From owner-freebsd-questions@FreeBSD.ORG Mon Sep 24 11:51:42 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D79816A468 for ; Mon, 24 Sep 2007 11:51:42 +0000 (UTC) (envelope-from ovi@unixservers.us) Received: from webserver.easyhosting.ro (unixware.iasi.rdsnet.ro [86.124.41.195]) by mx1.freebsd.org (Postfix) with ESMTP id 9C67813C457 for ; Mon, 24 Sep 2007 11:51:41 +0000 (UTC) (envelope-from ovi@unixservers.us) Received: from [10.0.0.14] (unknown [10.0.0.14]) (Authenticated sender: ovi@unixservers.us) by webserver.easyhosting.ro (Postfix) with ESMTP id 87E93FD03C for ; Mon, 24 Sep 2007 14:52:37 +0300 (EEST) Message-ID: <46F7A4FC.2050400@unixservers.us> Date: Mon, 24 Sep 2007 14:52:28 +0300 From: Ovi User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: IPFW Pipes, upload pipe working at 1/3 of pipe banwidth X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 11:51:42 -0000 Hello guys, I've tried last weekend different setups of IPFW + Dummynet in order to shape traffic. Because my rules did not worked well I've simplified rules as much as possible, until I've reach basics and I've discovered that, having a FreeBSD 6.2 router (cvsuped few days ago to stable) with 2 pipes, one for download and one for upload, downloads from LAN works at full speed of pipe, uploads from LAN works at 1/3 of pipe speed. Tests was done for ftp upload and download, on 100 mbps network, 90 mbps pipes. Now my ipfw rules are: ----------------------- 00007 153 15816 allow ip from any to me 00008 144 20434 allow ip from me to any 00010 0 0 allow ip from any to any via lo0 00020 0 0 deny ip from any to 127.0.0.1 04200 23456 43328 pipe 1 ip from 192.168.254.0/24 to any 04300 3453 34322 pipe 2 ip from any to 192.168.254.0/24 65535 0 0 deny ip from any to any I've tried lot of rules like: ipfw pipe 1 config bw 90000kbits/s ipfw pipe 2 config bw 90000kbits/s ipfw add 100 pipe 1 ip from any to any in recv fxp0 ipfw add 100 pipe 2 ip from any to any out xmit fxp0 I've tried to shape on outgoing too, on 2 interfaces, to shape in both ways, knowing that shaping is done when packets leave the interface. Every rule I set, I do not have upload with speed more than 3MBytes/s (instead of 9MBytes/s) Download works well. The only thing that must mentioned is that router is connected to the other computer from which I do tests (upload&download) using a crossover cable with interfaces configured using Vlans on both sides, the same VLAN ID. (I need this for my complex setup I've tried to achieve). The computer is P IV 2.8, no other firewall is present, if I "ipfw disable firewall" the transfer rate on ftp upload is at full network cards speed. When using firewall and transferring (uploading), I have 98% CPU idle, I did not noticed any bottleneck on server, the box is very minimalistinc, only with base installation, midnight commander and few small aps. Anybody have an idea how could I improve upload speed? best regards, ovidiu