Hi. We just opened a gaming center and have chosen to run a FreeBsd box for our firewall. IPFW is configured at it's very basic running natd through rl0 and allowing any to any connections from the lan to the outer world. Natd controls access to the lan. We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, however if a gamer starts downloading a file, that file takes precendence and causes everyone's pings 'in-game' to sky rocket to unplayable levels. I have done some reading on DummyNet which is attached at the hip with IPFW, however I have been unsuccessful in getting it to work properly. I have done some research and found this site: http://info.iet.unipi.it/~luigi/ip_dummynet/ After reading I became more confused than before. Should I share the link as a whole to all 64 client machines OR should I set a fixed BW for all client machines. Are there other websites out there that can help with this? Also if and when I do find a working pipe/queue config do I put it before the natd via rl0 command or after? Thanks. Mike Purcell Aka BigTrucK Ownij Digital Entertainment Betta Axe Somebody! www.ownij.com
Hi.> We have a 6.0 mb/s ADSL net connection for all the > gaming clients to use, > however if a gamer starts downloading a file, that > file takes precendence and > causes everyone's pings 'in-game' to sky rocket to > unplayable levels.I have the following in my /etc/rc.firewall: # do some traffic-shaping, configure a pipe ${fwcmd} pipe 10 config bw 1280Kbit/s ${fwcmd} pipe 20 config bw 1280Kbit/s # create some queues with various weight ${fwcmd} queue 11 config pipe 10 weight 50 ${fwcmd} queue 12 config pipe 10 weight 25 ${fwcmd} queue 13 config pipe 10 weight 5 ${fwcmd} queue 21 config pipe 20 weight 50 ${fwcmd} queue 22 config pipe 20 weight 25 ${fwcmd} queue 23 config pipe 20 weight 5 # create some rules that will be applied to the queues # inside-interface ${fwcmd} add 340 queue 11 tcp from ${inet}:${imask} to any dst-port http in recv ${iif} ${fwcmd} add 340 queue 11 tcp from ${inet}:${imask} to any dst-port ssh in recv ${iif} ${fwcmd} add 340 queue 11 udp from ${inet}:${imask} to any dst-port 53 in recv ${iif} ${fwcmd} add 340 queue 12 tcp from ${inet}:${imask} to any dst-port smtp in recv ${iif} ${fwcmd} add 340 queue 12 tcp from ${inet}:${imask} to any dst-port pop3 in recv ${iif} ${fwcmd} add 340 queue 13 ip from ${inet}:${imask} to any in recv ${iif} # outside-interface ${fwcmd} add 350 queue 21 tcp from any to ${inet}:${imask} src-port http in recv ${oif} ${fwcmd} add 350 queue 21 tcp from any to ${inet}:${imask} src-port ssh in recv ${oif} ${fwcmd} add 350 queue 21 udp from any to ${inet}:${imask} src-port 53 in recv ${oif} ${fwcmd} add 350 queue 22 tcp from any to ${inet}:${imask} src-port smtp in recv ${oif} ${fwcmd} add 350 queue 22 tcp from any to ${inet}:${imask} src-port pop3 in recv ${oif} ${fwcmd} add 350 queue 23 ip from any to ${inet}:${imask} in recv ${oif} ;; This creates some queues with a certain bandwitdh and weight, apply some protocols to the various queues. You may use this as a staring-point. I'm using this on FreeBSD 4.8 stable and compiled IPFW2-support into the kernel. Requires a change to /etc/make.conf and kernel. Regards Claus Yahoo! Mail (http://dk.mail.yahoo.com) - Gratis: 6 MB lagerplads, spamfilter og virusscan
Hmm. I think the easiest thing to do is to control the bandwidth on
the LAN side of natd rather then on the ADSL side. If the PCs do not
advertise huge TCP windows limiting the bandwidth on the LAN side
should be sufficient to prevent continuous saturation of your uplink.
There are two ways to do this: Dynamic queues associated with a single
pipe, or dynamic pipes.
