kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth
Ian Smith
smithi at nimnet.asn.au
Thu Oct 22 12:20:03 UTC 2009
The following reply was made to PR kern/139581; it has been noted by GNATS.
From: Ian Smith <smithi at nimnet.asn.au>
To: alexus <alexus at alexus.org>
Cc: bug-followup at FreeBSD.org, freebsd at alexus.org
Subject: Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth
Date: Thu, 22 Oct 2009 23:17:23 +1100 (EST)
On Mon, 19 Oct 2009, alexus wrote:
> new set of rules
> pipe 1 config bw 1Mbit/s mask src-port www
> pipe 2 config bw 1Mbit/s mask src-port www
Wrong mask syntax entirely. You can see from your pipe masks as shown,
it's taken as meaning no mask at all:
> mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
Anyway, masking pipes creates dynamic pipes per masked flow, each of
which gets ALL of the specified bandwidth. If you want to limit total
bandwidth to 1Mbit/s, you likely want to use dynamic queues instead.
ipfw(8) is a precise reference, but very terse. Suggested reading:
http://info.iet.unipi.it/~luigi/dummynet/
and especially the last link from that page:
http://info.iet.unipi.it/~luigi/ip_dummynet/original.html
for clear examples of sharing evenly a single link - though noting
that page is outdated re the sysctls for dummynet, bridging etc.
Still looking more like a usage issue than describing a bug, but:
> > If this is still an issue, please:
> > . say whether the extra ~25% traffic shown is on the same interface
> > as the webserver, ie the interface MRTG monitors, or not?
> > . the value of sysctl net.inet.ip.fw.one_pass ?
cheers, Ian
More information about the freebsd-ipfw
mailing list