dummynet / ipfw plr config issue: double plr for UL compared to DL

IPFW, PF, IPF (but not limited) related discussion

dummynet / ipfw plr config issue: double plr for UL compared to DL

Postby arusan » 06 Sep 2011, 23:10

On a machine acting as a bridge, I have only one dummynet pipe configured with PLR.
I add two rules, hoping that I will generate symmetric packet loss on UL & DL for a single host behind the bridge.

However, I end up with double the packet loss in UL, while in DL the packet loss is exacty what I configured. And I can't figure out at all where my mistake lies...

my config:
Code: Select all
ipfw pipe 7 config plr 0.004                #--> 0.4%, right?
ipfw add 300 pipe 7 out dst-ip 10.x.y.z/30  #--> I also tried only IP@ 10.x.x.2, for the
                                            # specific host. it's anyway alone in that subnet
ipfw add 400 pipe 7 out src-ip 10.x.y.z/30  # obviously x,y,z identical to the above ones


I test with iperf, one linux and one windows machine (first command line for the server, second line for client):
Code: Select all
iperf -s -u -l 1400
iperf -c 10.x.y.z -f m -u -i 5 -b 3m -l 1400 -t 100


(tried with other values for bandwidth, no difference. need -t 100 for a good average since my PLR is very low).

-when running this in one direction, my PLR is the desired one: ~0.4% (0.39% to 0.41%).
-when running this in the other direction (I switch my iperf commands and adjust the IP@ for the server, the machines remain on the same side of the bridge, just the iperf server/client are switched) I get double the packet loss: ~0.8% (0.76%-0.85%).

same result if I run iperf with the -r command (also for reversed direction testing).
If I put prob 0.5 to the 400 rule (which is the problematic one), I get the correct result of 0.4% --> which is strange...

I checked that only one rule is matched when running the iperf test (via ipfw show, I see what rule increments packet count) and also that the pipe is configured with the correct value (ipfw pipe show).

if I change rule 400 to:
Code: Select all
ipfw add 400 pipe 7 [B]in[/B] src-ip 10.x.y.z/30


it is not matched at all... which is again weird. I get then PLR 0% and no packets hit the rule.

I use a dual port Intel card (em0, em1) configured as a bridge, no IP@ for any of the ports.
sysctl.conf:
Code: Select all
net.link.ether.ipfw=0
net.link.bridge.ipfw=1


It must be smtg obvious, but I cannot see it.
arusan
Junior Member
 
Posts: 11
Joined: 23 Aug 2011, 03:32

Return to Firewalls

Who is online

Users browsing this forum: Google [Bot] and 0 guests