layer2 filtering and dummynet, bw reduced by half
Patrick Tracanelli
eksffa at freebsdbrasil.com.br
Mon Oct 3 09:08:05 PDT 2005
Hello,
I am doing some simple tests in a specific enviroment where layer2
filtering and dummynet will work together. There is a complex set of FW
rules, which showed a behaviour where, whenever I turn layer2 filtering
on, dummynet configured pipes get the configured BW reduced by half. To
check it out I reduced the production ruleset into a few, simple and
clear set of rules in a testing enviroment.
The current rules are:
layer2() {
ipfw add skipto 400 all from any to any mac-type ip,arp layer2
ipfw add deny all from any to any layer2
}
countlog() {
ipfw add 400 count log all from any to any in
ipfw add 401 count log all from any to any out
}
pipe() {
ipfw add pipe 1 all from any to 172.16.52.254/32 in
ipfw add pipe 2 all from 172.16.52.254/32 to any out
ipfw pipe 1 config bw 64Kbps queue 5
ipfw pipe 2 config bw 64Kbps queue 5
}
Very simple, nothing special.
FYI, one_pass feature for ipfw is '1' (default).
When net.link.ether.ipfw=0, dummynet works perfectly. The piped IP
address can only up/down at the configured speed. But when I turn
net.link.ether.ipfw=1 the maximum speedk gets reduced exactly by half,
just like if I had pipes configured at 32Kbps.
I have tested even without any layer2 rule loaded. The behaviour is just
the same.
I am not sure what might be causing this weird behaviour. Is there any
thing that should be tunned up? Any ideas on why it happens, and how to
deal with it instead of configuring bw by 2 to get the desired speed? If
there is a logical reason for that which I ignore, there is no problem
in * it by 2, but I would like to hear about it, technically, which is
the reason.
And specially, if it something I am doing wrong, I would appreciate if
someone could point it out.
Thank you a lot :-)
--
Patrick Tracanelli
More information about the freebsd-ipfw
mailing list