FreeBSD 7.0: dummynet 99% cpu

[Eugene L Kovalenja]

Hello.

My OS:
FreeBSD *** 7.0-RELEASE FreeBSD 7.0-RELEASE #6: Sun Nov 23 14:32:31 EET 
2008     root@***:/usr/src/sys/i386/compile/QWEKRN70  i386

Machine:
HP Proliant DL560 (Xeon 2.5GHzX8, 4Gb RAM)

/etc/sysctl.conf
kern.polling.enable=0
net.inet.tcp.sendspace=1048576
net.inet.tcp.recvspace=1048576
net.inet.icmp.icmplim=100
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.msl=15000
net.inet.ip.fastforwarding=1
net.inet.ip.maxfragsperpacket=45
net.inet.tcp.log_in_vain=0
kern.ipc.maxsockets=204800
kern.ipc.maxsockbuf=16777216
kern.polling.each_burst=150
kern.polling.burst_max=1000
net.inet.tcp.syncookies=1
kern.ipc.nmbclusters=262144
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.unprivileged_read_msgbuf=0
net.inet.ip.random_id=1
kern.logsigexit=0
kern.ipc.somaxconn=24096
net.inet.ip.intr_queue_maxlen=1024
net.inet.tcp.mssdflt=1460
net.inet.tcp.slowstart_flightsize=54
net.inet.ip.fw.one_pass=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
kern.maxfilesperproc=104856
kern.maxfiles=65535
net.inet.tcp.rfc1323=1
net.inet.ip.dummynet.hash_size=512
net.graph.maxdgram=128000
net.graph.recvspace=128000
net.inet.ip.intr_queue_maxlen=10240


I'm use this machine as VPN-server for access my clients into Internet.

VPN-server: mpd4.3
Shaper: dummynet (pipes)

Example of shaper rules:

01111       0          0 pipe 1231 ip from table(123) to any via ng*
01111       0          0 pipe 1232 ip from any to table(123) via ng*

Pipes:
ipfw pipe 1231 config bw XXXXKbit/s mask src-ip 0xffffffff
ipfw pipe 1232 config bw XXXXKbit/s mask dst-ip 0xffffffff


Time in three days traffic via ipfw doesn't go. In top:
   21 root         1 -44    -     0K     8K WAIT   7   2:15  99.02% dummynet
(this is example, not copy\paste)

Also sw1: net increases from 5-10% to 30-35%...

I am helped only by reboot.

In what can consist the problem?

Thanks.