Chinaunix

标题: fb做网关路由器客户机卡顿问题 [打印本页]

---

作者: door10000    时间: 2013-05-01 10:26
标题: fb做网关路由器客户机卡顿问题
我用fb9.1配置了一台网关路由器，用的ipfw限流限速，可是客户机老是听歌都三步一卡。先前的tplink 740n都不会这样，不知道是个什么问题。看起来像是queue对列和缓存区块设置不当引起的小流量数据高延时断流。劳请大神搭救。

---

作者: door10000    时间: 2013-05-01 10:27

1. net.inet.tcp.sack.globalmaxholes: 65536
   
2. net.inet.tcp.sack.maxholes: 128
   
3. net.inet.tcp.sack.enable: 1
   
4. net.inet.tcp.soreceive_stream: 0
   
5. net.inet.tcp.isn_reseed_interval: 0
   
6. net.inet.tcp.icmp_may_rst: 1
   
7. net.inet.tcp.pcbcount: 5
   
8. net.inet.tcp.do_tcpdrain: 1
   
9. net.inet.tcp.tcbhashsize: 512
   
10. net.inet.tcp.log_debug: 0
    
11. net.inet.tcp.minmss: 216
    
12. net.inet.tcp.syncache.rst_on_sock_fail: 1
    
13. net.inet.tcp.syncache.rexmtlimit: 3
    
14. net.inet.tcp.syncache.hashsize: 512
    
15. net.inet.tcp.syncache.count: 0
    
16. net.inet.tcp.syncache.cachelimit: 15360
    
17. net.inet.tcp.syncache.bucketlimit: 30
    
18. net.inet.tcp.syncookies_only: 0
    
19. net.inet.tcp.syncookies: 1
    
20. net.inet.tcp.timer_race: 0
    
21. net.inet.tcp.per_cpu_timers: 0
    
22. net.inet.tcp.keepcnt: 8
    
23. net.inet.tcp.finwait2_timeout: 60000
    
24. net.inet.tcp.fast_finwait2_recycle: 0
    
25. net.inet.tcp.always_keepalive: 1
    
26. net.inet.tcp.rexmit_slop: 200
    
27. net.inet.tcp.rexmit_min: 30
    
28. net.inet.tcp.msl: 30000
    
29. net.inet.tcp.nolocaltimewait: 0
    
30. net.inet.tcp.maxtcptw: 5120
    
31. net.inet.udp.checksum: 1
    
32. net.inet.udp.maxdgram: 65535
    
33. net.inet.udp.recvspace: 42080
    
34. net.inet.udp.blackhole: 0
    
35. net.inet.udp.log_in_vain: 0
    
36. net.inet.sctp.blackhole: 0
    
37. net.inet.sctp.use_dcccecn: 1
    
38. net.inet.sctp.rttvar_steady_step: 20
    
39. net.inet.sctp.rttvar_eqret: 0
    
40. net.inet.sctp.rttvar_rtt: 5
    
41. net.inet.sctp.rttvar_bw: 4
    
42. net.inet.sctp.initial_cwnd: 3
    
43. net.inet.sctp.buffer_splitting: 0
    
44. net.inet.sctp.vtag_time_wait: 60
    
45. net.inet.sctp.nat_friendly_init: 0
    
46. net.inet.sctp.enable_sack_immediately: 0
    
47. net.inet.sctp.udp_tunneling_port: 0
    
48. net.inet.sctp.mobility_fasthandoff: 0
    
49. net.inet.sctp.mobility_base: 0
    
50. net.inet.sctp.default_frag_interleave: 1
    
51. net.inet.sctp.default_ss_module: 0
    
52. net.inet.sctp.default_cc_module: 0
    
53. net.inet.sctp.log_level: 0
    
54. net.inet.sctp.max_retran_chunk: 30
    
55. net.inet.sctp.min_residual: 1452
    
56. net.inet.sctp.strict_data_order: 0
    
57. net.inet.sctp.abort_at_limit: 0
    
58. net.inet.sctp.hb_max_burst: 4
    
59. net.inet.sctp.do_sctp_drain: 1
    
60. net.inet.sctp.max_chained_mbufs: 5
    
61. net.inet.sctp.abc_l_var: 2
    
62. net.inet.sctp.nat_friendly: 1
    
63. net.inet.sctp.auth_disable: 0
    
64. net.inet.sctp.asconf_auth_nochk: 0
    
65. net.inet.sctp.cwnd_maxburst: 1
    
66. net.inet.sctp.cmt_use_dac: 0
    
67. net.inet.sctp.nr_sack_on_off: 0
    
68. net.inet.sctp.cmt_on_off: 0
    
69. net.inet.sctp.outgoing_streams: 10
    
70. net.inet.sctp.add_more_on_output: 1452
    
71. net.inet.sctp.path_pf_threshold: 65535
    
72. net.inet.sctp.path_rtx_max: 5
    
73. net.inet.sctp.assoc_rtx_max: 10
    
74. net.inet.sctp.init_rtx_max: 8
    
