IPFW+Dummynet Capability

Ganbold ganbold at micom.mng.net
Mon Jul 21 03:11:04 UTC 2008 

Kazi A. Sharif wrote:
> Hello Thomas,
> Thanks for the reply. It seems I am not in the right track. I used 
> Emerging Technologies commercial bandwidth manager. It was tested with 
> 2000 rules and the total traffic was 25Mbps. It is build on UNIX OS. 
Emerging technologies use FreeBSD. See the FAQ:
http://www.etinc.com/index.php?page=bwmgrfaq.htm

> I heard that Allot is also able to use many rules. In Mikrotik we can 
> create Queue/Queue group/Firewall/IP based MRTG Graph/Time-based QoS 
> and they say that it is tested with Gigabit traffic.
> My current requirement is bellow 100Mbps but there will have at least 
> 4000 clients that means 4000 IPs. We use the packages 64, 96, 128, 
> 256, 512, 1024/1024kbps and so on. We used to create 2 rules for each 
> user, one for bandwidth and another for firewall or MAC binding with IP.
> After a lot of searching on IPFW+Dummynet I didn't find a good IP 
> based in/out traffic graphing way through SNMP or something like that, 
> I checked for Time-based QoS on IPFW+Dummynet and saw a patch but its 
> not granted, I wanted to use name with rule number but I don't think 
> uid/gid is what I was looking for.
> So do you think there is a way to use IPFW+Dummynet using table to 
> reduce number of rules and for at least 100Mbps traffic? You may have 
> other suggestions to use Altq+PF or something similar.
> I think I should spent time on this if my above requirements are 
> achievable.
> Thanking
> Sharif
>
>
>
> Thomas Vogt wrote:
>> Hello
>>
>> Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif:
>>> Hello Guys,
>>> I was planning to install a heavy duty bandwidth manager for my ISP. 
>>> I went through some documentation and installed IPFW and Dummynet in 
>>> FreeBSD 7.0. Before I spent so much time on this I need to know the 
>>> limitations that are already noticed:
>>>
>>> 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies 
>>> Bandwidth manager, how efficient is the IPFW+Dummynet?
>>> 2. Is it possible to control/throttle 800/900Mbps bandwidth using 
>>> recommended hardware?
>>
>> We use something similiar to make sure that certain ip ranges always 
>> get the best performance. Simulating some kind of QoS and set a max 
>> bandwidth for everything.
>>
>>
>> We figured out that the limit with this Xeon is somewhere between 
>> 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower 
>> quad cores but the performance was even worse. UP systems with fast 
>> CPU where the best choice so far for us. At the moment our system 
>> runs with 6.2 but to be honest i don't belive that the performance 
>> gets trippled with FreeBSD 7.
>>
>> Our hardware:
>> Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel 
>> em cards (<Intel(R) PRO/1000 Network Connection Version - 6.2.9).
>>
>> In the past Ian Freislich mentioned at performance@  that AMD 
>> Opterons are maybe faster because of the bigger L1 cache. You will 
>> get less cache misses with it.
>>
>> We could squeeze a bit more speed with ipfw table keyword. In 
>> gerneral, the less rule you have the better performance you will get.
>>
>> There is also an dummynet issue with FreeBSD 7.0. We just used 
>> dummynet to limit a ftp server to 500Mpbs and had a lot of kernel 
>> panics.  Oleg Bulyzhin wrote a patch:
>> http://www.freebsd.org/cgi/query-pr.cgi?prp=113548-3-diff
>>
>> As far as i know this patch is not included in 7.0-Release and i'm 
>> not sure if it was ever commited to -stable or -head.
>>
>> Regards,
>> Thomas Vogt
>> _______________________________________________
>> freebsd-ipfw at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>>
>>
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
>
>


-- 
ONE THING KIDS LIKE is to be tricked. For instance, I was going to take 
my little nephew to Disneyland, but instead I drove him to a burned-out 
warehouse. "Oh, oh," I said. "Disneyland burned down." He cried and 
cried, but I think that deep down he thought it was a pretty good joke. 
I started to drive over to the real Disneyland, but it was getting 
pretty late. -- Jack Handey, The New Mexican, 1988

More information about the freebsd-ipfw mailing list