Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Dec 2003 11:40:58 -0500
From:      "Thomas S. Crum - 1WISP, Inc." <tscrum@1wisp.com>
To:        "Sean Hafeez" <sahafeez@edgefocus.com>, <freebsd-ipfw@freebsd.org>
Subject:   Re: MAN page example vs. this?
Message-ID:  <0ccd01c3b9bc$3e42c7e0$5e01a8c0@1wispadmin>
References:  <20031201154231.M38868-100000@tyberius.abccom.bc.ca> <5C6FE088-2538-11D8-AE73-003065F1EE08@edgefocus.com>

next in thread | previous in thread | raw e-mail | index | archive | help
0xffffffff is simply matching all ips that it sees.  So what it is doing is
saying to any ip, yes you mtach my rule then it is putting it into the pipe
and the bandwidth you specify.  If only 1 ip is using it then it would have
what you are specifying for speed, but also EVERY other ip would be forced
into the same rule as well.  If you are planning to have multiple ips, i
would suggest queuing the traffic first then have the queue run through the
pipe.  This way all ips would shre evenly.

Best,
Tom Crum



----- Original Message ----- 
From: "Sean Hafeez" <sahafeez@edgefocus.com>
To: "Jon Simola" <jon@abccom.bc.ca>
Cc: <freebsd-ipfw@freebsd.org>
Sent: Tuesday, December 02, 2003 9:28 PM
Subject: Re: MAN page example vs. this?


> Thank you for the info. One or 2 questions if I could?
> On Dec 1, 2003, at 4:03 PM, Jon Simola wrote:
> >>
> >> ipfw add pipe 1 ip from any to any in recv rl1
> >> ipfw add pipe 2 ip from any to any out xmit rl1
> >> ipfw pipe 1 config mask src-ip 0xffffffff bw 200kbits/s
> >> ipfw pipe 2 config mask dst-ip 0xffffffff bw 200kbits/s
> >>
> >> are these 2 examples functionally the same? if not what is the
> >> difference?
> >
> > You're forcing the interface. Be careful, as packets may flow through
> > in
> > ways you don't expect.
> >
>
> Such as? There are 2 interfaces, rl0 & rl1. rl0 is the internet side,
> rl1 the internal. What could I miss?
>
> >> also in the first example, if the network was changed to
> >> 192.168.0.0/23, the mask would be 0x000003ff (255.255.254.0) ? it is a
> >> reverse mask like a cisco, right?
> >
> > That mask has nothing to do with a network mask. It's a simple bitmask,
> > used to pick out the bits in the src/dst ip/port combinations that are
> > used to hash the packets into a unique bucket.
> >
> > If you used "mask src-ip 0x00000001" you would be sorting the packets
> > into
> > buckets (and queues) based on whether the source IP's last octet was
> > even
> > or odd.
>
> So 0xffffffff would match one user to one website, etc...?
>
> In doing what I am doing am I limiting each user (IP) to a total of
> 200kbits or 200kbits for each user for every pipe they open?
>
> Thanks!
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0ccd01c3b9bc$3e42c7e0$5e01a8c0>