traffic shaping freebsd

Michael Sierchio kudzu at tenebras.com
Mon Sep 12 01:16:57 UTC 2011 

You don't seem to have any rules that match packets. This won't work.

On Sunday, September 11, 2011, alexus <alexus at gmail.com> wrote:
> su-4.2# grep pipe /etc/ipfw.rules
> pipe flush
> pipe 1 config bw 1Mbit/s mask dst-port www
> pipe 2 config bw 1Mbit/s mask src-port www
> pipe 3 config bw 1Mbit/s mask dst-port 3128
> add 3128 pipe 3 tcp from any to any src-port 3128 uid root
> add 8381 pipe 1 tcp from any to any dst-port www uid daemon
> add 8382 pipe 2 tcp from any to any src-port www uid daemon
> su-4.2#
>
>
> su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw
> pipe show 2
> 08381  11190    815447 pipe 1 tcp from any to any dst-port 80 uid daemon
> 08382  14394  16926849 pipe 2 tcp from any 80 to any uid daemon
> 00001:   1.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>  0 tcp     64.237.55.83/64730     69.10.58.25/80    11190   815447  0    0
  0
> 00002:   1.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>  0 tcp      69.10.58.25/80       64.237.55.83/64730 14394 16926849  0    0
 10
> su-4.2# ipfw show | grep -E 'pipe 1|pipe 2' && ipfw pipe show 1 ; ipfw
> pipe show 2
> 08381  11218    817225 pipe 1 tcp from any to any dst-port 80 uid daemon
> 08382  14434  16979213 pipe 2 tcp from any 80 to any uid daemon
> 00001:   1.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>  0 tcp     64.237.55.83/64730     69.10.58.25/80    11218   817225  0    0
  0
> 00002:   1.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>  0 tcp      69.10.58.25/80       64.237.55.83/64730 14434 16979213  0    0
 10
> su-4.2#
>
> as you see ipfw rules matches as count is increasing, yet pipe i'm not
> seeing any difference at all, its like it matched first time and
> that's it...
>
> yet pipe shows different output
>
> su-4.2# ipfw show | grep 'pipe 3' && ipfw pipe show 3
> 03128  37483  71276160 pipe 3 tcp from any 3128 to any uid root
> 00003:   1.000 Mbit/s    0 ms   50 sl. 4 queues (64 buckets) droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>  0 ip           0.0.0.0/0             0.0.0.0/1056    16     2383  0    0
  0
>  16 ip           0.0.0.0/0             0.0.0.0/1032     8     9398  0    0
  0
>  32 ip           0.0.0.0/0             0.0.0.0/2096    41    43167  0    0
  0
>  48 ip           0.0.0.0/0             0.0.0.0/56       2     7074  0    0
  0
> su-4.2# !!
> ipfw show | grep 'pipe 3' && ipfw pipe show 3
> 03128  39285  74616912 pipe 3 tcp from any 3128 to any uid root
> 00003:   1.000 Mbit/s    0 ms   50 sl. 4 queues (64 buckets) droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0c38
> BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes
Pkt/Byte Drp
>  0 ip           0.0.0.0/0             0.0.0.0/1056    19    20651  0    0
  0
>  16 ip           0.0.0.0/0             0.0.0.0/1064    36    41781  0    0
  0
>  32 ip           0.0.0.0/0             0.0.0.0/1072    43    53920  0    0
  0
>  48 ip           0.0.0.0/0             0.0.0.0/2104     3      595  0    0
  0
> su-4.2#
>
> why is it seeing source ip/port as 0/0 and dest 0/? i dont understand
> that at all
>
> On Sun, Sep 11, 2011 at 7:06 PM, Michael Sierchio <kudzu at tenebras.com>
wrote:
>> On Sun, Sep 11, 2011 at 3:38 PM, alexus <alexus at gmail.com> wrote:
>>> thanks, but did u actually tried it?
>>
>> If what you're asking is, "does traffic shaping work?"  the answer is
>> yes.  There are some provisos - you must create an outbound pipe and
>> an inbound pipe that accurately reflect the observed network
>> performance (not what your ISP told you).  This is because when you
>> create queues of different weights, the weights are only imposed when
>> one or more queues are full.
>>
>> See http://info.iet.unipi.it/~luigi/dummynet/
>>
>> The place to start is to find out what kind of upload and download
>> throughput you get, then create pipes that are 95% of those observed
>> values (one up, one down), then instantiate queues with different
>> weights on each pipe, then create rules that match packets according
>> to which pipe they should go in.  Also consider that the sysctl
>> variable, net.inet.ip.fw.one_pass, might need to be 0 and not 1,
>> depending on whether queued packets need further processing.
>>
>
>
>
> --
> http://alexus.org/
>

More information about the freebsd-questions mailing list