Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Dec 2000 10:24:27 -0600 (CST)
From:      Ryan Thompson <ryan@sasknow.com>
To:        Matt Bedynek <mbedynek@pdq.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Question: IPFW, Dummynet, and Bandwidth throttling...
Message-ID:  <Pine.BSF.4.21.0012120957260.71744-100000@ren.sasknow.com>
In-Reply-To: <OJEGKBCDMGBAKBFKGACMGENACBAA.mbedynek@pdq.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Matt Bedynek wrote to freebsd-questions@FreeBSD.ORG:

> Hello.
> 
> Another question ... ;-)
> 
> I noticed that IPFW supports bandwidth shaping.. Several boxes I use
> push lots of traffic - in hte area of 2 megabits each.  If I were to
> start placing traffic limitations to certain addresses or all of them
> does it take CPU load or cycles from the box to process these?
> 
> In other words, would I sacrafice CPU usage to use this feature?


Of course you would sacrifice CPU usage :-)  While 2MB is quite a lot of
traffic, cpu time will be proportional to the number of packets, which you
didn't specify.  However, if you're limiting bandwidth a lot, and the
connections themselves are relatively short-lived, you would probably
actually gain a few cycles due to the reduced (network|cpu) load on the
system.  However, this is very application dependent.  

The ordering of rules is also very important.  You can have 1000 rules,
but if packets are almost always forwarded in the first dozen rules, the
other 988 don't really matter ;-)  In most setups, this is not too far
from the truth.

In practice, some sysadmins have reported using 100-150 filtering/traffic
shaper rules with IPFW without (much) slowdown under modest hardware
configurations on heavily loaded systems.  Our firewall has about 90
count/filter/traffic rules in total, and the typical (remote) packet is
considered by 20-30 of them.  Our firewall is a run of the mill P200, and
runs 90% idle (75% idle peak), despite pushing numerous millions of
packets/day.



Hope this helps


> 
> matt
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

Virtually yours,
- Ryan

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012120957260.71744-100000>