layer2 filtering and dummynet, bw reduced by half

Luigi Rizzo rizzo at icir.org
Mon Oct 3 09:10:25 PDT 2005 

you are passing traffic through the pipe twice.
you have to decide if your rules should apply tto
layer2 or not and write the rules accordingly

luigi

On Mon, Oct 03, 2005 at 01:07:56PM -0300, Patrick Tracanelli wrote:
> 
> Hello,
> 
> I am doing some simple tests in a specific enviroment where layer2 
> filtering and dummynet will work together. There is a complex set of FW 
> rules, which showed a behaviour where, whenever I turn layer2 filtering 
> on, dummynet configured pipes get the configured BW reduced by half. To 
> check it out I reduced the production ruleset into a few, simple and 
> clear set of rules in a testing enviroment.
> 
> The current rules are:
> 
> layer2() {
>          ipfw add skipto 400 all from any to any mac-type ip,arp layer2
>          ipfw add deny all from any to any layer2
> }
> 
> countlog() {
>          ipfw add 400 count log all from any to any in
>          ipfw add 401 count log all from any to any out
> }
> 
> pipe() {
>          ipfw add pipe 1 all from any to 172.16.52.254/32 in
>          ipfw add pipe 2 all from 172.16.52.254/32 to any out
>          ipfw pipe 1 config bw 64Kbps queue 5
>          ipfw pipe 2 config bw 64Kbps queue 5
> }
> 
> Very simple, nothing special.
> FYI, one_pass feature for ipfw is '1' (default).
> 
> When net.link.ether.ipfw=0, dummynet works perfectly. The piped IP 
> address can only up/down at the configured speed. But when I turn 
> net.link.ether.ipfw=1 the maximum speedk gets reduced exactly by half, 
> just like if I had pipes configured at 32Kbps.
> 
> I have tested even without any layer2 rule loaded. The behaviour is just 
>   the same.
> 
> I am not sure what might be causing this weird behaviour. Is there any 
> thing that should be tunned up? Any ideas on why it happens, and how to 
> deal with it instead of configuring bw by 2 to get the desired speed? If 
> there is a logical reason for that which I ignore, there is no problem 
> in * it by 2, but I would like to hear about it, technically, which is 
> the reason.
> 
> And specially, if it something I am doing wrong, I would appreciate if 
> someone could point it out.
> 
> Thank you a lot :-)
> 
> -- 
> Patrick Tracanelli
> 
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"

More information about the freebsd-ipfw mailing list