If you use dynamic queues associated with a single pipe IPFW can share
the bandwidth and any given client can use the full available bandwidth
if nobody else is. However, this may not turn out as you expect because
disparate protocols are competing for the bandwidth... UDP for in-game
play and bulk TCP for downloads, and the people playing in games may
still see glitches. Setting the pipe to slightly less then the ADSL
line's actual bandwidth might solve the glitches, though.
If you use dynamic pipes you can hard limit the maximum bandwidth that
any single client is allowed to use. For example, if your ADSL is
6 MBits you could limit the per-client bandwidth to 1 MBit. Even though
6 or more clients downloading at once could saturate the pipe, this
solution is likely to result in fewer glitches then the queue mechanism.
Ultimately the queue mechanism is likely going to be the best way to go,
but it will require a lot of fine tuning to get there and I expect you
could implement the dynamic pipe mechanism (hard limit maximum bandwidth
to each client) in an hour or two.
Now unfortunately I am not an expert on dynamic queues and dynamic pipes.
The IPFW manual page describes them (look for the mask-specifier phrase
in the manual page). From my read it ought to be really easy to set
up dynamic pipes as an initial solution, and then experiment with the
dynamic queues for a possible long-term solution.
-Matt
:Hi. We just opened a gaming center and have chosen to run a FreeBsd box for
:our firewall. IPFW is configured at it's very basic running natd through
rl0
:and allowing any to any connections from the lan to the outer world. Natd
:controls access to the lan.
:
:We have a 6.0 mb/s ADSL net connection for all the gaming clients to use,
:however if a gamer starts downloading a file, that file takes precendence and
:causes everyone's pings 'in-game' to sky rocket to unplayable
levels. I have
:done some reading on DummyNet which is attached at the hip with IPFW, however I
:have been unsuccessful in getting it to work properly.
:
:I have done some research and found this site:
:http://info.iet.unipi.it/~luigi/ip_dummynet/
:
:After reading I became more confused than before. Should I share the link as a
:whole to all 64 client machines OR should I set a fixed BW for all client
:machines. Are there other websites out there that can help with this?
:
:Also if and when I do find a working pipe/queue config do I put it before the
:natd via rl0 command or after?
:
:Thanks.
Have you looked at the altq stuff at all? It's a bit more sophisticated than dummynet, and can likely do what you need. Charles -- Charles Sprickman spork@inch.com On Mon, 2 Jun 2003 bigtruck@ownij.com wrote:> Hi. We just opened a gaming center and have chosen to run a FreeBsd box for > our firewall. IPFW is configured at it's very basic running natd through rl0 > and allowing any to any connections from the lan to the outer world. Natd > controls access to the lan. > > We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, > however if a gamer starts downloading a file, that file takes precendence and > causes everyone's pings 'in-game' to sky rocket to unplayable levels. I have > done some reading on DummyNet which is attached at the hip with IPFW, however I > have been unsuccessful in getting it to work properly. > > I have done some research and found this site: > http://info.iet.unipi.it/~luigi/ip_dummynet/ > > After reading I became more confused than before. Should I share the link as a > whole to all 64 client machines OR should I set a fixed BW for all client > machines. Are there other websites out there that can help with this? > > Also if and when I do find a working pipe/queue config do I put it before the > natd via rl0 command or after? > > Thanks. > > > > Mike Purcell > Aka BigTrucK > Ownij Digital Entertainment > Betta Axe Somebody! > www.ownij.com > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
On Tue, 3 Jun 2003 05:25, bigtruck@ownij.com wrote:> After reading I became more confused than before. Should I share the link > as a whole to all 64 client machines OR should I set a fixed BW for all > client machines. Are there other websites out there that can help with > this? > > Also if and when I do find a working pipe/queue config do I put it before > the natd via rl0 command or after?I think you'd be best off making pipes for each machine.. I use dummynet pipes at home to limit my TCP traffic to prevent my pings from going bad when someone downloads or uploads. eg -> # Rate limit out going TCP ${fwcmd} pipe 1 config bw 1kbyte/sec queue 10kbytes ${fwcmd} add pipe 1 tcp from any to any out via tun0 # Limit incoming TCP ${fwcmd} pipe 2 config bw 5kbyte/sec queue 10kbytes ${fwcmd} add pipe 2 tcp from any to any in recv tun0 -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5
