Packet loss with traffic shaper and routing

tpeixoto at widesoft.com.br tpeixoto at widesoft.com.br
Tue May 2 02:09:00 UTC 2006 

Julian Elischer wrote:
> tpeixoto at widesoft.com.br wrote:
> 
>> Hello!
>>
>> Erich Dollansky wrote:
>>
>>> Hi,
>>>
>>> tpeixoto at widesoft.com.br wrote:
>>>
>>>>
>>>> At this moment, I'm getting more than 50% interrupts and 20% packets 
>>>> lost.
>>>
>>>
>>> you must have something very basic done the wrong way.
>>
>> >
>>
>> Hope so. So I can fix and learn from it!
>>
>>
>>> I would suggest to upgrade that box to 6.1.
>>>
>>
>> We tried 6.0-RELEASE. Please, keep reading...
>>
>>
>>> You need then a systematic approach.
>>>
>>> Run the GENERIC kernel and see what happens there.
>>>
>>
>> Ok, 15% interrupts. System worked fine.
>>
>>
>>> Then take all out you believe you do not need and see what happens then.
>>>
>>> Finally, switch to SMP and start the fine tuning.
>>>
>>
>> Kernel recompiled with SMP+IPFW+DUMMYNET and system running with 
>> firewall_type="OPEN". Low interrupts, great.
>>
>> As I inserted the bandwidth rules, the problem arose again! Interrupts 
>> getting at 80% and packets being lost.
>>
>>
>>> Do not use HT as it should slow down the machine.
>>>
>>
>> I switched it off but didn't notice any major difference. Anyway I 
>> left it disabled.
>>
>>
>>> If even the first step fails, check the connections including the 
>>> network card if it is one.
>>>
>>> Erich
>>>
>>
>> I guess we found where the problem is. IPFW and dummynet seems to be 
>> the ones to blame here, or the way we are using them.
>> For each MAC address we want to shape, we use 2 pipes and 2 rules, 1 
>> for download and 1 for upload.
>> I believe the problem is that the number of clients (MAC addresses) 
>> grew from 200 to around 1600, and this means lots of pipes and lots of 
>> rules.
>>
>> Anyone knows a better way to get this job done?
> 
> 
> for 1600 hosts are you runing 1600 rules?
> 

No. For 1600 hosts we're running 3200 rules... (and also 3200 pipes).


> That would do it..
> 
> In all versions of FreeBSD
> you can use the skipto rule to make sure that only a few rules are run 
> for any
> address. Use it to to a binary search for the right pipe.'
> carefully using 'skipto' and 'table' can make it efficient to do very 
> complex
> filters like that.
> 

Sorry, but I didn't realized how to use that as we have to shape each 
user individually, i.e., each MAC address on the LAN has its own 
download and upload speeds.

Could you clarify how to improve the situation with the tools you mentioned?

Thanks.


> 
> in 7.0 you can use the 'tablearg' operator to ensure that only 1 rule is 
> run per host .
> I don't know if it is in 6.1..
> if not you may be able to simply apply the diffs.
> 
> 
>>
>> Thanks!
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> 
>

More information about the freebsd-net mailing list