 seconds after I've told the browser to go fetch a
page during which time it sits and waits.


  Here's what I currently have, involving queues and weigths in my ruleset
->


> 02000 queue 1 ip from any to any src-port 80 not layer2 via fxp0
> 02100 queue 1 ip from any to any dst-port 80 not layer2 via fxp0
> 02200 queue 2 ip from any to any via fxp0
>
and this is the pipe list


> 00001: 440.000 Kbit/s    0 ms   50 sl. 0 queues (1 buckets) droptail
> q00001: weight 95 pipe 1   50 sl. 1 queues (1 buckets) droptail
>     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
> Pkt/Byte Drp
>   0 tcp      10.11.0.246/1057     80.92.66.238/80    59038 41163646  0
> 0   0
> q00002: weight 5 pipe 1   50 sl. 1 queues (1 buckets) droptail
>     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
> Pkt/Byte Drp
>   0 udp       10.11.0.42/137       10.11.0.255/137   3148781 1921538209 15
> 14440 1046
>
I read something about putting in ACK's with a higher priority but I'm just
not quite sure what I need to do in order to achieve this result. Please do
share if you've done something similar and whether it's possible to NOT feel
AT ALL that someone is leeching. That is, can the packets' speed /dropping,
etc./ be so quickly managed by  the gateway as to the end user not feeling
anything? Most basically I would like to utilize a pipe at all times, but
when someone starts browsing I don't want him to feel that there's anything
in the background.


  Thanks in advance to all who share their thoughts and opinions. Your help
would be greatly appreciated.

  So let's get started...

-- 
mEsS wItH tHe bEsT
dIE liKe tHe rESt

More information about the freebsd-ipfw mailing list