bigtruck@ownij.com wrote:> > Hi. We just opened a gaming center and have chosen to run a FreeBsd box for > our firewall. IPFW is configured at it's very basic running natd through rl0 > and allowing any to any connections from the lan to the outer world. Natd > controls access to the lan. > > We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, > however if a gamer starts downloading a file, that file takes precendence and > causes everyone's pings 'in-game' to sky rocket to unplayable levels. I have > done some reading on DummyNet which is attached at the hip with IPFW, however I > have been unsuccessful in getting it to work properly.First of all, you should shape traffic on LAN imho, it will give you much more control over situation. Second, you should create two dummynet pipes, one for incoming and one for outgoing traffic and set 6.0Mbit/s for its bandwidth parameter. Then, you can engage WF2Q feature of dummynet that is capable of "fair allocation" of bandwidth between competitors. You create two queues using 'mask src-ip 0xffffffff' for outgoing traffic and 'mask dst-ip 0xffffffff' for incoming. And you divert all of LAN traffic going into queues. That may be quite good for you. Furthermore, you can engage GRED for preventing excessive TCP packet drops, but that should be next stage. Eugene Grosbein
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 01:55 pm, bigtruck@ownij.com wrote:> Hi. We just opened a gaming center and have chosen to run a FreeBsd box > for our firewall. IPFW is configured at it's very basic running natd > through rl0 and allowing any to any connections from the lan to the outer > world. Natd controls access to the lan. > > We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, > however if a gamer starts downloading a file, that file takes precendence > and causes everyone's pings 'in-game' to sky rocket to unplayable levels. > I have done some reading on DummyNet which is attached at the hip with > IPFW, however I have been unsuccessful in getting it to work properly. > > I have done some research and found this site: > http://info.iet.unipi.it/~luigi/ip_dummynet/ > > After reading I became more confused than before. Should I share the link > as a whole to all 64 client machines OR should I set a fixed BW for all > client machines. Are there other websites out there that can help with > this? > > Also if and when I do find a working pipe/queue config do I put it before > the natd via rl0 command or after?Another consideration, from experience: rl is not a very good "inside" nic, at least if running with the old standby 8139 chip. I don't have direct experience with the 82xx family they are using these days, but with my 8139-based card, I could never, under windows, get a single download past 30KBps (but I could open 3 downloads before the performance started to fall off) (this is on a cable modem). Under BSD (4-stable in the days of 4.5 and 4.6) I couldn't get anything past 100Kbps. Using a machine with two realtek's as a gateway/router, I found I was brealy better than dialup on my local machines. Switching to a Netgear NIC (dc driver) vastly improved matters. When set for dc0=outside, rl0=inside, my LAN performance is about the same (indicating a bottleneck in rl0), however, my WAN performance is about 1/3 better (I can consistently get 130KBps+, and frequently exceed 200KBps; once in a while I can even get more than 300KBps, but due to the nature of cable, that is pretty rare.). Putting dc0 on "inside" duty more than doubles the performance of my LAN, without changing any network infrastructure. This tells me the rl8139 at least is optimized for use on asymetric connection, such as DSL or Cable, and is not really (even though it claims to support it) a full-duplex card. Spend a few dollars more, and get a better card, in other words. I guess that doesn't really help with dummynet, but it could explain some of the performance problem... mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3RSRY30jZzkECLcRAo/GAJwJyRZfadU1ISrfluktUN2s/JqinwCfdC1w 9ucO194yP4ccqgLW4eg30Aw=QTrN -----END PGP SIGNATURE-----