Date: Mon, 24 Nov 2003 20:51:06 -0600 From: "Damon" <damon@homepagesetc.com> To: <freebsd-ipfw@freebsd.org> Subject: ipfw2 + dummynet : using bw and queues Message-ID: <001301c3b2fe$fa6a8cb0$6503a8c0@ourcomputershop.com>
next in thread | raw e-mail | index | archive | help
I want to be able to do the follow and need some help creating rules
I want traffic to be limited for each individual ip. The amount of
bandwidth is determined by a level of service
For Example:
# Bandwidth pipes
ipfw pipe 10 config mask src-ip 0xffffffff bw 256kbits/s
ipfw pipe 11 config mask dst-ip 0xffffffff bw 128kbits/s
ipfw pipe 20 config mask src-ip 0xffffffff bw 384kbits/s
ipfw pipe 21 config mask dst-ip 0xffffffff bw 384kbits/s
ipfw pipe 30 config mask src-ip 0xffffffff bw 512kbits/s
ipfw pipe 31 config mask dst-ip 0xffffffff bw 512kbits/s
# Create traffic filters for Tier 3 IPs
ipfw add pipe 30 tcp from any to 1.2.3.0/24{51,52} out xmit ${outintf}
ipfw add pipe 31 tcp from 1.2.3.0/24{51,52} to any in recv ${outintf}
# Create traffic filters for Tier 2 IPs
ipfw add pipe 20 tcp from any to 1.2.3.0/24{61,62} out xmit ${outintf}
ipfw add pipe 21 from 1.2.3.0/24{61,62} to any in recv ${outintf}
# Create traffic filters for Tier 1 IPs
ipfw add pipe 10 tcp from any to 1.2.3.0/24{71,72} out xmit ${outintf}
ipfw add pipe 11 tcp from 1.2.3.0/24{71,72} to any in recv ${outintf}
Does that config look reasonable to everyone?
Is there a was to limit total bw up/down using one pipe for each tier?
Now I also want to throttle certain type of traffic which I will
identify using port numbers.
For Example:
# high-priority queues
ipfw queue 90 config pipe 10 weight 90
# low priority queue
ipfw queue 10 config pipe 10 weight 10
# Bandwidth pipe
ipfw pipe 10 config bw 1500kbits/s
// Define High Prioriry Traffic
// SSH 22
// DNS 53
// Windows Remote Desktop 3389
HighPriorityPorts="22,53,3389"
# Create traffic filters for high priority queues
ipfw add queue 90 tcp from any to any ${HighPriorityPorts} out xmit
${outintf}
ipfw add queue 90 tcp from any ${HighPriorityPorts} to any in recv
${outintf}
// Define Low Priority Traffic
// Several file sharing networks 6346
// Kazaa 1214
// GNUtella 6346,6347
// Napster 8875
// Hotline 5500-5503
// SoulSeek 2234,5534
LowPriorityPorts="6969,6346,6347,5500-5503,2234,5534,1214,8875"
# Create traffic filters for low priority queues
ipfw add queue 10 tcp from any to any ${LowPriorityPorts} out xmit
${outintf}
ipfw add queue 10 tcp from any ${LowPriorityPorts} to any in recv
${outintf}
Does this also look reasonable?
Real Question :
I want a way to do both types of traffic shaping. Suggestions are
welcome. I would like to be able to limit each user to their tier but
also if the TOTAL bw (not just this users) gets near capacity the queue
will start to prioritize traffic.
Thanks in advance and sorry for the long post. I will post the
resulting config file when we get a reasonable solution.
Damon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001301c3b2fe$fa6a8cb0$6503a8c0>