Date: Thu, 24 Jun 2010 14:18:07 -0300 From: Rafael Henrique Faria <rafaelhfaria@cenadigital.com.br> To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Unknown Behavior of PF+ALTQ on a Bridge Message-ID: <AANLkTilMEb29wh-fKSBVqbiBQhLr2SWwWebFWXcc2qHP@mail.gmail.com> In-Reply-To: <AANLkTimCHZakUfHRUplTGyNMsx3ZFuVo7wLYbRLNseQA@mail.gmail.com> References: <AANLkTim4F0iJvKfjCWJtAFkwYhOT4J_Yz3sZOiOdRPoj@mail.gmail.com> <AANLkTimCHZakUfHRUplTGyNMsx3ZFuVo7wLYbRLNseQA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 24, 2010 at 14:04, Ermal Lu=E7i <eri@freebsd.org> wrote:
> On Thu, Jun 24, 2010 at 3:12 PM, Rafael Henrique Faria
> <rafaelhfaria@cenadigital.com.br> wrote:
>> Hi.
>>
>> I'm working on a Brige between a router Cisco 7200, and a 3Com 7900 swit=
ch.
>> I have several subnetworks, and I need to balance the bandwidth between =
then.
>>
>> The Brigde is running: "FreeBSD dell05 8.1-PRERELEASE FreeBSD
>> 8.1-PRERELEASE #0: Tue Jun 22 13:59:17 BRT 2010
>> rafaelhfaria@dell05:/usr/obj/usr/src/sys/BRIDGE =A0amd64"
>>
>> I have the following lines in /boot/loader.conf:
>> ---
>> net.graph.maxalloc=3D512
>> net.graph.maxdgram=3D45000
>> net.graph.recvspace=3D45000
>> bridgestp_load=3D"YES"
>> if_vlan_load=3D"YES"
>> ---
>>
>> And my kernel is compiled with:
>> device =A0 =A0 =A0 =A0 =A0if_bridge
>> device =A0 =A0 =A0 =A0 =A0pf
>> device =A0 =A0 =A0 =A0 =A0pflog
>> options =A0 =A0 =A0 =A0 ALTQ
>> options =A0 =A0 =A0 =A0 ALTQ_CBQ
>> options =A0 =A0 =A0 =A0 ALTQ_RED
>> options =A0 =A0 =A0 =A0 ALTQ_RIO
>> options =A0 =A0 =A0 =A0 ALTQ_HFSC
>> options =A0 =A0 =A0 =A0 ALTQ_PRIQ
>> options =A0 =A0 =A0 =A0 ALTQ_NOPCC
>> options =A0 =A0 =A0 =A0 DEVICE_POLLING
>> options =A0 =A0 =A0 =A0 HZ=3D1000
>> options =A0 =A0 =A0 =A0 SHMSEG=3D16
>> options =A0 =A0 =A0 =A0 SHMMNI=3D32
>> options =A0 =A0 =A0 =A0 SHMMAX=3D2097152
>> options =A0 =A0 =A0 =A0 SHMALL=3D4096
>> options =A0 =A0 =A0 =A0 MAXFILES=3D8192
>>
>> And the bridge configuration:
>> cloned_interfaces=3D"bridge0 vlan1"
>> ifconfig_bridge0=3D"addm bce0 stp bce0 addm bce1 stp bce1 up"
>> ifconfig_bce0=3D"polling up"
>> ifconfig_bce1=3D"polling up"
>> ifconfig_vlan1=3D"inet 200.x.x.x netmask 0xFFFFFF00 broadcast
>> 200.x.x.255 vlan 1 vlandev bce1"
>>
>> bce0 is connected to the Cisco 7200 ($wan_if in pf)
>> bce1 is conencted to the 3Com 7900 ($lan_if in pf)
>>
>> And my sysctl for bridge:
>> dell05# sysctl net.link.bridge
>> net.link.bridge.ipfw: 0
>> net.link.bridge.inherit_mac: 0
>> net.link.bridge.log_stp: 0
>> net.link.bridge.pfil_local_phys: 1
>> net.link.bridge.pfil_member: 1
>> net.link.bridge.pfil_bridge: 0
>> net.link.bridge.ipfw_arp: 0
>> net.link.bridge.pfil_onlyip: 0
>> dell05#
>>
>> Ok...
>>
>> Now, the problem.
>>
>> With the following queue:
>> altq on $lan_if bandwidth 33Mb hfsc queue { down_sub1, down_sub2,
>> down_sub3, down_sub4, down_def }
>> =A0 queue down_sub1 =A0 bandwidth 8Mb priority 1 qlimit 300 hfsc (
>> realtime 3.20Mb upperlimit 22.40Mb )
>> =A0 queue down_sub2 =A0 bandwidth 8Mb priority 1 qlimit 300 hfsc (
>> realtime 3.20Mb upperlimit 22.40Mb )
>> =A0 queue down_sub3 =A0bandwidth 8Mb priority 1 qlimit 300 hfsc (
>> realtime 3.20Mb upperlimit 22.40Mb )
>> =A0 queue down_sub4 =A0bandwidth 8Mb priority 1 qlimit 300 hfsc (
>> realtime 3.20Mb upperlimit 22.40Mb )
>> =A0 queue down_def =A0 =A0 bandwidth 128Kb hfsc ( default )
>>
>> And with the following rules:
>> pass in =A0log quick on $lan_if from <sub1> to any keep state queue ( do=
wn_sub1 )
>> pass out log quick on $wan_if from <sub1> to any keep state queue ( up_s=
ub1 )
>> pass in =A0log quick on $wan_if from any to <sub1> keep state queue ( up=
_sub1 )
>> pass out log quick on $lan_if from any to <sub1> keep state queue ( down=
_sub1 )
>>
>> (..) for each <sub1-4> I have the pass rules like those.