75. net.inet.sctp.valid_cookie_life: 60000
    
76. net.inet.sctp.init_rto_max: 60000
    
77. net.inet.sctp.rto_initial: 3000
    
78. net.inet.sctp.rto_min: 1000
    
79. net.inet.sctp.rto_max: 60000
    
80. net.inet.sctp.secret_lifetime: 3600
    
81. net.inet.sctp.shutdown_guard_time: 180
    
82. net.inet.sctp.pmtu_raise_time: 600
    
83. net.inet.sctp.heartbeat_interval: 30000
    
84. net.inet.sctp.asoc_resource: 10
    
85. net.inet.sctp.sys_resource: 1000
    
86. net.inet.sctp.sack_freq: 2
    
87. net.inet.sctp.delayed_sack_time: 200
    
88. net.inet.sctp.chunkscale: 10
    
89. net.inet.sctp.min_split_point: 2904
    
90. net.inet.sctp.pcbhashsize: 256
    
91. net.inet.sctp.tcbhashsize: 1024
    
92. net.inet.sctp.maxchunks: 3200
    
93. net.inet.sctp.fr_maxburst: 4
    
94. net.inet.sctp.maxburst: 4
    
95. net.inet.sctp.peer_chkoh: 256
    
96. net.inet.sctp.strict_sacks: 1
    
97. net.inet.sctp.ecn_enable: 1
    
98. net.inet.sctp.auto_asconf: 1
    
99. net.inet.sctp.recvspace: 1864135
    
100. net.inet.sctp.sendspace: 1864135
     
101. net.inet.raw.recvspace: 65536
     
102. net.inet.raw.maxdgram: 65536
     
103. net.inet.accf.unloadable: 0
     
104. net.link.generic.system.ifcount: 13
     
105. net.link.ether.inet.log_arp_permanent_modify: 1
     
106. net.link.ether.inet.log_arp_movements: 1
     
107. net.link.ether.inet.log_arp_wrong_iface: 1
     
108. net.link.ether.inet.maxhold: 1
     
109. net.link.ether.inet.wait: 20
     
110. net.link.ether.inet.proxyall: 1
     
111. net.link.ether.inet.useloopback: 1
     
112. net.link.ether.inet.maxtries: 5
     
113. net.link.ether.inet.max_age: 1200
     
114. net.link.ether.ipfw: 0
     
115. net.link.vlan.soft_pad: 0
     
116. net.link.gif.parallel_tunnels: 0
     
117. net.link.gif.max_nesting: 1
     
118. net.link.log_link_state_change: 1
     
119. net.link.ifqmaxlen: 50
     
120. net.link.tun.devfs_cloning: 1
     
121. net.inet6.ip6.forwarding: 0
     
122. net.inet6.ip6.redirect: 1
     
123. net.inet6.ip6.hlim: 64
     
124. net.inet6.ip6.maxfragpackets: 6400
     
125. net.inet6.ip6.accept_rtadv: 0
     
126. net.inet6.ip6.keepfaith: 0
     
127. net.inet6.ip6.log_interval: 5
     
128. net.inet6.ip6.hdrnestlimit: 15
     
129. net.inet6.ip6.dad_count: 1
     
130. net.inet6.ip6.auto_flowlabel: 1
     
131. net.inet6.ip6.defmcasthlim: 1
     
132. net.inet6.ip6.gifhlim: 30
     
133. net.inet6.ip6.kame_version: FreeBSD
     
134. net.inet6.ip6.use_deprecated: 1
     
135. net.inet6.ip6.rr_prune: 5
     
136. net.inet6.ip6.v6only: 1
     
137. net.inet6.ip6.rtexpire: 3600
     
138. net.inet6.ip6.rtminexpire: 10
     
139. net.inet6.ip6.rtmaxcache: 128
     
140. net.inet6.ip6.use_tempaddr: 0
     
141. net.inet6.ip6.temppltime: 86400
     
142. net.inet6.ip6.tempvltime: 604800
     
143. net.inet6.ip6.auto_linklocal: 1
     
144. net.inet6.ip6.prefer_tempaddr: 0
     
145. net.inet6.ip6.use_defaultzone: 0
     
146. net.inet6.ip6.maxfrags: 6400
     
147. net.inet6.ip6.mcast_pmtu: 0
     
148. net.inet6.ip6.no_radr: 0
     
149. net.inet6.ip6.norbit_raif: 0
     
150. net.inet6.ip6.rfc6204w3: 0
     
151. net.inet6.ip6.mcast.loop: 1
     
152. net.inet6.ip6.mcast.maxsocksrc: 128
     
153. net.inet6.ip6.mcast.maxgrpsrc: 512
     
