ipfw pipe show

Jim Flowers jflowers at ezo.net
Thu Feb 21 17:31:27 UTC 2008 

On Thu, 21 Feb 2008 17:53:55 +0100 (CET), Wojciech Puchar wrote
> > answer but there is one thing that is still a puzzle.
> >
> > I have a pipe configured as:
> >
> > ipfw pipe 2 config bw 768Kbit/s queue 20Kbytes
> >
> > When I use `ipfw -s 4 pipe 2 show, one bucket is shown:
> >
> > 00002: 768.000 Kbit/s    0 ms  20 KB 1 queues (1 buckets) droptail
> >    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
> >  0 tcp     12.###.##.77/80      88.###.##.175/2200  10565  8421549  0    0 103
> >
> > I understand that there is only one bucket but how are the source and
> > destination ip addresses and ports chosen to be displayed from all that are
> 
> yes. use queues through this pipe for implementing smart traffic 
> control 
> (best of a kind i must say).

I'll get to queues eventually.  Right now I precede this pipe with a pipe that
reports overall statistics for tcp/udp/other and one that develops statistics
and applies 128kbps bw limits on a per source host basis.  All pipes are
sequential.

> 
> >
> > While I'm at it this pipe has a 768 Kbps bw limit and is currently running at
> 
> what kind of traffic is it? single or lots of tcp connections? looks 
> like a single connection

Traffic is multiple simultaneous connections (outbound http from 20 to 30
webservers).
> 
> > less than 250 Kbps.  Why are packets still being dropped at the rate of about
> > 1%, fairly consistently?
> 
> turn off the pipe and check the traffic again. it looks like your 
> pipe is setup correctly.

Yes, when I do this with an 8 sec delay to reading, I sometimes catch a
dropped packet.  Calculated bw is ~200kbps.  After some minutes it goes to the
1% level and stays there.

> 
> are other rules ok?

Yes, everything seems to be consistent and counts match closely.

It's not so much a problem but that I am curious.  And, I still don't
understand the significance of the ip addresses/ports shown in the single
bucket pipe?

Thanks for the response.


--
Jim Flowers <jflowers at ezo.net>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the freebsd-questions mailing list