IPFW Pipes, upload pipe working at 1/3 of pipe banwidth

Ovi ovi at unixservers.us
Mon Sep 24 04:51:42 PDT 2007 

Hello guys,

I've tried last weekend different setups of IPFW + Dummynet in order to 
shape traffic.
Because my rules did not worked well I've simplified rules as much as 
possible, until I've reach basics and I've discovered that, having a 
FreeBSD 6.2 router (cvsuped few days ago to stable) with  2 pipes, one 
for  download and one for upload, downloads from LAN works at full speed 
of pipe, uploads from LAN works at 1/3 of pipe speed.

Tests was done for ftp upload and download, on 100 mbps network, 90 mbps 
pipes.

Now my ipfw rules are:
-----------------------
00007 153 15816 allow ip from any to me
00008 144 20434 allow ip from me to any
00010   0     0 allow ip from any to any via lo0
00020   0     0 deny ip from any to 127.0.0.1
04200   23456   43328 pipe 1 ip from 192.168.254.0/24 to any
04300   3453     34322 pipe 2 ip from any to 192.168.254.0/24
65535  0  0 deny ip from any to any

I've tried lot of rules like:
ipfw pipe 1 config bw 90000kbits/s
ipfw pipe 2 config bw 90000kbits/s
ipfw add 100 pipe 1 ip from any to any in recv fxp0
ipfw add 100 pipe 2 ip from any to any out xmit fxp0

I've tried to shape on outgoing too, on 2 interfaces, to shape in both 
ways, knowing that shaping is done when packets leave the interface.
Every rule I set, I do not have upload with speed more than 3MBytes/s 
(instead of 9MBytes/s)
Download works well.

The only thing that must mentioned is that router is connected to the 
other computer from which I do tests (upload&download) using a crossover 
cable
with interfaces configured using Vlans on both sides, the same VLAN ID. 
(I need this for my complex setup I've tried to achieve).

The computer is P IV 2.8, no other firewall is present, if I "ipfw 
disable firewall" the transfer rate on ftp upload is at full network 
cards speed.
When using firewall and transferring (uploading), I have 98% CPU idle, I 
did not noticed any bottleneck on server, the box is very minimalistinc, 
only with
base installation, midnight commander and few small aps.

Anybody have an idea how could I improve upload speed?

best regards,
ovidiu

More information about the freebsd-questions mailing list