154. net.inet6.ip6.fw.permit_single_frag6: 1
     
155. net.inet6.ip6.fw.deny_unknown_exthdrs: 1
     
156. net.inet6.ip6.fw.enable: 1
     
157. net.inet6.icmp6.rediraccept: 1
     
158. net.inet6.icmp6.redirtimeout: 600
     
159. net.inet6.icmp6.nd6_prune: 1
     
160. net.inet6.icmp6.nd6_delay: 5
     
161. net.inet6.icmp6.nd6_umaxtries: 3
     
162. net.inet6.icmp6.nd6_mmaxtries: 3
     
163. net.inet6.icmp6.nd6_useloopback: 1
     
164. net.inet6.icmp6.nodeinfo: 3
     
165. net.inet6.icmp6.errppslimit: 100
     
166. net.inet6.icmp6.nd6_maxnudhint: 0
     
167. net.inet6.icmp6.nd6_debug: 0
     
168. net.inet6.icmp6.nd6_maxqueuelen: 1
     
169. net.inet6.icmp6.nd6_onlink_ns_rfc4861: 0
     
170. net.inet6.mld.use_allow: 1
     
171. net.inet6.mld.v1enable: 1
     
172. net.inet6.mld.gsrdelay: 10
     
173. net.bpf.zerocopy_enable: 0
     
174. net.bpf.maxinsns: 512
     
175. net.bpf.maxbufsize: 524288
     
176. net.bpf.bufsize: 4096
     
177. net.ifdescr_maxlen: 1024
     
178. net.isr.numthreads: 1
     
179. net.isr.maxprot: 16
     
180. net.isr.defaultqlimit: 256
     
181. net.isr.maxqlimit: 10240
     
182. net.isr.bindthreads: 0
     
183. net.isr.maxthreads: 1
     
184. net.isr.direct: 0
     
185. net.isr.direct_force: 0
     
186. net.isr.dispatch: direct
     
187. net.raw.recvspace: 8192
     
188. net.raw.sendspace: 8192
     
189. net.my_fibnum: 0
     
190. net.add_addr_allfibs: 1
     
191. net.fibs: 1
     
192. net.route.netisr_maxqlen: 256
     
193. net.wlan.cac_timeout: 60
     
194. net.wlan.nol_timeout: 1800
     
195. net.wlan.debug: 0
     
196. net.wlan.addba_maxtries: 3
     
197. net.wlan.addba_backoff: 10000
     
198. net.wlan.addba_timeout: 250
     
199. net.wlan.recv_bar: 1
     
200. net.wlan.ampdu_age: 500
     
201. net.wlan.hwmp.inact: 5000
     
202. net.wlan.hwmp.rannint: 1000
     
203. net.wlan.hwmp.rootint: 2000
     
204. net.wlan.hwmp.roottimeout: 5000
     
205. net.wlan.hwmp.pathlifetime: 5000
     
206. net.wlan.hwmp.replyforward: 1
     
207. net.wlan.hwmp.targetonly: 0
     
208. net.wlan.mesh.maxretries: 2
     
209. net.wlan.mesh.confirmtimeout: 40
     
210. net.wlan.mesh.holdingtimeout: 40
     
211. net.wlan.mesh.retrytimeout: 40
     
212. net.graph.msg_version: 8
     
213. net.graph.abi_version: 12
     
214. net.graph.maxdata: 512
     
215. net.graph.maxalloc: 4096
     
216. net.graph.threads: 1
     
217. net.graph.control.proto: 2
     
218. net.graph.data.proto: 1
     
219. net.graph.family: 32
     
220. net.graph.recvspace: 20480
     
221. net.graph.maxdgram: 20480
     
222. dev.fwe.0.%desc: Ethernet over FireWire
     
223. dev.plip.0.%desc: PLIP network interface

复制代码

---

作者: door10000    时间: 2013-05-01 10:27

1. net.inet.ip.dummynet.red_avg_pkt_size: 512
   
2. net.inet.ip.dummynet.red_lookup_depth: 256
   
3. net.inet.ip.dummynet.debug: 0
   
4. net.inet.ip.dummynet.io_fast: 0
   
5. net.inet.ip.dummynet.pipe_byte_limit: 1048576
   
6. net.inet.ip.dummynet.pipe_slot_limit: 100
   
7. net.inet.ip.dummynet.hash_size: 64
   
8. net.inet.icmp.maskrepl: 0
   
9. net.inet.icmp.icmplim: 200
   
10. net.inet.icmp.bmcastecho: 0
    
11. net.inet.icmp.quotelen: 8
    
12. net.inet.icmp.reply_from_interface: 0
    
13. net.inet.icmp.reply_src:
    
