Limiter overflowing when using to Reduce Stress on Switch
Edit: I guess my real question is: Is there a way to make the limiter start dropping packets once it reaches a certain bandwidth/rate? I don't like having to drop 15% of packets across the board if there isn't a need.
We have a gigabit connection, but one of our subnets is bottlenecked thru a 10/100 switch, (and it's capp'd of course) and the retransmissions + errors were causing havoc on the firewall, so I implemented a limiter to handle it.
This is working great, except the limiter is overflowing. Since data download is constantly above the limited rate (76Mb/s), the limiter is building and building, current output of ipfw pipe show:
00001: 76.000 Mbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail sched 65537 type FIFO flags 0x0 0 buckets 1 active 0 ip 0.0.0.0/0 0.0.0.0/0 92 9991 0 0 0 00002: 76.000 Mbit/s 0 ms burst 0 q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail sched 65538 type FIFO flags 0x0 0 buckets 1 active 0 ip 0.0.0.0/0 0.0.0.0/0 17126123 23700922965 41 57062 3416184
You can see the bottom limiter just keeps growing and growing, currently over 23Gb, how can I control this? I'm thinking of dropping packets, but how do i know how many to drop, and is that really the best solution, dropping packets? Or can I somehow force the clients to get less information so the limiter doesn't overflow.