>>
>>
>> With the full use of the link, only a small part of the traffic gets
>> into the correct queue.
>>
>> queue root_bce1 on bce1 bandwidth 33Mb priority 0 {down_sub1,
>> down_sub2, down_sub3, down_sub4, down_def}
>> =A0[ pkts: =A0 =A0 =A0 =A0 =A00 =A0bytes: =A0 =A0 =A0 =A0 =A00 =A0droppe=
d pkts: =A0 =A0 =A00 bytes: =A0 =A0 =A00 ]
>> =A0[ qlength: =A0 0/ 50 ]
>> =A0[ measured: =A0 =A0 0.0 packets/s, 0 b/s ]
>> queue =A0down_sub1 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime
>> 3.20Mb upperlimit 22.40Mb )
>> =A0[ pkts: =A0 =A0 =A053177 =A0bytes: =A0 50082785 =A0dropped pkts: =A0 =
=A0 =A00 bytes: =A0 =A0 =A00 ]
>> =A0[ qlength: =A0 0/300 ]
>> =A0[ measured: =A0 364.5 packets/s, 2.81Mb/s ]
>> queue =A0down_sub2 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime
>> 3.20Mb upperlimit 22.40Mb )
>> =A0[ pkts: =A0 =A0 =A090724 =A0bytes: =A0 79670459 =A0dropped pkts: =A0 =
=A0 =A00 bytes: =A0 =A0 =A00 ]
>> =A0[ qlength: =A0 0/300 ]
>> =A0[ measured: =A0 744.6 packets/s, 5.20Mb/s ]
>> queue =A0down_sub3 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime
>> 3.20Mb upperlimit 22.40Mb )
>> =A0[ pkts: =A0 =A0 =A038333 =A0bytes: =A0 37384626 =A0dropped pkts: =A0 =
=A0 =A00 bytes: =A0 =A0 =A00 ]
>> =A0[ qlength: =A0 0/300 ]
>> =A0[ measured: =A0 285.2 packets/s, 2.35Mb/s ]
>> queue =A0down_sub4 on bce1 bandwidth 8Mb qlimit 300 hfsc( realtime
>> 3.20Mb upperlimit 22.40Mb )
>> =A0[ pkts: =A0 =A0 =A080385 =A0bytes: =A0 69021129 =A0dropped pkts: =A0 =
=A0 =A00 bytes: =A0 =A0 =A00 ]
>> =A0[ qlength: =A0 0/300 ]
>> =A0[ measured: =A0 585.1 packets/s, 3.92Mb/s ]
>> queue =A0down_def on bce1 bandwidth 128Kb hfsc( default )
>> =A0[ pkts: =A0 =A0 268756 =A0bytes: =A0336423531 =A0dropped pkts: =A0 =
=A0121 bytes: =A081921 ]
>> =A0[ qlength: =A0 0/ 50 ]
>> =A0[ measured: =A01615.4 packets/s, 16.49Mb/s ]
>>
>> watching the pflog interface, I can see that the pass rules are
>> working, no traffic is getting out of one of the rules (I have put an
>> "pass log all" to check this).
>>
>> All the rules are working... but they aren't sending the traffic to
>> the specified queue.
>>
>> If someone have a glue for this...
>> Any suggestion are welcome.
>>
>> Thank's in advance.
>
> Sorry but i do not see any evidence that what you claim is true!
>
> --
> Ermal
>
My subnets are all /24, so
table <sub1> const { 200.x.1.0/24 }
table <sub2> const { 200.x.2.0/24 }
table <sub3> const { 200.x.3.0/24 }
table <sub4> const { 200.x.4.0/24 }
In my network, I only have thoses subnets.
With:
pass all from <sub1> to any queue sub1
pass all from any to <sub1> queue sub1
pass all from <sub2> to any queue sub2
pass all from any to <sub2> queue sub2
pass all from <sub3> to any queue sub3
pass all from any to <sub3> queue sub3
pass all from <sub4> to any queue sub4
pass all from any to <sub4> queue sub4
pass all (sent to default queue)
The queues have to get all the traffic from my network. But it don't.
If I put an log option to the last pass all rule, and do a tcpdump to
pflog0, no packet is showed. So, the rules are working OK.
But with "pfctl -vvs queue", it shows:
sub1: 2.81Mb/s
sub2: 5.20Mb/s
sub3: 2.35Mb/s
sub4: 3.92Mb/s
default: 16.49Mb/s
As I can understand, with the pass rules, all the traffic from that
subnets, need to get into that queue.
So... with the pass rule of the <sub1>, all the traffic data from that
subnet, need to get into the queue sub1, the same with sub2, sub3, and
sub4.
But, Why, I have a high traffic in the default queue?
There is no packet at the last pass all rule. So, no packet is missing
the other rules.
What I want, it to get all the traffic from 200.x.1.0/24, into the
sub1 queue, and get limited by this queue, not the default queue. And
again, the same with sub2-4.
I'm using HFSC, but I'll try with CBQ.
--=20
Rafael Henrique da Silva Faria
Grupo de Sistemas e Redes
Servi=E7o T=E9cnico de Inform=E1tica
Faculdade de Ci=EAncias e Letras do Campus de Araraquara - UNESP
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTilMEb29wh-fKSBVqbiBQhLr2SWwWebFWXcc2qHP>