14. net.inet.icmp.log_redirect: 0
    
15. net.inet.icmp.drop_redirect: 0
    
16. net.inet.icmp.maskfake: 0
    
17. net.inet.icmp.icmplim_output: 1
    
18. net.inet.igmp.gsrdelay: 10
    
19. net.inet.igmp.default_version: 3
    
20. net.inet.igmp.legacysupp: 0
    
21. net.inet.igmp.v2enable: 1
    
22. net.inet.igmp.v1enable: 1
    
23. net.inet.igmp.sendlocal: 1
    
24. net.inet.igmp.sendra: 1
    
25. net.inet.igmp.recvifkludge: 1
    
26. net.inet.tcp.rfc1323: 1
    
27. net.inet.tcp.mssdflt: 536
    
28. net.inet.tcp.keepidle: 7200000
    
29. net.inet.tcp.keepintvl: 75000
    
30. net.inet.tcp.sendspace: 65536
    
31. net.inet.tcp.recvspace: 65536
    
32. net.inet.tcp.keepinit: 75000
    
33. net.inet.tcp.delacktime: 100
    
34. net.inet.tcp.v6mssdflt: 1220
    
35. net.inet.tcp.cc.available: newreno
    
36. net.inet.tcp.cc.algorithm: newreno
    
37. net.inet.tcp.hostcache.purge: 0
    
38. net.inet.tcp.hostcache.prune: 300
    
39. net.inet.tcp.hostcache.expire: 3600
    
40. net.inet.tcp.hostcache.count: 1
    
41. net.inet.tcp.hostcache.bucketlimit: 30
    
42. net.inet.tcp.hostcache.hashsize: 512
    
43. net.inet.tcp.hostcache.cachelimit: 15360
    
44. net.inet.tcp.recvbuf_max: 2097152
    
45. net.inet.tcp.recvbuf_inc: 16384
    
46. net.inet.tcp.recvbuf_auto: 1
    
47. net.inet.tcp.insecure_rst: 0
    
48. net.inet.tcp.ecn.maxretries: 1
    
49. net.inet.tcp.ecn.enable: 0
    
50. net.inet.tcp.abc_l_var: 2
    
51. net.inet.tcp.rfc3465: 1
    
52. net.inet.tcp.rfc3390: 1
    
53. net.inet.tcp.rfc3042: 1
    
54. net.inet.tcp.drop_synfin: 0
    
55. net.inet.tcp.delayed_ack: 1
    
56. net.inet.tcp.blackhole: 0
    
57. net.inet.tcp.log_in_vain: 1
    
58. net.inet.tcp.sendbuf_max: 2097152
    
59. net.inet.tcp.sendbuf_inc: 8192
    
60. net.inet.tcp.sendbuf_auto: 1
    
61. net.inet.tcp.tso: 1
    
62. net.inet.tcp.local_slowstart_flightsize: 4
    
63. net.inet.tcp.slowstart_flightsize: 1
    
64. net.inet.tcp.path_mtu_discovery: 1
    
65. net.inet.tcp.reass.overflows: 0
    
66. net.inet.tcp.reass.cursegments: 0
    
67. net.inet.tcp.reass.maxsegments: 1680
    
68. net.inet.tcp.sack.globalholes: 0
    
69. net.inet.tcp.sack.globalmaxholes: 65536
    
70. net.inet.tcp.sack.maxholes: 128
    
71. net.inet.tcp.sack.enable: 1
    
72. net.inet.tcp.soreceive_stream: 0
    
73. net.inet.tcp.isn_reseed_interval: 0
    
74. net.inet.tcp.icmp_may_rst: 1
    
75. net.inet.tcp.pcbcount: 5
    
76. net.inet.tcp.do_tcpdrain: 1
    
77. net.inet.tcp.tcbhashsize: 512
    
78. net.inet.tcp.log_debug: 0
    
79. net.inet.tcp.minmss: 216
    
80. net.inet.tcp.syncache.rst_on_sock_fail: 1
    
81. net.inet.tcp.syncache.rexmtlimit: 3
    
82. net.inet.tcp.syncache.hashsize: 512
    
83. net.inet.tcp.syncache.count: 0
    
84. net.inet.tcp.syncache.cachelimit: 15360
    
85. net.inet.tcp.syncache.bucketlimit: 30
    
86. net.inet.tcp.syncookies_only: 0
    
87. net.inet.tcp.syncookies: 1
    
88. net.inet.tcp.timer_race: 0
    
89. net.inet.tcp.per_cpu_timers: 0
    
90. net.inet.tcp.keepcnt: 8
    
91. net.inet.tcp.finwait2_timeout: 60000
    
92. net.inet.tcp.fast_finwait2_recycle: 0
    
93. net.inet.tcp.always_keepalive: 1
    
94. net.inet.tcp.rexmit_slop: 200
    
95. net.inet.tcp.rexmit_min: 30
    
96. net.inet.tcp.msl: 30000
    
97. net.inet.tcp.nolocaltimewait: 0
    
98. net.inet.tcp.maxtcptw: 5120
    
99. net.inet.udp.checksum: 1
    
100. net.inet.udp.maxdgram: 65535
     
101. net.inet.udp.recvspace: 42080
     
102. net.inet.udp.blackhole: 0
     
103. net.inet.udp.log_in_vain: 0
     
104. net.inet.sctp.blackhole: 0
     
105. net.inet.sctp.use_dcccecn: 1
     
106. net.inet.sctp.rttvar_steady_step: 20
     
107. net.inet.sctp.rttvar_eqret: 0
     
108. net.inet.sctp.rttvar_rtt: 5
     
109. net.inet.sctp.rttvar_bw: 4
     
110. net.inet.sctp.initial_cwnd: 3
     
111. net.inet.sctp.buffer_splitting: 0
     
112. net.inet.sctp.vtag_time_wait: 60
     
113. net.inet.sctp.nat_friendly_init: 0
     
114. net.inet.sctp.enable_sack_immediately: 0
     
115. net.inet.sctp.udp_tunneling_port: 0
     
116. net.inet.sctp.mobility_fasthandoff: 0
     
117. net.inet.sctp.mobility_base: 0
     
118. net.inet.sctp.default_frag_interleave: 1
     
119. net.inet.sctp.default_ss_module: 0
     
