# traffic bandwidth limit with dummynet



## bored_to_death (Jun 3, 2010)

hello,

i'm trying to limit my input traffic bandwidth on freebsd. i used ipfw+dummynet. without limitation, i have almost 1Gbit/s input traffic on my system. when i try to limit the bandwidth, it works fine on low to normal limitation number (up to 450 Mbit/s).
but when i limit my traffic to an amount bigger than 500MBit/s, my input traffic lowers down to average of 430 MBit/s. no matter what limitations i set(from 500MBit/s to 1000MBit/s) my input traffic rate is getting stucked at 430MBit/s. 

i suspected low hardware performance, so i tried this on 2 different systems with freebsd-8.0 and the result is exactly the same.

my ipfw rules are:

```
ipfw -q flush
ipfw -q add 500 set 1 pipe 1 all from any to any in
ipfw pipe 1 config bw 700Mbit/s
ipfw add 1000 allow all from any to any
```

so my question is:
1- is ipfw+dummynet traffic limit control, has performance problem that cannot limit traffic correctly if limitation number is bigger than 500MBit/s?
2- is there any other way (other than ipfw+dummynet) to limit input bandwidth in freebsd?

thank you.


----------



## phoenix (Jun 3, 2010)

You can't (effectively) limit how fast data enters a system, you can only limit how fast data exits a system.

Think of it like a firehose.  If you are holding the hose, you can control how fast water exits the hose by turning the valve.  If you are standing across the street and being sprayed by the hose, you have no control over how much water hits you.

You need to control 2 systems, on either end of a network link, in order to effectively and reliably manage data throughput.  Then you limit the outgoing traffic on each system, on the interfaces that connect them.


----------



## bored_to_death (Jun 3, 2010)

it's true we can't limit input traffic of a system, but we may be able to put a filter between input traffic and our system to decrease amount of input data received by our system.

anyway, my question is more about ipfw+dummynet performance. it really doesnt matter if we define our rule for input or output. in fact, i want to have a router which has a limitation on input (or output) traffic for users. i changed my rules to set a limitation on output, but the result didn't change.


```
...
ipfw -q add 500 set 1 pipe 1 all from any to any out
...
```

any ideas how to set such limitation on input or output traffic bandwidth?


----------



## iwe76 (Jun 28, 2010)

Use PF with Dummynet. This will allow you to effectively control traffic in both directions.

Just add ALTQ into your kernel, build and install. There are tons of resources out there that describe how to setup this type of configuration.


----------

