Hello everyone,
I need to shape traffic in IPFW by MAC (Kind of MAC locking).
That said - I had to create a lot of rules (and the ruleset grows) with pipes.
Recently this started to heavily impact our routers performance (we are limiting around 200 mac addresses so 400 rules, apart from other standard rules).
Is there another way to limit systems?
I'm thinking of VLAN interfaces but not sure if IPFW supports VLAN tables and we will have to change some of the switches to support trunking.
Dummynet is locked and performs at around 10% cpu which is fine.
But the cards use 2.1 times more of what they use without those rules.
I need to shape traffic in IPFW by MAC (Kind of MAC locking).
That said - I had to create a lot of rules (and the ruleset grows) with pipes.
Recently this started to heavily impact our routers performance (we are limiting around 200 mac addresses so 400 rules, apart from other standard rules).
Is there another way to limit systems?
I'm thinking of VLAN interfaces but not sure if IPFW supports VLAN tables and we will have to change some of the switches to support trunking.
Dummynet is locked and performs at around 10% cpu which is fine.
But the cards use 2.1 times more of what they use without those rules.