120. net.inet.sctp.default_cc_module: 0
     
121. net.inet.sctp.log_level: 0
     
122. net.inet.sctp.max_retran_chunk: 30
     
123. net.inet.sctp.min_residual: 1452
     
124. net.inet.sctp.strict_data_order: 0
     
125. net.inet.sctp.abort_at_limit: 0
     
126. net.inet.sctp.hb_max_burst: 4
     
127. net.inet.sctp.do_sctp_drain: 1
     
128. net.inet.sctp.max_chained_mbufs: 5
     
129. net.inet.sctp.abc_l_var: 2
     
130. net.inet.sctp.nat_friendly: 1
     
131. net.inet.sctp.auth_disable: 0
     
132. net.inet.sctp.asconf_auth_nochk: 0
     
133. net.inet.sctp.cwnd_maxburst: 1
     
134. net.inet.sctp.cmt_use_dac: 0
     
135. net.inet.sctp.nr_sack_on_off: 0
     
136. net.inet.sctp.cmt_on_off: 0
     
137. net.inet.sctp.outgoing_streams: 10
     
138. net.inet.sctp.add_more_on_output: 1452
     
139. net.inet.sctp.path_pf_threshold: 65535
     
140. net.inet.sctp.path_rtx_max: 5
     
141. net.inet.sctp.assoc_rtx_max: 10
     
142. net.inet.sctp.init_rtx_max: 8
     
143. net.inet.sctp.valid_cookie_life: 60000
     
144. net.inet.sctp.init_rto_max: 60000
     
145. net.inet.sctp.rto_initial: 3000
     
146. net.inet.sctp.rto_min: 1000
     
147. net.inet.sctp.rto_max: 60000
     
148. net.inet.sctp.secret_lifetime: 3600
     
149. net.inet.sctp.shutdown_guard_time: 180
     
150. net.inet.sctp.pmtu_raise_time: 600
     
151. net.inet.sctp.heartbeat_interval: 30000
     
152. net.inet.sctp.asoc_resource: 10
     
153. net.inet.sctp.sys_resource: 1000
     
154. net.inet.sctp.sack_freq: 2
     
155. net.inet.sctp.delayed_sack_time: 200
     
156. net.inet.sctp.chunkscale: 10
     
157. net.inet.sctp.min_split_point: 2904
     
158. net.inet.sctp.pcbhashsize: 256
     
159. net.inet.sctp.tcbhashsize: 1024
     
160. net.inet.sctp.maxchunks: 3200
     
161. net.inet.sctp.fr_maxburst: 4
     
162. net.inet.sctp.maxburst: 4
     
163. net.inet.sctp.peer_chkoh: 256
     
164. net.inet.sctp.strict_sacks: 1
     
165. net.inet.sctp.ecn_enable: 1
     
166. net.inet.sctp.auto_asconf: 1
     
167. net.inet.sctp.recvspace: 1864135
     
168. net.inet.sctp.sendspace: 1864135
     
169. net.inet.raw.recvspace: 65536
     
170. net.inet.raw.maxdgram: 65536
     
171. net.inet.accf.unloadable: 0
     
172. net.inet6.ip6.forwarding: 0
     
173. net.inet6.ip6.redirect: 1
     
174. net.inet6.ip6.hlim: 64
     
175. net.inet6.ip6.maxfragpackets: 6400
     
176. net.inet6.ip6.accept_rtadv: 0
     
177. net.inet6.ip6.keepfaith: 0
     
178. net.inet6.ip6.log_interval: 5
     
179. net.inet6.ip6.hdrnestlimit: 15
     
180. net.inet6.ip6.dad_count: 1
     
181. net.inet6.ip6.auto_flowlabel: 1
     
182. net.inet6.ip6.defmcasthlim: 1
     
183. net.inet6.ip6.gifhlim: 30
     
184. net.inet6.ip6.kame_version: FreeBSD
     
185. net.inet6.ip6.use_deprecated: 1
     
186. net.inet6.ip6.rr_prune: 5
     
187. net.inet6.ip6.v6only: 1
     
188. net.inet6.ip6.rtexpire: 3600
     
189. net.inet6.ip6.rtminexpire: 10
     
190. net.inet6.ip6.rtmaxcache: 128
     
191. net.inet6.ip6.use_tempaddr: 0
     
192. net.inet6.ip6.temppltime: 86400
     
193. net.inet6.ip6.tempvltime: 604800
     
194. net.inet6.ip6.auto_linklocal: 1
     
195. net.inet6.ip6.prefer_tempaddr: 0
     
196. net.inet6.ip6.use_defaultzone: 0
     
197. net.inet6.ip6.maxfrags: 6400
     
198. net.inet6.ip6.mcast_pmtu: 0
     
199. net.inet6.ip6.no_radr: 0
     
200. net.inet6.ip6.norbit_raif: 0
     
201. net.inet6.ip6.rfc6204w3: 0
     
202. net.inet6.ip6.mcast.loop: 1
     
203. net.inet6.ip6.mcast.maxsocksrc: 128
     
204. net.inet6.ip6.mcast.maxgrpsrc: 512
     
205. net.inet6.ip6.fw.permit_single_frag6: 1
     
206. net.inet6.ip6.fw.deny_unknown_exthdrs: 1
     
207. net.inet6.ip6.fw.enable: 1
     
208. net.inet6.icmp6.rediraccept: 1
     
209. net.inet6.icmp6.redirtimeout: 600
     
210. net.inet6.icmp6.nd6_prune: 1
     
211. net.inet6.icmp6.nd6_delay: 5
     
212. net.inet6.icmp6.nd6_umaxtries: 3
     
213. net.inet6.icmp6.nd6_mmaxtries: 3
     
214. net.inet6.icmp6.nd6_useloopback: 1
     
215. net.inet6.icmp6.nodeinfo: 3
     
216. net.inet6.icmp6.errppslimit: 100
     
217. net.inet6.icmp6.nd6_maxnudhint: 0
     
218. net.inet6.icmp6.nd6_debug: 0
     
219. net.inet6.icmp6.nd6_maxqueuelen: 1
     
220. net.inet6.icmp6.nd6_onlink_ns_rfc4861: 0
     
221. net.inet6.mld.use_allow: 1
     
