Shaping a lot of users...

Alhagie Puye alhagiep at yahoo.com
Fri Oct 24 03:02:41 PDT 2003 

I have a similar setup and this is what my firewall
script look like:

# EVERYBODY "DOWN"
add queue 1 ip from any to 192.168.42.0/27
queue 1 config weight 1 pipe 1 mask dst-ip 0xffffffff
pipe 1 config bw 1500Kbit/s
#
# EVERYBODY "UP"
add queue 2 ip from 192.168.42.0/27 to any
queue 2 config weight 1 pipe 2 mask src-ip 0xffffffff
pipe 2 config bw 400Kbit/s

The output looks like this:

firewall# ipfw pipe list 
00001:   1.500 Mbit/s    0 ms   50 sl. 0 queues (1
buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002: 400.000 Kbit/s    0 ms   50 sl. 0 queues (1
buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
q00001: weight 1 pipe 1   50 sl. 3 queues (256
buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____
Tot_pkt/bytes Pkt/Byte Drp
 79 ip           0.0.0.0/0       192.168.42.31/0      
 1      229  0    0   0
 81 ip           0.0.0.0/0        192.168.42.1/0     
103     6958  0    0   0
 82 ip           0.0.0.0/0        192.168.42.2/0      
95    27837  0    0   0
q00002: weight 1 pipe 2   50 sl. 2 queues (256
buckets) droptail
    mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____
Tot_pkt/bytes Pkt/Byte Drp
170 ip      192.168.42.1/0             0.0.0.0/0      
68    10862  0    0   0
172 ip      192.168.42.2/0             0.0.0.0/0     
164    13563  0    0   0

Hope this helps.

Cheers,
Alhagie.
--- Sean Hafeez <sahafeez at edgefocus.com> wrote:
> I am using the following:
> 
> ipfw -f flush
> /sbin/natd -interface rl0
> ipfw add 999 divert natd all from any to any via rl0
> ipfw add pipe 1 ip from any to any in recv rl1
> ipfw add pipe 2 ip from any to any out xmit rl1
> ipfw pipe 1 config mask src-ip 0xffffffff bw
> 1024kbits/s
> ipfw pipe 2 config mask dst-ip 0xffffffff bw
> 1024kbits/s
> 
> rl0 - outside
> rl1 - inside
> 
> and I have this is my sysctl.conf
> 
> net.inet.ip.fw.one_pass=0
> net.inet.ip.dummynet.hash_size=512
> net.inet.ip.dummynet.max_chain_len=64
> 
> This seems to work great for limiting each user to a
> max of 1 meg up 
> and down.
> 
> What I want to know is how do I do the same thing
> but shape the users 
> to have EQUAL bandwidth in times of load. What I
> mean is this:
> 
> Each unique IP address on the inside
> (192.168.1.x/22) is limited to a 
> max of 1 meg. If there is a hugh load that exceeds
> my internet 
> bandwidth (2 T1's - so 3 megs) I would like each
> users to get the same 
> amount of bandwidth - 30 users all getting 100k. I
> would like it to 
> adjust based on the load.
> 
> I have looked at the docs and example but I am a bit
> confused.
> 
> Also we need to be careful not to shape the BSD box
> itself - I have 
> seen some rules that screw things up because they
> shape the shaping 
> box!!
> 
> Thanks All!
> 
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe at freebsd.org"


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

More information about the freebsd-ipfw mailing list