From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 20 15:39:44 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A505A1065674 for ; Sun, 20 Jul 2008 15:39:44 +0000 (UTC) (envelope-from kazi.sharif@aonb.com.bd) Received: from mail.aonb.com.bd (ns1.aonbd.net [117.58.240.30]) by mx1.freebsd.org (Postfix) with ESMTP id 8E20B8FC0A for ; Sun, 20 Jul 2008 15:39:42 +0000 (UTC) (envelope-from kazi.sharif@aonb.com.bd) Received: (qmail 13625 invoked by uid 509); 20 Jul 2008 21:45:39 +0600 Received: from 117.58.240.42 by mail.aonb.com.bd (envelope-from , uid 508) with qmail-scanner-1.25-st-qms (clamdscan: 0.91.1/3762. spamassassin: 2.x. perlscan: 1.25-st-qms. Clear:RC:1(117.58.240.42):. Processed in 0.066207 secs); 20 Jul 2008 15:45:39 -0000 X-Antivirus-MYDOMAIN-Mail-From: kazi.sharif@aonb.com.bd via mail.aonb.com.bd X-Antivirus-MYDOMAIN: 1.25-st-qms (Clear:RC:1(117.58.240.42):. Processed in 0.066207 secs Process 13618) Received: from sharif.aonbd.net (HELO ?127.0.0.1?) (kazi.sharif@aonbd.net@117.58.240.42) by mail.aonb.com.bd with SMTP; 20 Jul 2008 21:45:39 +0600 Message-ID: <48835C35.3010707@aonb.com.bd> Date: Sun, 20 Jul 2008 21:39:33 +0600 From: "Kazi A. Sharif" Organization: Always On Network Bangladesh Ltd. User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Thomas Vogt References: <4882C7E6.8010604@aonb.com.bd> <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> In-Reply-To: <03690B01-2B1A-4AC0-88BC-3C0504C5B9B3@bsdunix.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW+Dummynet Capability X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2008 15:39:44 -0000 Hello Thomas, Thanks for the reply. It seems I am not in the right track. I used Emerging Technologies commercial bandwidth manager. It was tested with 2000 rules and the total traffic was 25Mbps. It is build on UNIX OS. I heard that Allot is also able to use many rules. In Mikrotik we can create Queue/Queue group/Firewall/IP based MRTG Graph/Time-based QoS and they say that it is tested with Gigabit traffic. My current requirement is bellow 100Mbps but there will have at least 4000 clients that means 4000 IPs. We use the packages 64, 96, 128, 256, 512, 1024/1024kbps and so on. We used to create 2 rules for each user, one for bandwidth and another for firewall or MAC binding with IP. After a lot of searching on IPFW+Dummynet I didn't find a good IP based in/out traffic graphing way through SNMP or something like that, I checked for Time-based QoS on IPFW+Dummynet and saw a patch but its not granted, I wanted to use name with rule number but I don't think uid/gid is what I was looking for. So do you think there is a way to use IPFW+Dummynet using table to reduce number of rules and for at least 100Mbps traffic? You may have other suggestions to use Altq+PF or something similar. I think I should spent time on this if my above requirements are achievable. Thanking Sharif Thomas Vogt wrote: > Hello > > Am 20.07.2008 um 01:06 schrieb Kazi A. Sharif: >> Hello Guys, >> I was planning to install a heavy duty bandwidth manager for my ISP. >> I went through some documentation and installed IPFW and Dummynet in >> FreeBSD 7.0. Before I spent so much time on this I need to know the >> limitations that are already noticed: >> >> 1. If we compare IPFW+Dummynet with Allot or Emerging Technologies >> Bandwidth manager, how efficient is the IPFW+Dummynet? >> 2. Is it possible to control/throttle 800/900Mbps bandwidth using >> recommended hardware? > > We use something similiar to make sure that certain ip ranges always > get the best performance. Simulating some kind of QoS and set a max > bandwidth for everything. > > > We figured out that the limit with this Xeon is somewhere between > 200-300Mbps with a few IPFW+Dummynet rules. We also tested a slower > quad cores but the performance was even worse. UP systems with fast > CPU where the best choice so far for us. At the moment our system runs > with 6.2 but to be honest i don't belive that the performance gets > trippled with FreeBSD 7. > > Our hardware: > Intel(R) Xeon(TM) CPU 3.20GHz (3199.10-MHz 686-class CPU) and intel em > cards ( > In the past Ian Freislich mentioned at performance@ that AMD Opterons > are maybe faster because of the bigger L1 cache. You will get less > cache misses with it. > > We could squeeze a bit more speed with ipfw table keyword. In > gerneral, the less rule you have the better performance you will get. > > There is also an dummynet issue with FreeBSD 7.0. We just used > dummynet to limit a ftp server to 500Mpbs and had a lot of kernel > panics. Oleg Bulyzhin wrote a patch: > http://www.freebsd.org/cgi/query-pr.cgi?prp=113548-3-diff > > As far as i know this patch is not included in 7.0-Release and i'm not > sure if it was ever commited to -stable or -head. > > Regards, > Thomas Vogt > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >