Chapter 7. Traffic Shaper

SmallWall's traffic shaper uses FreeBSD's dummynet and ipfw. Little documentation on the traffic shaper exists because Chris Buechler, author of the majority of this documentation, had not taken the time to figure it out to the extent that it could be documented. Documentation contributions would be much appreciated. Please email any contributions to Lee Sharp.

Suggested Resources

Adam Nellemann's "Traffic shaper 'manual' (alpha)" post to the mailing list back in February 2004 is the closest thing to any traffic shaping documentation that is currently available.

Resources on ipfw and dummynet may be useful, for the information they provide on pipes and queues.

Dummynet paper from the Philippines Department of Science and Technology

BSDnews Using Dummynet for Traffic Shaping on FreeBSD (not currently available)

The following from the dummynet man page may also be helpful.

dummynet operates by first using the firewall to classify packets and
divide them into flows, using any match pattern that can be used in ipfw
rules.  Depending on local policies, a flow can contain packets for a
single TCP connection, or from/to a given host, or entire subnet, or a
protocol type, etc.

Packets belonging to the same flow are then passed to either of two
different objects, which implement the traffic regulation:

  pipe  A pipe emulates a link with given bandwidth, propagation
         delay, queue size and packet loss rate.  Packets are queued
         in front of the pipe as they come out from the classifier,
         and then transferred to the pipe according to the pipe's

  queue  A queue is an abstraction used to implement the WF2Q+ (Worst-
         case Fair Weighted Fair Queueing) policy, which is an effi-
         cient variant of the WFQ policy.
         The queue associates a weight and a reference pipe to each
         flow, and then all backlogged (i.e., with packets queued)
         flows linked to the same pipe share the pipe's bandwidth pro-
         portionally to their weights.  Note that weights are not pri-
         orities; a flow with a lower weight is still guaranteed to
         get its fraction of the bandwidth even if a flow with a
         higher weight is permanently backlogged.

In practice, pipes can be used to set hard limits to the bandwidth that a
flow can use, whereas queues can be used to determine how different flow
share the available bandwidth.