[ previous ] [ next ] [ threads ]
 
 From:  Didier Lebrun <dl at quartier dash rural dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] LOng ping.
 Date:  Wed, 01 Sep 2004 02:39:02 +0200 
At 22:33 31/08/2004 +0200, mono at centrum dot sk wrote:
>Hi,
>what happens, when in monowall appears a magic shaper, if i configure
>two and more rules in the traffic shaper, ping increases for example
>with 1000bit packet from 40 - 60ms to 200 - 300 ms, if a have in
>shaper about twenty rules times is about 400-600ms.  It wasn`t in
>older versions monowall.
>Whats wrong?
>Thanks.
>Robo.K.

About one year ago, when trying to configure a freebsd/dummynet traffic 
shaper behind a bidirectional sat link, I observed that dummynet was 
increasing the (already high) latency by a few hundred ms in some cases. I 
isolated the problem by testing a minimalistic set of rules (fully open 
firewall without NAT, simplistic shaper rules), modifying each parameter in 
turn so as to measure its effect on latency. I came to the conclusion that 
the parameter "bw ???Kbits/s" was the cause of higher latency. Whenever I 
was setting a pipe with a fixed bandwidth, whatever the number was, the 
latency was increasing by a few hundred ms. I found a simple way around the 
problem, by not setting any fixed bandwidth, so as to let the pipe adjust 
to the link behind it. It works fine and still permits to share the 
bandwidth between several queues within this pipe:

         ${fwcmd} add pipe 1 all from any to { $inet or me } in recv ${oif}
         ${fwcmd} add queue 1 all from any to ${ $inet or me } in recv ${oif}
         ${fwcmd} pipe 1 config queue ${pipe_down_slots}
         ${fwcmd} queue 1 config pipe 1 mask dst-ip 0x000000ff queue 
${queue_down_slots}

The same type of rules can be set for both directions, although a problem 
might occur with the symetric mask src-ip 0x000000ff in relation with NAT 
(must happen before the address is nated). My real set of rules is a bit 
more complex than this example, with several queues and different weights, 
but the idea is the same. It has proved to work fine on an everyday basis 
for nearly one year with 15 users, allowing Kazaa addicts to cohabit evenly 
with web and mail users.

I suppose it would be fairly easy to allow for that sort of thing in 
m0n0wall by modifying a few lines in shaper.inc:

         /* generate pipes */
         if (isset($config['shaper']['pipe'])) {
                 $pipei = 1;
                 foreach ($config['shaper']['pipe'] as $pipe) {
--                      $line = "pipe $pipei config bw 
{$pipe['bandwidth']}Kbit/s ";
++                      $line = "pipe $pipei ";
++                      if ($pipe['bandwidth']) {
++                              $line .= "bw {$pipe['bandwidth']}Kbit/s ";
++                      }

                         [...]
                 }
         }

... but it's only a supposition, since I haven't explored the PHP code 
thoroughly enough to tell whether there is some need to adapt other lines 
of code somewhere else.

--
Didier Lebrun
Le bourg - 81140 - Vaour (France)
tél: 05.63.53.73.41 (AM et soirée)
mailto:dl at vaour dot net (MIME, ISO latin 1)
http://didier.quartier-rural.org/