222. net.inet6.mld.v1enable: 1
     
223. net.inet6.mld.gsrdelay: 10

复制代码

---

作者: door10000    时间: 2013-05-01 10:38

1. net.inet.ip.portrange.randomtime: 45
   
2. net.inet.ip.portrange.randomcps: 10
   
3. net.inet.ip.portrange.randomized: 1
   
4. net.inet.ip.portrange.reservedlow: 0
   
5. net.inet.ip.portrange.reservedhigh: 1023
   
6. net.inet.ip.portrange.hilast: 65535
   
7. net.inet.ip.portrange.hifirst: 49152
   
8. net.inet.ip.portrange.last: 65535
   
9. net.inet.ip.portrange.first: 10000
   
10. net.inet.ip.portrange.lowlast: 600
    
11. net.inet.ip.portrange.lowfirst: 1023
    
12. net.inet.ip.forwarding: 1
    
13. net.inet.ip.redirect: 1
    
14. net.inet.ip.ttl: 64
    
15. net.inet.ip.rtexpire: 3600
    
16. net.inet.ip.rtminexpire: 10
    
17. net.inet.ip.rtmaxcache: 128
    
18. net.inet.ip.sourceroute: 0
    
19. net.inet.ip.intr_queue_maxlen: 256
    
20. net.inet.ip.intr_queue_drops: 0
    
21. net.inet.ip.accept_sourceroute: 0
    
22. net.inet.ip.keepfaith: 0
    
23. net.inet.ip.gifttl: 30
    
24. net.inet.ip.same_prefix_carp_only: 0
    
25. net.inet.ip.random_id_total: 0
    
26. net.inet.ip.random_id_collisions: 0
    
27. net.inet.ip.random_id_period: 8192
    
28. net.inet.ip.mcast.loop: 1
    
29. net.inet.ip.mcast.maxsocksrc: 128
    
30. net.inet.ip.mcast.maxgrpsrc: 512
    
31. net.inet.ip.fastforwarding: 1
    
32. net.inet.ip.maxfragpackets: 800
    
33. net.inet.ip.maxfragsperpacket: 16
    
34. net.inet.ip.fragpackets: 0
    
35. net.inet.ip.check_interface: 0
    
36. net.inet.ip.random_id: 0
    
37. net.inet.ip.sendsourcequench: 0
    
38. net.inet.ip.process_options: 1
    
39. net.inet.ip.fw.static_count: 18
    
40. net.inet.ip.fw.default_to_accept: 0
    
41. net.inet.ip.fw.tables_max: 128
    
42. net.inet.ip.fw.default_rule: 65535
    
43. net.inet.ip.fw.verbose_limit: 5
    
44. net.inet.ip.fw.verbose: 1
    
45. net.inet.ip.fw.autoinc_step: 100
    
46. net.inet.ip.fw.one_pass: 1
    
47. net.inet.ip.fw.enable: 1
    
48. net.inet.ip.fw.dyn_keepalive: 1
    
49. net.inet.ip.fw.dyn_short_lifetime: 5
    
50. net.inet.ip.fw.dyn_udp_lifetime: 10
    
51. net.inet.ip.fw.dyn_rst_lifetime: 1
    
52. net.inet.ip.fw.dyn_fin_lifetime: 1
    
53. net.inet.ip.fw.dyn_syn_lifetime: 20
    
54. net.inet.ip.fw.dyn_ack_lifetime: 300
    
55. net.inet.ip.fw.dyn_max: 65535
    
56. net.inet.ip.fw.dyn_count: 0
    
57. net.inet.ip.fw.curr_dyn_buckets: 256
    
58. net.inet.ip.fw.dyn_buckets: 256
    
59. net.inet.ip.dummynet.io_pkt_drop: 314864
    
60. net.inet.ip.dummynet.io_pkt_fast: 970708
    
61. net.inet.ip.dummynet.io_pkt: 5928446
    
62. net.inet.ip.dummynet.queue_count: 0
    
63. net.inet.ip.dummynet.fsk_count: 4
    
64. net.inet.ip.dummynet.si_count: 1
    
65. net.inet.ip.dummynet.schk_count: 6
    
66. net.inet.ip.dummynet.expire_cycle: 0
    
67. net.inet.ip.dummynet.expire: 1
    
68. net.inet.ip.dummynet.tick_lost: 0
    
69. net.inet.ip.dummynet.tick_diff: 213
    
70. net.inet.ip.dummynet.tick_adjustment: 29
    
71. net.inet.ip.dummynet.tick_delta_sum: 694
    
72. net.inet.ip.dummynet.tick_delta: 1
    
73. net.inet.ip.dummynet.red_max_pkt_size: 1500
    
74. net.inet.ip.dummynet.red_avg_pkt_size: 512
    
75. net.inet.ip.dummynet.red_lookup_depth: 256
    
76. net.inet.ip.dummynet.debug: 0
    
77. net.inet.ip.dummynet.io_fast: 0
    
78. net.inet.ip.dummynet.pipe_byte_limit: 1048576
    
79. net.inet.ip.dummynet.pipe_slot_limit: 100
    
80. net.inet.ip.dummynet.hash_size: 64

复制代码

---

作者: door10000    时间: 2013-05-01 10:48

1. root@acerx:/root # ipfw pipe list
   
2. 00002:   8.000 Mbit/s    0 ms burst 0
   
3. q131074  50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail
   
4. sched 65538 type FIFO flags 0x0 0 buckets 0 active
   
5. 00021:   4.096 Mbit/s    0 ms burst 0
   
6. q131093 20 KB 0 flows (1 buckets) sched 65557 weight 0 lmax 0 pri 0 droptail
   
7. sched 65557 type FIFO flags 0x0 0 buckets 0 active
   
8. 00020:   1.024 Mbit/s    0 ms burst 0
   
9. q131092 20 KB 0 flows (1 buckets) sched 65556 weight 0 lmax 0 pri 0 droptail
   
10. sched 65556 type FIFO flags 0x0 0 buckets 1 active
    
11. BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
    
12.   0 ip           0.0.0.0/0             0.0.0.0/0        2      184  0    0   0

