IPFW Dummynet: shaping in/outbound traffic in one pipe

[symmetrx]

Hello!

I need traffic shaping in the following scenario:

• there is one pipe, which limits total bandwidth for inbound and outbound traffic
• inbound and outbound traffic from each host hits the pipe
• inbound and outbound traffic from each host shares the pipe bandwidth equally with other hosts

How can I do this width dummynet?

I would be glad for any help.

 

[symmetrx]

Is it correct the next solution:

pipe 10 config bw 100Mbit/s
sched 10 config type QFQ

queue 11 config weight 50 pipe 10 mask src-ip 0xffffffff buckets 1024
queue 12 config weight 50 pipe 10 mask dst-ip 0xffffffff buckets 1024

add queue 11 all from 10.0.0.0/24 to any in via em0
add queue 12 all from any to 10.0.0.0/24 out via em0

?

What bandwidth is in the following case at the first host and the second host:

• first host downloading content with 50Mbit/s and uploading with 50Mbit/s;
• then second host start downloading content

?
25Mbit/s + 25Mbit/s at the first host and 50Mbit/s at the second host?

What mask for src-ip and dst-ip should I use for ipv6?

 

[qsecofr]

I have asymmetric down/up speeds between me and my ISP. My IPFW firewall includes some basic rate-limiting rules like:

## $oif = static external IP address

        $ipfw -q add pipe 1 ip from any to any in via $oif
        $ipfw -q add pipe 2 ip from any to any out via $oif
        $ipfw -q add pipe 3 tcp from any to me http,https in
        $ipfw -q add pipe 4 tcp from me http,https to any out

        $ipfw -q add queue 1 tcp from any to any in via $oif
        $ipfw -q add queue 2 tcp from any to any out via $oif
        $ipfw -q add queue 3 tcp from any to me http,https in
        $ipfw -q add queue 4 tcp from me http,https to any out

        $ipfw -q queue 1 config pipe 1 weight 80 queue 5Kbytes
        $ipfw -q queue 2 config pipe 2 weight 80 queue 5Kbytes
        $ipfw -q queue 3 config pipe 3 weight 30 queue 5Kbytes
        $ipfw -q queue 4 config pipe 4 weight 30 queue 5Kbytes

        $ipfw -q pipe 1 config bw 2800Kbits/s queue 10Kbytes
        $ipfw -q pipe 2 config bw 1050Kbits/s queue 10Kbytes
        $ipfw -q pipe 3 config bw 200Kbits/s queue 10Kbytes
        $ipfw -q pipe 4 config bw 450Kbits/s queue 10Kbytes

If you wanted all types of data treated equally, you could ignore references to 3 and 4 above. Their bandwidth could be given to 1 and 2 respectively. And if your connection is symmetrical, having the same rate up & down, then you could probably ignore references to 2 above, and dispense with the directional flow in the remaining rule. And if you've got a full 50Mbits up AND down simultaneously I'd almost wager you'd have a harder time saturating the line than in limiting its flow rate.

 

[symmetrx]

The main purpose of such traffic separation schemes to support the maximum possible bandwidth for each of the hosts, while maintaining fairness.

If host doesn't uploading something, then this bandwidth should be added to the download bandwidth for this host. If host doesn't do anything, its bandwidth is given to other host.

If use different pipes for incoming and outgoing, then in case of only one action (incoming or outgoing) bandwidth will be limited to bandwidth of only one pipe.

In my scheme, I think, there is no equality... When the first host uploading and downloading content, then will be two queues with a weight of 50 for each direction. When the second host downloading content, then will be added another third queue with a weight of 50. So... Bandwidth will be split accordingly 50 + 50 + 50, 100 of them will be for the first host and only 50 for the second. But must 50 for the first (25 for download and 25 for upload) and 50 for the second.