[nycbug-talk] dummynet question

Tillman Hodgson tillman at seekingfire.com
Tue Mar 21 18:38:41 EST 2006


On Tue, Mar 21, 2006 at 08:30:07AM -0800, pete wright wrote:
> hey all,
> i've been hacking up a dummynet config for my mail sever which is in a
> colo facility.  i'm trying to limit my bandwidth to around 60kB/s on
> ingress and egress flows.  now i think i'm running into a problem with
> dummynet restricting the bandwidth on my lo0 device, which is having a
> negative effect on performance for squirellmail instance connecting to
> a local imapd.  from reading the docs i have not found an easy way to
> apply pipe's to only external devices, and not the loopback device. 
> any idea's...hopefully missing something basic ;)

I did that via ipfw commands a while back ... let me see if I can dig
up that old script.

Ah, here we go:

#!/bin/sh
#
# NOTE: It might seem obvious, but just in case ...
#       YOU CAN ONLY THROTTLE OUTGOING TRAFFIC
#
# NOTE: For the tunnels, I only shape TCP - this means that NFS runs at
#       full speed, which may not be what you want!
#
# To show that ipfw is redirecting traffic through dummynet, use 'ipfw show'
# To show the dummynet pipes, use 'ipfw pipe show' (use a wide terminal)
#
# Config script variables
IPFW='/sbin/ipfw'

case "$1" in
start)
	# Do we have the kernel module loaded?
	if ! kldstat -n dummynet > /dev/null 2>&1 ; then kldload dummynet; fi
	# Do we have an allow rule over-riding the default deny?
	$IPFW add 65000 pass all from any to any
	# Flush out the queues and pipes
	$IPFW -f queue flush
	$IPFW -f pipe flush
	# Redirect real traffic to the dummynet "restricted bandwidth lane"
	#  Web serving to the Internet - turned off because it slows down too much
	#$IPFW add 100 pipe 1 tcp from 24.72.123.45 80 to any out via hme1
	#  OpenVPN tunnel to Smitty
	$IPFW add 110 pipe 2 tcp from 192.168.23.0/24 to 192.168.8.0/24 out
	#  OpenVPN tunnels to Scott
	$IPFW add 120 pipe 3 tcp from 192.168.23.0/24 to 10.42.1.0/24 out
	$IPFW add 121 pipe 3 tcp from 192.168.23.0/24 to 10.42.10.0/24 out
	#  OpenVPN tunnel to Lonny
	$IPFW add 130 pipe 3 tcp from 192.168.23.0/24 to 192.168.31.0/24 out
	#
	# Create the restrictive outgoing bandwidth "traffic lane" pipes
	$IPFW pipe 1 config bw 96KBytes/s queue 25
	$IPFW pipe 2 config bw 64KBytes/s queue 10
	$IPFW pipe 3 config bw 32KBytes/s queue 10
	$IPFW pipe 4 config bw 16KBytes/s queue 10
	$IPFW pipe 5 config bw 8KBytes/s  queue 10
	;;
stop)
	# Flush out the IPFW lists
	$IPFW -f queue flush
	$IPFW -f pipe flush
# Delete the rules we added
	#$IPFW delete 100
	$IPFW delete 110
	$IPFW delete 120
	$IPFW delete 121
	$IPFW delete 130
	;;
*)
	echo "Usage: `basename $0` {start|stop}" >&2
	;;
esac

exit 0


-- 
Semiology has taught us that myth has the task of giving an historical
intention a natural justification, and making contingency appear eternal.
    -- Roland Barthes, _Mythologies_



More information about the talk mailing list