复制代码

---

作者: door10000    时间: 2013-05-01 10:49

1. root@acerx:/root # ipfw queue list
   
2. q00020  50 sl. 0 flows (64 buckets) sched 2 weight 5 lmax 0 pri 0 droptail
   
3.     mask:  0x00 0x00000000/0x0000 -> 0x000000ff/0x0000

复制代码

---

作者: door10000    时间: 2013-05-01 11:35
没大侠来搭救下？

---

作者: lsstarboy    时间: 2013-05-01 15:54
你贴的都是没用的，ipfw规则呢？
另外你的pipe mask是多少？是不是所有客户机共享8M和20k了？

---

作者: door10000    时间: 2013-05-01 18:52

1. root@acerx:/root # ipfw list
   
2. 00050 divert 8668 ip4 from any to any via em0
   
3. 00100 allow ip from any to any via lo0
   
4. 00200 deny ip from any to 127.0.0.0/8
   
5. 00300 deny ip from 127.0.0.0/8 to any
   
6. 00400 deny ip from any to ::1
   
7. 00500 deny ip from ::1 to any
   
8. 00600 allow ipv6-icmp from :: to ff02::/16
   
9. 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
   
10. 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
    
11. 00900 allow ipv6-icmp from any to any ip6 icmp6types 1
    
12. 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
    
13. 01100 divert 8668 ip from any to any via em0
    
14. 01200 pipe 20 ip from 192.168.1.0/24 to any
    
15. 01300 pipe 21 ip from any to 192.168.1.0/24
    
16. 01400 queue 20 ip from any to 192.168.1.0/24
    
17. 01500 allow tcp from 192.168.1.0/24 to any setup limit src-addr 60
    
18. 65000 allow ip from any to any
    
19. 65100 divert 8668 ip from any to any via em0
    
20. 65535 deny ip from any to any
    

复制代码

---

作者: door10000    时间: 2013-05-01 18:54


回复 8# lsstarboy
我是电信4M光纤，上传同等所以8M，还有就是我设置以后真实的数据往往是填写的一半。
掩码是255.255.255.0
20k是queue队列参数。
客户机就几台不多。

   

---

作者: lsstarboy    时间: 2013-05-02 08:46
pipe相关配置呢？
没有mask共用一个pipe。

---

作者: door10000    时间: 2013-05-02 10:02

1. # If you just configured ipfw in the kernel as a tool to solve network
   
2. # problems or you just want to disallow some particular kinds of traffic
   
3. # then you will want to change the default policy to open.  You can also
   
4. # do this as your only action by setting the firewall_type to ``open''.
   
5. #
   
6. #       ${fwcmd} add 65000 pass all from any to any
   
7.         ${fwcmd} add divert 8668 all from any to any via em0
   
8.         ${fwcmd} add pipe 20 ip from 192.168.1.1/24 to any
   
9.         ${fwcmd} pipe 20 config bw 40KBytes/s queue 10
   
10.         ${fwcmd} add pipe 21 ip from any to 192.168.1.1/24
    
11.         ${fwcmd} pipe 21 config bw 1024KBytes/s queue 10
    
12.         ${fwcmd} add queue 20 ip from any to 192.168.1.0/24
    
13.         ${fwcmd} queue 20 config weight 5 pipe 2 mask dst-ip 0x000000ff
    
14.         ${fwcmd} pipe 2 config bw 16Mbit/s
    
15.         ${fwcmd} add allow tcp from 192.168.1.1/24 to any setup limit src-addr 60
    

复制代码

---

作者: door10000    时间: 2013-05-02 10:03
上面就是我全部的防火墙限速策略了。回复 11# lsstarboy


   

---

作者: kkkggg    时间: 2013-05-02 12:18
网关限速一般适于限制上传而不擅长限制下载。除非是内部网络。
电信发回给你多少数据不是你能决定得了的。当然如果是tcp友好流，察觉到网速不行，会自动降速。如果不是tcp友好流，丢掉部分下载数据，只会导致数据包重传，别的连接也不会因此抢到更多带宽。
你在下载用了queue，而在上传反而没用queue。上传用queue比较适合。你可以先用systat -if看一下上传的流量是不是很大。
还有，你去掉pipe参数queue 10试试看。

---

作者: lsstarboy    时间: 2013-05-02 13:46
把mask放到pipe上再试。　

---

作者: door10000    时间: 2013-05-02 15:57
给我个代码吧，我很白的。回复 15# lsstarboy


   

