Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Sep 2002 14:08:53 -0700
From:      "Jacob S. Barrett" <jbarrett@amduat.net>
To:        freebsd-ipfw@freebsd.org
Subject:   MAC Layer Bandwidth Limiting
Message-ID:  <3D864865.2030607@amduat.net>

Next in thread | Raw E-Mail | Index | Archive | Help
If I wanted to do MAC layer bandwidth limiting would I want to do 
something like the following using IPFW2 or am I just way off?

ipfw add 1000 pipe 1000 layer2 mac $MAC0 any
ipfw add 1001 pipe 1001 layer2 mac any $MAC0
ipfw pipe 1000 bw 128Kbit/s
ipfw pipe 1001 bw 768Kbit/s

ipfw add 1010 pipe 1010 layer2 mac $MAC1 any
ipfw add 1011 pipe 1011 layer2 mac any $MAC1
ipfw pipe 1010 bw 256Kbit/s
ipfw pipe 1011 bw 512Kbit/s

MAC0 is limited to 128kbit/s out and 768kbit/s in
MAC1 is limited to 256kbit/s out and 512kbit/s in

What I want is the ability to filter links at the MAC level as well as 
limit the bandwidth that particular link has.  Traffic may not always be 
IP based so filtering on the IP address isn't sufficient.

If this all makes sense and works then is it possible to use a MAC 
address mask in the pipe/queue mask.  What I mean is can the limits be 
based on per MAC rather than per IP so that I can remove the need to 
have two pipes for each MAC like I do now?  Something like this?

ipfw add 1000 pipe 1128 layer2 mac $MAC0 any
ipfw add 1001 pipe 2768 layer2 mac any $MAC0

ipfw add 1010 pipe 1256 layer2 mac $MAC0 any
ipfw add 1011 pipe 2512 layer2 mac any $MAC0

ipfw add 1020 pipe 1128 layer2 mac $MAC2 any
ipfw add 1021 pipe 2768 layer2 mac any $MAC2

ipfw pipe 1128 bw 128Kbit/s mask mac-src 0xffffffffffff
ipfw pipe 1256 bw 256Kbit/s mask mac-src 0xffffffffffff
ipfw pipe 1512 bw 512Kbit/s mask mac-src 0xffffffffffff
ipfw pipe 1768 bw 768Kbit/s mask mac-src 0xffffffffffff

ipfw pipe 2128 bw 128Kbit/s mask mac-dst 0xffffffffffff
ipfw pipe 2256 bw 256Kbit/s mask mac-dst 0xffffffffffff
ipfw pipe 2512 bw 512Kbit/s mask mac-dst 0xffffffffffff
ipfw pipe 2768 bw 768Kbit/s mask mac-dst 0xffffffffffff

MAC0 is limited to 128kbit/s out and 768kbit/s in
MAC1 is limited to 256kbit/s out and 512kbit/s in
MAC2 is limited to 128kbit/s out and 768kbit/s in

Does any of this make sense or am I just way off in my own little world 
here?

Now if all this works then I assume that the byte count field for rules 
xxx0 and xxx1 should be the total bytes in and out for the link.  Is 
this correct?  If I was going to use that field for accounting to 
determine the bytes transferred per month is there a way to read and 
zero the counts at the same time, or am I going to just have to let the 
few bytes that come in between read and zero just drop off?

-- 
Jacob S. Barrett
jbarrett@amduat.net
www.amduat.net

"I don't suffer from insanity, I enjoy every minute of it."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?3D864865.2030607>