From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 21 23:22:33 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E7F337B401 for ; Mon, 21 Jul 2003 23:22:33 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id E895843FB1 for ; Mon, 21 Jul 2003 23:22:32 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h6M6MWkN022074; Mon, 21 Jul 2003 23:22:32 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h6M6MW7g022073; Mon, 21 Jul 2003 23:22:32 -0700 (PDT) (envelope-from rizzo) Date: Mon, 21 Jul 2003 23:22:32 -0700 From: Luigi Rizzo To: Preston Connors Message-ID: <20030721232232.B21241@xorpc.icir.org> References: <001f01c34f31$6151d2d0$6401a8c0@kimberly> <20030720223816.A16984@xorpc.icir.org> <000b01c3500a$966d5af0$6401a8c0@kimberly> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <000b01c3500a$966d5af0$6401a8c0@kimberly>; from ipfw@preston.ath.cx on Tue, Jul 22, 2003 at 12:34:48AM -0400 cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw causing mass amounts of delay when piping a large amountof ips. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jul 2003 06:22:33 -0000 On Tue, Jul 22, 2003 at 12:34:48AM -0400, Preston Connors wrote: > Luigi, > > > i believe you are not matching the right traffic. Out of > > 34 million diverted packets only 20k go to pipes. > > > > I just briefly added the pipe rules, they were added no more than 30 seconds > before I did the ipfw show. The 34 million diverted packets has been for a > day or so. I just briefly added the pipe rules for testing purposes. ok... > > Additionally, the delay numbers you mention are a bit weird, > > even a single 1500 byte packets on a 128kbit/s link consumes 100ms > > so your 8kbytes queues should show a delay up to .5-1s > > I have HZ=1000 set in the kernel, could this be why the delay is lower than > expected? no, it has nothing to do with HZ. How are you measuring the delay ? doing a 'ping' from a machine with no other traffic of course will not show an increase, as the packets will never see a delay, and the 320 bits of the ICMP packet will experience only ~5ms each way which matches your result. if you do an 'ipfw pipe show' then you probably should see massive drops in the pipes, explaining why you are seeing the connection going intermittent. Raising the queue size from your 8KB to something higher (e.g. 10-15 pkts) might help reduce the burstiness. Also put a 'in' option in rule 1000, and 'out' in rule 65100 so you avoid passing traffic through the pipe twice (thus reducing bandwidth and effective buffer size). cheers luigi > The pipes still don't seem to work correctly. Do you have any other ideas? > > Thankyou, > > Preston > > > > > ----- Original Message ----- > From: "Luigi Rizzo" > To: "Preston Connors" > Cc: > Sent: Monday, July 21, 2003 1:38 AM > Subject: Re: ipfw causing mass amounts of delay when piping a large amountof > ips. > > > i believe you are not matching the right traffic. Out of > > 34 million diverted packets only 20k go to pipes. > > > > Additionally, the delay numbers you mention are a bit weird, > > even a single 1500 byte packets on a 128kbit/s link consumes 100ms > > so your 8kbytes queues should show a delay up to .5-1s > > > > cheers > > luigi > > > > On Sun, Jul 20, 2003 at 10:39:59PM -0400, Preston Connors wrote: > > > I am trying to implement bandwidth limiting on a large network at a > college > > > apartment complex. There are a possible of 700 residents using our > Internet > > > connection at one time, with an average of 300 users always connected. > Most > > > of them like to abuse P2P services. Allocating upstream and downstream > pipes > > > causes mass amounts of delay. There is not a large increase in latency > > > (+10ms), the connections are just very intemittant. It seems that > > > connections time out or are just very delayed. I can't figure out why > the > > > pipes won't work correctly. I've tried different queue sizes and nothing > > > stops the delay. Below is the ipfw rules I use. > > > > > > rl0 is our internet interface (209.114.194.138) - 3Mbits upstream and > 3Mbits > > > downstream connection over 10baseT/UTP (full duplex) > > > fxp0 is our LAN interface (10.0.0.0/8) - 100baseTX (full duplex) > > > > > > /sbin/sysctl -w net.inet.ip.fw.one_pass=0 > > > > > > /sbin/natd -interface rl0 > > > /sbin/ipfw -q add 65000 divert natd all from any to any via rl0 > > > > > > /sbin/ipfw -q pipe 1000 config mask src-ip 0xffffffff bw 64kbit/s queue > > > 8Kbytes > > > /sbin/ipfw -q add 1000 pipe 1000 all from 10.0.0.0/8 to any > > > > > > /sbin/ipfw -q pipe 65100 config mask dst-ip 0xffffffff bw 128kbit/s > queue > > > 8Kbytes > > > /sbin/ipfw -q add 65100 pipe 65100 all from any to 10.0.0.0/8 > > > > > > And here is an ipfw show: > > > > > > 01000 23115 4636964 pipe 1000 ip from 10.0.0.0/8 to any > > > 65000 34258323 19554484874 divert 8668 ip from any to any via rl0 > > > 65100 19221 10286845 pipe 65100 ip from any to 10.0.0.0/8 > > > 65535 72375096 40894477147 allow ip from any to any > > > > > > Thanks, > > > > > > Preston > > > > > > _______________________________________________ > > > freebsd-ipfw@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > >