IPFW+Dummynet Capability

Kazi A. Sharif kazi.sharif at aonb.com.bd
Sun Jul 20 15:39:44 UTC 2008 

Hello Thomas,
Thanks for the reply. It seems I am not in the right track. I used 
Emerging Technologies commercial bandwidth manager. It was tested with 
2000 rules and the total traffic was 25Mbps. It is build on UNIX OS. I 
heard that Allot is also able to use many rules. In Mikrotik we can 
create Queue/Queue group/Firewall/IP based MRTG Graph/Time-based QoS and 
they say that it is tested with Gigabit traffic.
My current requirement is bellow 100Mbps but there will have at least 
4000 clients that means 4000 IPs. We use the packages 64, 96, 128, 256, 
512, 1024/1024kbps and so on. We used to create 2 rules for each user, 
one for bandwidth and another for firewall or MAC binding with IP.
After a lot of searching on IPFW+Dummynet I didn't find a good IP based 
in/out traffic graphing way through SNMP or something like that, I 
checked for Time-based QoS on IPFW+Dummynet and saw a patch but its not 
granted, I wanted to use name with rule number but I don't think uid/gid 
is what I was looking for.
So do you think there is a way to use IPFW+Dummynet using table to 
reduce number of rules and for at least 100Mbps traffic? You may have 
other suggestions to use Altq+PF or something similar.
I think I should spent time on this if my above requirements are achievable.
Thanking
Sharif



Thomas Vogt wrote:
> Hello
>
> Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif:
>> Hello Guys,
>> I was planning to install a heavy duty bandwidth manager for my ISP. 
>> I went through some documentation and installed IPFW and Dummynet in 
>> FreeBSD 7.0. Before I spent so much time on this I need to know the 
>> limitations that are already noticed:
>>
>> 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies 
>> Bandwidth manager, how efficient is the IPFW+Dummynet?
>> 2. Is it possible to control/throttle 800/900Mbps bandwidth using 
>> recommended hardware?
>
> We use something similiar to make sure that certain ip ranges always 
> get the best performance. Simulating some kind of QoS and set a max 
> bandwidth for everything.
>
>
> We figured out that the limit with this Xeon is somewhere between 
> 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower 
> quad cores but the performance was even worse. UP systems with fast 
> CPU where the best choice so far for us. At the moment our system runs 
> with 6.2 but to be honest i don't belive that the performance gets 
> trippled with FreeBSD 7.
>
> Our hardware:
> Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel em 
> cards (<Intel(R) PRO/1000 Network Connection Version - 6.2.9).
>
> In the past Ian Freislich mentioned at performance@  that AMD Opterons 
> are maybe faster because of the bigger L1 cache. You will get less 
> cache misses with it.
>
> We could squeeze a bit more speed with ipfw table keyword. In 
> gerneral, the less rule you have the better performance you will get.
>
> There is also an dummynet issue with FreeBSD 7.0. We just used 
> dummynet to limit a ftp server to 500Mpbs and had a lot of kernel 
> panics.  Oleg Bulyzhin wrote a patch:
> http://www.freebsd.org/cgi/query-pr.cgi?prp=113548-3-diff
>
> As far as i know this patch is not included in 7.0-Release and i'm not 
> sure if it was ever commited to -stable or -head.
>
> Regards,
> Thomas Vogt
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
>

More information about the freebsd-ipfw mailing list