From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 02:40:39 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D297C1065670 for ; Thu, 5 Mar 2009 02:40:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id 502EE8FC0C for ; Thu, 5 Mar 2009 02:40:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n252eaw0015505; Thu, 5 Mar 2009 13:40:36 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 5 Mar 2009 13:40:36 +1100 (EST) From: Ian Smith To: Sebastian Mellmann In-Reply-To: <49AED3B1.1060209@net.t-labs.tu-berlin.de> Message-ID: <20090305124242.P71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 02:40:40 -0000 On Wed, 4 Mar 2009, Sebastian Mellmann wrote: > I've got a IPFW ruleset that looks like this: > > cmd=ipfw > bottleneck_bandwidth=100Mbit/s > in_if="em0" > > $cmd pipe 500 config bw $bottleneck_bandwidth > $cmd add pipe 500 all from any to any via $in_if > > When I do a simple ping from one machine to another (actually the > FreeBSD machine is between those machines), I can see a delay of ~2ms. > Without any rules/pipes I've got under 1ms delay. Presumably each of the other machines are on a separate interface? Configured as a bridge or a router? > The question is: > Why do I have such a "high" delay though I didn't configure any "delay" > in my pipe? > Where does this additional millisecond come from (processing delay for > the packet in the pipe?)? Covered; kern.hz=1000 should give you more like .2ms with this setup. > If I configure another rule (or like 10 more rules) that matches the > packet, I can see the delay increasing. > For example a delay of ~20ms, when I configure 10 pipes. > Am I doing something wrong? Configuring more pipes shouldn't make any difference unless packets are made to traverse each of the pipes in turn. That would imply having set net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so that each packet is reinjected into the firewall at the following rule, after traversing each pipe; is that what you're doing? Also, without using a separate pipe for either traffic direction, you're using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > Thanks in advance for any help and please tell me if you need additional > informations (e.g. kernel configuration). Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your example of using multiple pipes? cheers, Ian