Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Mar 2009 13:40:36 +1100 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Sebastian Mellmann <sebastian.mellmann@net.t-labs.tu-berlin.de>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw (dummynet) adds delay, but not configured to do so
Message-ID:  <20090305124242.P71460@sola.nimnet.asn.au>
In-Reply-To: <49AED3B1.1060209@net.t-labs.tu-berlin.de>
References:  <49AED3B1.1060209@net.t-labs.tu-berlin.de>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, 4 Mar 2009, Sebastian Mellmann wrote:

 > I've got a IPFW ruleset that looks like this:
 > 
 > cmd=ipfw
 > bottleneck_bandwidth=100Mbit/s
 > in_if="em0"
 > 
 > $cmd pipe 500 config bw $bottleneck_bandwidth
 > $cmd add pipe 500 all from any to any via $in_if
 > 
 > When I do a simple ping from one machine to another (actually the
 > FreeBSD machine is between those machines), I can see a delay of ~2ms.
 > Without any rules/pipes I've got under 1ms delay.

Presumably each of the other machines are on a separate interface?
Configured as a bridge or a router?

 > The question is:
 > Why do I have such a "high" delay though I didn't configure any "delay"
 > in my pipe?
 > Where does this additional millisecond come from (processing delay for
 > the packet in the pipe?)?

Covered; kern.hz=1000 should give you more like .2ms with this setup.

 > If I configure another rule (or like 10 more rules) that matches the
 > packet, I can see the delay increasing.
 > For example a delay of ~20ms, when I configure 10 pipes.
 > Am I doing something wrong?

Configuring more pipes shouldn't make any difference unless packets are 
made to traverse each of the pipes in turn.  That would imply having set 
net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so 
that each packet is reinjected into the firewall at the following rule, 
after traversing each pipe; is that what you're doing?

Also, without using a separate pipe for either traffic direction, you're 
using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING.

 > Thanks in advance for any help and please tell me if you need additional
 > informations (e.g. kernel configuration).

Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your 
example of using multiple pipes?

cheers, Ian



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20090305124242.P71460>