Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Controlling Bandwidth
Pages: 1, 2

Dummynet was originally invented to simulate poor or lossy links, so the author could test network protocols in bad conditions. However, it also allows you to control bandwidth usage. One example the developer uses on his web page is using dummynet to simulate an ADSL link to the moon! We don't want to throttle our client that badly, but it's nice to know it's possible.

Articles about IPFW

BSD Firewalls: IPFW

BSD Firewalls: IPFW Rulesets

IPFW Logging

Monitoring IPFW Logs

One nice thing about dummynet is that it works on arbitrary ports, IP addresses, and protocols. If you want to restrict the bandwidth usage of IPSec tunnels, Sendmail, or anything, you can do it.



Dummynet is part of IPFW. You can control all sorts of packet flows with dummynet. One of the most basic controls is the amount of traffic through a given IP address.

The IPFW integration was my problem. I'm loathe to muck with the kernel of a working production system. It's just not a good idea. Things have only gone wrong a couple of times, but those failures have been pretty spectacular. New kernel problems might only take a couple of hours to fix, but ISPs don't get downtime. Customers don't like outage explanations like "rebuilding the kernel." Their eyes glaze over, then and they find another ISP that doesn't use those "kernel" thingies.

You must have IPFW in your kernel to use dummynet. I added the following configuration to the system kernel.

options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         DUMMYNET
options         IPFIREWALL_DEFAULT_TO_ACCEPT

Technically I didn't need the IPFIREWALL_VERBOSE statement, but I like logs. They give me a warm fuzzy feeling. I've been known to keep logs for 30 months at a time (generally when I thought I was rotating them daily, but was actually rotating them once a month).

Because we're not using IPFW for packet filtering, but for bandwidth control, I'm using the default accept mode. If you're doing packet filtering, you probably don't want this.

We can use two different types of dummynet filters -- pipes and queues. For this example, we'll use pipes. We'll look at queues some other time.

Dummynet expects to have some outside agency forward packets to it. IPFW includes this functionality. For one dummynet operation, you need at least two IPFW configuration statements. If you aren't familiar with IPFW commands, check out the FreeBSD Basics IPFW series.

You configure dummynet, like all IPFW subsystems, with the ipfw(8) command. First, redirect the packets from the IP address of the site (192.168.1.88) to a dummynet pipe.

ipfw add 100 pipe 1 ip from 192.168.1.88 to any

The syntax is pretty straightforward. We're adding a rule, number 100, and giving it a pipe. Packets that match ip from 192.168.1.88 to any -- packets from this web site -- will be sent to pipe number one.

Our pipe configuration is really very basic, too.

ipfw pipe 1 config bw 128Kbit/s

The pipe is created and labeled. The config statement tells IPFW that this is a configuration statement. The bw means that this is a bandwidth control and 128 Kbps is the bandwidth allowed.

The most disconcerting thing was when I checked the IPFW rule list.

# ipfw list
00100 pipe 1 ip from 192.168.1.88 to any
65535 allow ip from any to any
#

Where's my pipe?

It turns out that the pipes are stored in a separate list. To view your pipes, do ipfw pipe list.

# ipfw pipe list
00001: 128.000 Kbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 tcp    192.168.1.88/80       63.62.168.52/2415  128050681 35518324182  0    0 50486587 #

Wow, impressive! We can see where traffic is coming from, where it's going to, and how many packets have been passed and dropped.

Our rules covered the straightforward dummynet configuration. There's many more options that we'll look at another time. If you're interested in experimenting with network congestion, dummynet is your friend.

I put this rule in and the bandwidth instantly dropped. My friend went away happy, his client didn't have to pay for a T1 for a month, and I got back to changing the rodent cages, watering the fish, and cleaning the garage.

One of the nice things about FreeBSD is that you get your software for free. You can use terribly inexpensive hardware. The one irremediable expense is bandwidth. FreeBSD lets you control your bandwidth usage as well, keeping your costs in check.

Michael W. Lucas

Read more Big Scary Daemons columns.

Return to the BSD DevCenter.




-->