From owner-freebsd-questions Tue Dec 12 8:25:31 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 12 08:25:27 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id D4FA037B402 for ; Tue, 12 Dec 2000 08:25:26 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id KAA73999; Tue, 12 Dec 2000 10:24:27 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Tue, 12 Dec 2000 10:24:27 -0600 (CST) From: Ryan Thompson To: Matt Bedynek Cc: freebsd-questions@freebsd.org Subject: Re: Question: IPFW, Dummynet, and Bandwidth throttling... In-Reply-To: Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Matt Bedynek wrote to freebsd-questions@FreeBSD.ORG: > Hello. > > Another question ... ;-) > > I noticed that IPFW supports bandwidth shaping.. Several boxes I use > push lots of traffic - in hte area of 2 megabits each. If I were to > start placing traffic limitations to certain addresses or all of them > does it take CPU load or cycles from the box to process these? > > In other words, would I sacrafice CPU usage to use this feature? Of course you would sacrifice CPU usage :-) While 2MB is quite a lot of traffic, cpu time will be proportional to the number of packets, which you didn't specify. However, if you're limiting bandwidth a lot, and the connections themselves are relatively short-lived, you would probably actually gain a few cycles due to the reduced (network|cpu) load on the system. However, this is very application dependent. The ordering of rules is also very important. You can have 1000 rules, but if packets are almost always forwarded in the first dozen rules, the other 988 don't really matter ;-) In most setups, this is not too far from the truth. In practice, some sysadmins have reported using 100-150 filtering/traffic shaper rules with IPFW without (much) slowdown under modest hardware configurations on heavily loaded systems. Our firewall has about 90 count/filter/traffic rules in total, and the typical (remote) packet is considered by 20-30 of them. Our firewall is a run of the mill P200, and runs 90% idle (75% idle peak), despite pushing numerous millions of packets/day. Hope this helps > > matt > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Virtually yours, - Ryan -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message