traffic shaping freebsd
alexus
alexus at gmail.com
Sun Sep 11 23:54:30 UTC 2011
su-4.2# grep pipe /etc/ipfw.rules
pipe flush
pipe 1 config bw 1Mbit/s mask dst-port www
pipe 2 config bw 1Mbit/s mask src-port www
pipe 3 config bw 1Mbit/s mask dst-port 3128
add 3128 pipe 3 tcp from any to any src-port 3128 uid root
add 8381 pipe 1 tcp from any to any dst-port www uid daemon
add 8382 pipe 2 tcp from any to any src-port www uid daemon
su-4.2#
su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw
pipe show 2
08381 11190 815447 pipe 1 tcp from any to any dst-port 80 uid daemon
08382 14394 16926849 pipe 2 tcp from any 80 to any uid daemon
00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 64.237.55.83/64730 69.10.58.25/80 11190 815447 0 0 0
00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 69.10.58.25/80 64.237.55.83/64730 14394 16926849 0 0 10
su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw
pipe show 2
08381 11218 817225 pipe 1 tcp from any to any dst-port 80 uid daemon
08382 14434 16979213 pipe 2 tcp from any 80 to any uid daemon
00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 64.237.55.83/64730 69.10.58.25/80 11218 817225 0 0 0
00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 69.10.58.25/80 64.237.55.83/64730 14434 16979213 0 0 10
su-4.2#
as you see ipfw rules matches as count is increasing, yet pipe i'm not
seeing any difference at all, its like it matched first time and
that's it...
yet pipe shows different output
su-4.2# ipfw show | grep 'pipe 3' && ipfw pipe show 3
03128 37483 71276160 pipe 3 tcp from any 3128 to any uid root
00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 0.0.0.0/1056 16 2383 0 0 0
16 ip 0.0.0.0/0 0.0.0.0/1032 8 9398 0 0 0
32 ip 0.0.0.0/0 0.0.0.0/2096 41 43167 0 0 0
48 ip 0.0.0.0/0 0.0.0.0/56 2 7074 0 0 0
su-4.2# !!
ipfw show | grep 'pipe 3' && ipfw pipe show 3
03128 39285 74616912 pipe 3 tcp from any 3128 to any uid root
00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 0.0.0.0/1056 19 20651 0 0 0
16 ip 0.0.0.0/0 0.0.0.0/1064 36 41781 0 0 0
32 ip 0.0.0.0/0 0.0.0.0/1072 43 53920 0 0 0
48 ip 0.0.0.0/0 0.0.0.0/2104 3 595 0 0 0
su-4.2#
why is it seeing source ip/port as 0/0 and dest 0/? i dont understand
that at all
On Sun, Sep 11, 2011 at 7:06 PM, Michael Sierchio <kudzu at tenebras.com> wrote:
> On Sun, Sep 11, 2011 at 3:38 PM, alexus <alexus at gmail.com> wrote:
>> thanks, but did u actually tried it?
>
> If what you're asking is, "does traffic shaping work?" the answer is
> yes. There are some provisos - you must create an outbound pipe and
> an inbound pipe that accurately reflect the observed network
> performance (not what your ISP told you). This is because when you
> create queues of different weights, the weights are only imposed when
> one or more queues are full.
>
> See http://info.iet.unipi.it/~luigi/dummynet/
>
> The place to start is to find out what kind of upload and download
> throughput you get, then create pipes that are 95% of those observed
> values (one up, one down), then instantiate queues with different
> weights on each pipe, then create rules that match packets according
> to which pipe they should go in. Also consider that the sysctl
> variable, net.inet.ip.fw.one_pass, might need to be 0 and not 1,
> depending on whether queued packets need further processing.
>
--
http://alexus.org/
More information about the freebsd-questions
mailing list