From owner-freebsd-ipfw@FreeBSD.ORG Wed Jul 27 09:47:56 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5B5716A41F for ; Wed, 27 Jul 2005 09:47:56 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 310B843D45 for ; Wed, 27 Jul 2005 09:47:56 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-2.free.fr (Postfix) with ESMTP id 35295C0DA; Wed, 27 Jul 2005 11:47:55 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id DEDFD405B; Wed, 27 Jul 2005 11:48:19 +0200 (CEST) Date: Wed, 27 Jul 2005 11:48:19 +0200 From: Jeremie Le Hen To: Brad Waite Message-ID: <20050727094819.GR1610@obiwan.tataz.chchile.org> References: <3265.67.176.75.179.1122435618.squirrel@webmail.wcubed.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3265.67.176.75.179.1122435618.squirrel@webmail.wcubed.net> User-Agent: Mutt/1.5.9i Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW + dummynet to lower NNTP traffic priority X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jul 2005 09:47:56 -0000 Hi Brad, On Tue, Jul 26, 2005 at 09:40:18PM -0600, Brad Waite wrote: > I've been working on a way to keep my outbound NNTP traffic from > interfering with all other traffic. After reading the ipfw(8) man page > and several other resources (including Luigi Rizzo's page), I thought I > had it down: > > ### Outbound > ipfw pipe 1 config bw 0K > ipfw queue 1 config weight 1 pipe 1 > ipfw queue 2 config weight 100 pipe 1 > ipfw add 1000 queue 1 all from any to any out dst-port 119 via fxp0 > ipfw add 1001 queue 2 all from any to any out via fxp0 > > ### Inbound > ipfw pipe 2 config bw 0K > ipfw queue 3 config weight 1 pipe 2 > ipfw queue 4 config weight 100 pipe 2 > ipfw add 1000 queue 3 all from [NNTP server IP] to any in via fxp0 > ipfw add 1001 queue 4 all from any to any in via fxp0 The rule number are the same for outbound and inbound path, this is an error I think. I'm not sure about the behaviour of setting the pipe bandwidth to 0K (further more "K" is not valid in ipfw syntax, and it's very picky about this, even the case is important IIRC). You should also be careful if net.inet.ip.fw.one_pass is set to 0, you will have to use skipto rules. I advice you to use (values are fictive) : ipfw pipe 1 config bw 123KBytes/s ipfw queue 100 config weight 1 pipe 1 ipfw queue 101 config weight 100 pipe 1 ipfw add 100 queue 100 all from any to any out dst-port 119 via fxp0 ipfw add 101 queue 101 all from any to any out via fxp0 ipfw pipe 2 config bw 321KBytes/s ipfw queue 200 config weight 1 pipe 2 ipfw queue 201 config weight 100 pipe 2 ipfw add 200 queue 200 all from [NNTP server IP] to any in via fxp0 ipfw add 201 queue 201 all from any to any via fxp0 > My thinking here is that both queues (in each direction) will share all > available bandwidth, but any traffic heading out on port 119 or returning > from the news serverwill be superseded by all other traffic. If there's > no other traffic, NNTP will be able to use all available bandwidth. Note that if you want to use the whole _interface_ bandwidth (100MBits/s), you can use something like : ipfw pipe 1 config bw fxp0 > It would appear I'm not grasping the concepts. Can anyone tell me what > I'm doing wrong? Nothing really wrong, except the pipe bandwidth. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >