From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 12 23:52:25 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD82316A46B for ; Tue, 12 Jun 2007 23:52:25 +0000 (UTC) (envelope-from Mark.Martinec@ijs.si) Received: from mail.ijs.si (mail.ijs.si [193.2.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 9181313C45E for ; Tue, 12 Jun 2007 23:52:25 +0000 (UTC) (envelope-from Mark.Martinec@ijs.si) Received: from localhost (localhost.ijs.si [127.0.0.1]) by mail.ijs.si (Postfix) with ESMTP id C2A0C192836 for ; Wed, 13 Jun 2007 01:52:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=ijs.si; s=ja-200610; t=1181692344; bh=9hqfhgx7yDDRa3zd08LOTHVLX+0=; h=X-Virus-Scanned: Received:Received:Received:From:Organization:To:Subject:Date: User-Agent:References:In-Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-Disposition:Message-Id; b=JYNS85 2C+VsNB0LQErcfzP3fxijmeHh7R4YX40PwPQMlyb/AtxNBtyATKQTky+8f5ROQ5KJa3 SVMjUxZXlX5DetqHB1q3V8K9mwT8smqpZ0qlOWxyQK5dzRH7JB19/M0 X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([193.2.4.66]) by localhost (mail.ijs.si [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0jo-3MlXsVwG for ; Wed, 13 Jun 2007 01:52:23 +0200 (CEST) Received: from edina.ijs.si (edina.ijs.si [193.2.4.3]) by mail.ijs.si (Postfix) with ESMTP id 3F8B0192933 for ; Wed, 13 Jun 2007 01:52:23 +0200 (CEST) Received: from sleepy.ijs.si (clj15-145.dial-up.arnes.si [212.235.133.145]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by edina.ijs.si (Postfix) with ESMTP id 273BA511CC for ; Wed, 13 Jun 2007 01:52:23 +0200 (CEST) From: Mark Martinec Organization: J. Stefan Institute To: freebsd-ipfw@freebsd.org Date: Wed, 13 Jun 2007 01:52:21 +0200 User-Agent: KMail/1.9.6 References: <937e203f0706121610p51fb4a10r265c82bb8858468e@mail.gmail.com> In-Reply-To: <937e203f0706121610p51fb4a10r265c82bb8858468e@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200706130152.21686.Mark.Martinec@ijs.si> Subject: Re: ipfw, pipes, queues, weights and managing an Internet connection X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2007 23:52:26 -0000 Lubomir, > ...could you please comment it a little because I'm > relatively new to ipfw+dummynet and some of the lines seem *really* strange > to me... I'm talking about the - iptos,proto,tcpflags, lowdelay and iplen > commands. Should be documented in the man page. Some comments are due anyway: > > add 65001 queue 13 out iptos lowdelay iplen 0-250 xmit IF_EXT The 'iptos lowdelay' short packets should cover protocols like NTP or VoIP. > > add 65002 queue 13 out proto udp src-port 12334 xmit IF_EXT Port 12334 is my Skype magic port. > > add 65003 queue 13 out proto udp iplen 0-250 xmit IF_EXT Remaining short UPD packets, like DNS query/replies etc. > > add 65004 queue 12 out proto udp xmit IF_EXT > > add 65005 queue 12 out proto icmp xmit IF_EXT I like pings to be responsive. > > add 65006 queue 12 out proto tcp tcpflags ack iplen 0-80 xmit IF_EXT ACK-only packets should have priority, otherwise traffic in reverse direction is unnecessarily slowed down by traffic in forward direction (and the other way around). > > add 65007 queue 11 out proto tcp iplen 0-300 xmit IF_EXT Interactive typing (remote emacs, console, ...) > > add 65008 queue 11 out proto tcp src-port 80,88 xmit IF_EXT Replies from my web server. > > add 65009 queue 10 out proto tcp dst-port rsync xmit IF_EXT Backup has the lowest priority. > Just one question - you're saying that it is possible to shape /delay, > drop etc./ the packets so quickly so that when a pipe is fully utilized > someone hits a queue with a higher weight /for example port 80 would be > prioritized over p2p traffic/ it would be like as if the pipe was not used > at all? So it appears to me. Running Skype along with reading mail and running a nightly backup works fine. Mark