From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 5 07:21:49 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B83C61065673 for ; Thu, 5 Mar 2009 07:21:49 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 47A1E8FC17 for ; Thu, 5 Mar 2009 07:21:49 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from anubis.getmyip.com (anubis.getmyip.com [78.46.33.178]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 0A607700D491; Thu, 5 Mar 2009 08:21:47 +0100 (CET) Received: from 62.206.221.107 (SquirrelMail authenticated user smellmann) by anubis.getmyip.com with HTTP; Thu, 5 Mar 2009 08:21:48 +0100 (CET) Message-ID: <36832.62.206.221.107.1236237708.squirrel@anubis.getmyip.com> In-Reply-To: <20090305124242.P71460@sola.nimnet.asn.au> References: <49AED3B1.1060209@net.t-labs.tu-berlin.de> <20090305124242.P71460@sola.nimnet.asn.au> Date: Thu, 5 Mar 2009 08:21:48 +0100 (CET) From: "Sebastian Mellmann" To: "Ian Smith" User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw (dummynet) adds delay, but not configured to do so X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2009 07:21:50 -0000 > > When I do a simple ping from one machine to another (actually the > > FreeBSD machine is between those machines), I can see a delay of ~2ms. > > Without any rules/pipes I've got under 1ms delay. > > Presumably each of the other machines are on a separate interface? > Configured as a bridge or a router? Yes separate interfaces. The machine is configured as a router (as far as I know, I didn't set it up.) > > The question is: > > Why do I have such a "high" delay though I didn't configure any "delay" > > in my pipe? > > Where does this additional millisecond come from (processing delay for > > the packet in the pipe?)? > > Covered; kern.hz=1000 should give you more like .2ms with this setup. See my previous mail to the list (syntax of kern.hz). > > If I configure another rule (or like 10 more rules) that matches the > > packet, I can see the delay increasing. > > For example a delay of ~20ms, when I configure 10 pipes. > > Am I doing something wrong? > > Configuring more pipes shouldn't make any difference unless packets are > made to traverse each of the pipes in turn. That would imply having set > net.inet.ip.fw.one_pass=0 (or having run 'ipfw disable one_pass') so > that each packet is reinjected into the firewall at the following rule, > after traversing each pipe; is that what you're doing? Yes, I've set net.inet.ip.fw.one_pass=0 so packets are reinjected into the firewall after passing a pipe. > Also, without using a separate pipe for either traffic direction, you're > using 'half-duplex' mode, as well described in ipfw(8) TRAFFIC SHAPING. > > > Thanks in advance for any help and please tell me if you need > additional > > informations (e.g. kernel configuration). > > Output of 'sysctl net.inet.ip.fw.one_pass' and 'ipfw show' with your > example of using multiple pipes? [root@ ~/ipfw]# sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 [root@ ~/ipfw]# ipfw show 00010 0 0 allow ip from any to any via lo0 10000 122 11832 allow ip from any to any via em2 10100 0 0 pipe 100 ip from 192.168.5.0/26 to 192.168.7.0/24 in via em0 10200 0 0 pipe 200 ip from 192.168.7.0/24 to 192.168.5.0/26 out via em0 10300 342 28728 pipe 500 ip from any to any via em0 10400 359 36512 pipe 510 ip from any to any via em1 10500 0 0 pipe 300 udp from 80.80.80.1 to 60.60.60.1 src-port 4000 dst-port 4000 via em1 10600 0 0 pipe 305 udp from 60.60.60.1 to 80.80.80.1 src-port 4000 dst-port 4000 via em0 10700 0 0 pipe 310 udp from 80.80.80.1 to 60.60.60.1 src-port 4001 dst-port 4001 via em1 10800 0 0 pipe 315 udp from 60.60.60.1 to 80.80.80.1 src-port 4001 dst-port 4001 via em0 65535 14144748 9784372451 allow ip from any to any > cheers, Ian Regards, Sebastian