From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 21 03:11:04 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1529C106564A for ; Mon, 21 Jul 2008 03:11:04 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.freebsd.org (Postfix) with ESMTP id BE1EA8FC0C for ; Mon, 21 Jul 2008 03:11:03 +0000 (UTC) (envelope-from ganbold@micom.mng.net) Received: from [202.179.0.164] (helo=daemon.micom.mng.net) by publicd.ub.mng.net with esmtpa (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KKlB2-0001Eu-HB; Mon, 21 Jul 2008 10:31:04 +0800 Message-ID: <4883F4E8.30909@micom.mng.net> Date: Mon, 21 Jul 2008 10:31:04 +0800 From: Ganbold User-Agent: Thunderbird 2.0.0.12 (X11/20080415) MIME-Version: 1.0 To: "Kazi A. Sharif" References: <4882C7E6.8010604@aonb.com.bd> <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> <48835C35.3010707@aonb.com.bd> In-Reply-To: <48835C35.3010707@aonb.com.bd> X-Enigmail-Version: 0.95.6 OpenPGP: id=78F6425E Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, Thomas Vogt Subject: Re: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2008 03:11:04 -0000 Kazi A. Sharif wrote: > Hello Thomas, > Thanks for the reply. It seems I am not in the right track. I used > Emerging Technologies commercial bandwidth manager. It was tested with > 2000 rules and the total traffic was 25Mbps. It is build on UNIX OS. Emerging technologies use FreeBSD. See the FAQ: http://www.etinc.com/index.php?page=bwmgrfaq.htm > I heard that Allot is also able to use many rules. In Mikrotik we can > create Queue/Queue group/Firewall/IP based MRTG Graph/Time-based QoS > and they say that it is tested with Gigabit traffic. > My current requirement is bellow 100Mbps but there will have at least > 4000 clients that means 4000 IPs. We use the packages 64, 96, 128, > 256, 512, 1024/1024kbps and so on. We used to create 2 rules for each > user, one for bandwidth and another for firewall or MAC binding with IP. > After a lot of searching on IPFW+Dummynet I didn't find a good IP > based in/out traffic graphing way through SNMP or something like that, > I checked for Time-based QoS on IPFW+Dummynet and saw a patch but its > not granted, I wanted to use name with rule number but I don't think > uid/gid is what I was looking for. > So do you think there is a way to use IPFW+Dummynet using table to > reduce number of rules and for at least 100Mbps traffic? You may have > other suggestions to use Altq+PF or something similar. > I think I should spent time on this if my above requirements are > achievable. > Thanking > Sharif > > > > Thomas Vogt wrote: >> Hello >> >> Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif: >>> Hello Guys, >>> I was planning to install a heavy duty bandwidth manager for my ISP. >>> I went through some documentation and installed IPFW and Dummynet in >>> FreeBSD 7.0. Before I spent so much time on this I need to know the >>> limitations that are already noticed: >>> >>> 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies >>> Bandwidth manager, how efficient is the IPFW+Dummynet? >>> 2. Is it possible to control/throttle 800/900Mbps bandwidth using >>> recommended hardware? >> >> We use something similiar to make sure that certain ip ranges always >> get the best performance. Simulating some kind of QoS and set a max >> bandwidth for everything. >> >> >> We figured out that the limit with this Xeon is somewhere between >> 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower >> quad cores but the performance was even worse. UP systems with fast >> CPU where the best choice so far for us. At the moment our system >> runs with 6.2 but to be honest i don't belive that the performance >> gets trippled with FreeBSD 7. >> >> Our hardware: >> Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel >> em cards (> >> In the past Ian Freislich mentioned at performance@ that AMD >> Opterons are maybe faster because of the bigger L1 cache. You will >> get less cache misses with it. >> >> We could squeeze a bit more speed with ipfw table keyword. In >> gerneral, the less rule you have the better performance you will get. >> >> There is also an dummynet issue with FreeBSD 7.0. We just used >> dummynet to limit a ftp server to 500Mpbs and had a lot of kernel >> panics. Oleg Bulyzhin wrote a patch: >> http://www.freebsd.org/cgi/query-pr.cgi?prp=113548-3-diff >> >> As far as i know this patch is not included in 7.0-Release and i'm >> not sure if it was ever commited to -stable or -head. >> >> Regards, >> Thomas Vogt >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > -- ONE THING KIDS LIKE is to be tricked. For instance, I was going to take my little nephew to Disneyland, but instead I drove him to a burned-out warehouse. "Oh, oh," I said. "Disneyland burned down." He cried and cried, but I think that deep down he thought it was a pretty good joke. I started to drive over to the real Disneyland, but it was getting pretty late. -- Jack Handey, The New Mexican, 1988