Can DUMMYNET handle weighting of traffic according to firewall rules?
eksffa at freebsdbrasil.com.br
eksffa at freebsdbrasil.com.br
Sat Dec 13 18:09:37 UTC 2014
----- Menssagem Original -----
De: "Luigi Rizzo"
Para:"Brett Glass"
Cópia:"John Nielsen" , "freebsd-net at freebsd.org"
Enviado:Sat, 13 Dec 2014 19:15:52 +1100
Assunto:Can DUMMYNET handle weighting of traffic according to firewall
rules?
On Saturday, December 13, 2014, Brett Glass wrote:
> At 10:35 AM 12/12/2014, John Nielsen wrote:
>
> Is there a reason you can't use a separate pipe for each direction?
>>
>
> We want to limit the total amount of bandwidth consumed, based on
the
> formula 2U + D track of the sum.
>
> What I need (and am not sure if DUMMYNET can currently supply) is a
pipe
> that allows you to feed it a packet and say, "Count this X times
toward the
> bandwidth limit."
>
No, as it is now dummynet cannot do what you ask. It would be a
one-line
change in the kernel, plus the part to handle passing the extra
parameter
(we could call it "cost") to the queue's configuration.
As usual, the UI is 10+ times bigger than the code doing the actual
work
(though one could rightly blame the existing UI for not being
designed for
extensibility).
Cheers
Luigi
--
-----------------------------------------+-------------------------------
Prof. Luigi RIZZO, rizzo at iet.unipi.it . Dip. di Ing.
dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338-6809875 . 56122 PISA (Italy)
-----------------------------------------+-------------------------------
As I understand the problem, there are many ways to do this without
actually using any special feature on dummynet. From tagging a traffic
twice and feeding both tagged flows to the same pipe, to the easiest
and possibily lighter approach of disabling one pass and feeding the
traffic twice to the same pipe.
I did a simple lazy experiment:
# ipfw disable one_pass
# ipfw add 1 pipe 1 all from any 22 to me
00001 pipe 1 ip from any 22 to me
# ipfw add 2 pipe 1 all from any 22 to me
00002 pipe 1 ip from any 22 to me
# ipfw pipe 1 config bw 256Kbit/s
# scp proapps at serveruL800:/tmp/teste.bin /dev/null
Password for proapps at serveruL800:
teste.bin
0% 976KB 16.4KB/s 3:27:02 ETA
^C
Killed by signal 2.
So we have 16KB, (*8 = 128Kb, half the pipe configured bw since
packets were injected twice).
# ipfw delete 2
# scp proapps at serveruL800:/tmp/teste.bin /dev/null
Password for proapps at serveruL800:
teste.bin
1% 3408KB 31.4KB/s 1:54:00 ETA^CKilled by signal 2.
And now you have 31.4M, roughly 256Kbit/s (configured pipe bw).
So may you should try something like that:
ipfw delete 1-2
ipfw add 1 queue 1 all from any 22 to me
ipfw add 2 queue 1 all from any 22 to me
ipfw add 3 queue 2 all from me to any 22
ipfw queue 1 config pipe 1 weight 5
ipfw queue 2 config pipe 1 weight 5
ipfw pipe 1 config bw 256Kbit/s
ipfw sched 1 config type QFQ
# ipfw sched 1 show
00001: 256.000 Kbit/s 0 ms burst 0
sched 1 type QFQ flags 0x0 0 buckets 0 active
Children flowsets: 2 1
# ipfw queue 1-2 show
q00001 50 sl. 0 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0
droptail
q00002 50 sl. 0 flows (1 buckets) sched 1 weight 5 lmax 1500 pri 0
droptail
So there's a single pipe, two flowsets, but flowset 1 is injected
twice.
Is that what you wanted?
--
Patrick Tracanelli
-------------------------
Email sent using ProApps
More information about the freebsd-net
mailing list