Date: Sun, 11 Sep 2011 18:16:55 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: alexus <alexus@gmail.com> Cc: =?KOI8-R?B?68/O2MvP1yDl18fFzsnK?= <kes-kes@yandex.ru>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: traffic shaping freebsd Message-ID: <CAHu1Y73gLhcq5GjYW7aFZG0PDRtGGwZFO8P4%2BRGEqay04ZnAJw@mail.gmail.com> In-Reply-To: <CAJxePNKY50UfPvDtoVhNz0kY8vDn87nubwWwh_Koa-KsBKYoEA@mail.gmail.com> References: <CAJxePN%2BXUGCL0GPGEboFoEhONb9YXHFjxamVucf7=rm8YwAJCA@mail.gmail.com> <108373957.20110912012809@yandex.ru> <CAJxePNLSJj-6LcfA1ff6fZ2c1B=QjL-CBr1RSzi=j2w275T3kQ@mail.gmail.com> <CAHu1Y70uCvtjEr=h%2BUEPRfQSOh-3r0VAi6L7rrY92HzUisFTUw@mail.gmail.com> <CAJxePNKY50UfPvDtoVhNz0kY8vDn87nubwWwh_Koa-KsBKYoEA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You don't seem to have any rules that match packets. This won't work. On Sunday, September 11, 2011, alexus <alexus@gmail.com> wrote: > su-4.2# grep pipe /etc/ipfw.rules > pipe flush > pipe 1 config bw 1Mbit/s mask dst-port www > pipe 2 config bw 1Mbit/s mask src-port www > pipe 3 config bw 1Mbit/s mask dst-port 3128 > add 3128 pipe 3 tcp from any to any src-port 3128 uid root > add 8381 pipe 1 tcp from any to any dst-port www uid daemon > add 8382 pipe 2 tcp from any to any src-port www uid daemon > su-4.2# > > > su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw > pipe show 2 > 08381 11190 815447 pipe 1 tcp from any to any dst-port 80 uid daemon > 08382 14394 16926849 pipe 2 tcp from any 80 to any uid daemon > 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 64.237.55.83/64730 69.10.58.25/80 11190 815447 0 0 0 > 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 69.10.58.25/80 64.237.55.83/64730 14394 16926849 0 0 10 > su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw > pipe show 2 > 08381 11218 817225 pipe 1 tcp from any to any dst-port 80 uid daemon > 08382 14434 16979213 pipe 2 tcp from any 80 to any uid daemon > 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 64.237.55.83/64730 69.10.58.25/80 11218 817225 0 0 0 > 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 tcp 69.10.58.25/80 64.237.55.83/64730 14434 16979213 0 0 10 > su-4.2# > > as you see ipfw rules matches as count is increasing, yet pipe i'm not > seeing any difference at all, its like it matched first time and > that's it... > > yet pipe shows different output > > su-4.2# ipfw show | grep 'pipe 3' && ipfw pipe show 3 > 03128 37483 71276160 pipe 3 tcp from any 3128 to any uid root > 00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 ip 0.0.0.0/0 0.0.0.0/1056 16 2383 0 0 0 > 16 ip 0.0.0.0/0 0.0.0.0/1032 8 9398 0 0 0 > 32 ip 0.0.0.0/0 0.0.0.0/2096 41 43167 0 0 0 > 48 ip 0.0.0.0/0 0.0.0.0/56 2 7074 0 0 0 > su-4.2# !! > ipfw show | grep 'pipe 3' && ipfw pipe show 3 > 03128 39285 74616912 pipe 3 tcp from any 3128 to any uid root > 00003: 1.000 Mbit/s 0 ms 50 sl. 4 queues (64 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp > 0 ip 0.0.0.0/0 0.0.0.0/1056 19 20651 0 0 0 > 16 ip 0.0.0.0/0 0.0.0.0/1064 36 41781 0 0 0 > 32 ip 0.0.0.0/0 0.0.0.0/1072 43 53920 0 0 0 > 48 ip 0.0.0.0/0 0.0.0.0/2104 3 595 0 0 0 > su-4.2# > > why is it seeing source ip/port as 0/0 and dest 0/? i dont understand > that at all > > On Sun, Sep 11, 2011 at 7:06 PM, Michael Sierchio <kudzu@tenebras.com> wrote: >> On Sun, Sep 11, 2011 at 3:38 PM, alexus <alexus@gmail.com> wrote: >>> thanks, but did u actually tried it? >> >> If what you're asking is, "does traffic shaping work?" the answer is >> yes. There are some provisos - you must create an outbound pipe and >> an inbound pipe that accurately reflect the observed network >> performance (not what your ISP told you). This is because when you >> create queues of different weights, the weights are only imposed when >> one or more queues are full. >> >> See http://info.iet.unipi.it/~luigi/dummynet/ >> >> The place to start is to find out what kind of upload and download >> throughput you get, then create pipes that are 95% of those observed >> values (one up, one down), then instantiate queues with different >> weights on each pipe, then create rules that match packets according >> to which pipe they should go in. Also consider that the sysctl >> variable, net.inet.ip.fw.one_pass, might need to be 0 and not 1, >> depending on whether queued packets need further processing. >> > > > > -- > http://alexus.org/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y73gLhcq5GjYW7aFZG0PDRtGGwZFO8P4%2BRGEqay04ZnAJw>