---

作者: door10000    时间: 2013-05-02 18:43

1. ${fwcmd} add 65000 pass all from any to any
   
2.         ${fwcmd} add divert 8668 all from any to any via em0
   
3.         ${fwcmd} add pipe 20 ip from 192.168.1.1/24 to any
   
4.         ${fwcmd} pipe 20 config bw 40KBytes/s queue 10 mask dst-ip 0x000000ff
   
5.         ${fwcmd} add pipe 21 ip from any to 192.168.1.1/24
   
6.         ${fwcmd} pipe 21 config bw 1024KBytes/s queue 10 mask dst-ip 0x000000ff
   
7.         ${fwcmd} add queue 20 ip from any to 192.168.1.0/24
   
8.         ${fwcmd} queue 20 config weight 5 pipe 2 mask dst-ip 0x000000ff
   
9.         ${fwcmd} pipe 2 config bw 16Mbit/s
   
10.         ${fwcmd} add allow tcp from 192.168.1.1/24 to any setup limit src-addr 60
    

复制代码

---

作者: door10000    时间: 2013-05-02 18:44
回复 15# lsstarboy
是这样加吗？

   

---

作者: door10000    时间: 2013-05-02 18:47


回复 14# kkkggg


    确实，我在下载用了queue后下载速度小了，上传速度反而远远大于下载。看来是这个原因。不过我在pipe限制上传后上传数据就下来了。不过多客户大量使用带宽时会非常大的延迟，即使宽带远未用完。

---

作者: door10000    时间: 2013-05-02 19:27
昨天晚上把buf设置从512k变到10M,这有必要吗？

---

作者: lsstarboy    时间: 2013-05-02 20:24
pipe 20 的mask 是　src-ip


buf你的线路，没有必要调，1M就很大了。

---

作者: door10000    时间: 2013-05-02 22:39
我把bufsize设成4096就不卡啦。不过我不太明白这是怎么回事maxbufsize依然是10m。

---

作者: kkkggg    时间: 2013-05-03 11:07

door10000 发表于 2013-05-02 18:47
回复 14# kkkggg

使用queue是为了单ip限速。限制上传一般格式是这样的：
ipfw -q add 100 queue 1 ip from 192.168.1.0/24 to any in recv $int_if
ipfw -q queue 1 config pipe 1 mask src-ip 0x000000ff
ipfw -q pipe 1 config bw 450Kbit/s

---

作者: door10000    时间: 2013-05-03 11:50

1.         ${fwcmd} add divert 8668 all from any to any via em0
   
2.         ${fwcmd} add pipe 20 ip from 192.168.1.1/24 to any
   
3.         ${fwcmd} pipe 20 config mask src-ip 0x000000ff bw 40KBytes/s
   
4.         ${fwcmd} add pipe 21 ip from any to 192.168.1.1/24
   
5.         ${fwcmd} pipe 21 config mask dst-ip 0x000000ff bw 512KBytes/s
   
6.         ${fwcmd} add queue 20 ip from 192.168.1.0/24 to any
   
7.         ${fwcmd} queue 20 config weight 5 pipe 2 mask dst-ip 0x000000ff
   
8.         ${fwcmd} pipe 2 config bw 1Mbit/s
   
9.         ${fwcmd} add allow tcp from 192.168.1.1/24 to any setup limit src-addr 60
   

复制代码

这样以后就ok了。

---

作者: door10000    时间: 2013-05-03 11:51
卡顿问题，是我的bufsize设置问题。
最小4096最大10MB。

---

作者: congli    时间: 2013-05-03 12:34
lz可以试下FreeBSD 8.X PF + Panabit

---

作者: door10000    时间: 2013-05-03 17:58
回复 26# congli
有何优势？


   

---

作者: lsstarboy    时间: 2013-05-03 20:13


概念别搞错了！
pipe是高速限速120km/h，queue是收费站，拥堵的时候决定先放行哪个车道，在不堵车的时候，queue基本上没用。

---

作者: door10000    时间: 2013-05-03 22:35
回复 28# lsstarboy
也就是说pipe才是我真正卡掉的原因。queue是处置网络不足时对于高低优先级的一种策略。现在就是可以用pipe把4M带宽限制为单个2M的pipe在客户机上传也设置相应的策略，当网络没用完时大家相安无事，一旦网络不够用的时候就要用queue去让那些优先级高的通信然后看情况放行优先级低的通信咯？


   

---

作者: door10000    时间: 2013-05-03 22:38


回复 28# lsstarboy 但是又如何理解queue队列的参数分割槽勒？和数据块？以及对应的数据分割和总数据块导致的时延？


   

---

作者: kkkggg    时间: 2013-05-04 14:23

door10000 发表于 2013-05-03 11:50
这样以后就ok了。

net.inet.ip.fw.one_pass为1的时候，同一方向只会被有放行功能的规则匹配一次。
你前面的这一条
${fwcmd} add pipe 20 ip from 192.168.1.1/24 to any
生效后，后面的
${fwcmd} add queue 20 ip from 192.168.1.0/24 to any
${fwcmd} add allow tcp from 192.168.1.1/24 to any setup limit src-addr 60
就没用了

---

作者: door10000    时间: 2013-05-04 17:06
回复 31# kkkggg
这些后面的规则并不与前面的矛盾呀。难道还要把什么开关打开？


   

---

作者: lsstarboy    时间: 2013-05-04 21:28
我只关心你的pipe和queue了，31楼是对的，ipfw只要匹配了，后面的规则就忽略掉。

---

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)

Powered by Discuz! X3.2