Building a Delay Router

The Building a Delay Router HOWTO discusses how to build a bridging ìdelay routerî using FreeBSD and dummynet to simulate various network connections.

Introduction

Dummynet is a system facility that permits the control of traffic going through the various network interfaces, by applying bandwidth and gueue size limitations, and simulating delays and losses (man 4 dummynet).

To properly use this configuration you will need a FreeBSD box with a minimum of two network interfaces. Enabling the bridge will place the interfaces in promiscuous mode, passing all data through the box received on an interface. In my configuration I configure an IP address on one of the interfaces so I can SSH to the box and change the configuration during testing.

1. Compile a new kernel with the following additional options. (If you need help doing this read this first: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html)

options DUMMYNET
options BRIDGE
options HZ=1000
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT

2. Edit /etc/sysctl and add the following lines to enable bridging.

net.link.ether.bridge=1
net.link.ether.bridge_ipfw=1
net.link.ether.bridge_cfg=xl0,xl1

Replace xl0 and xl1 with the names of the interfaces on your computer that you will be bridging.

3. Edit /etc/rc.local and add the following lines to create the default network profile.

ipfw add pipe 1 all from any to any via xl0 in
ipfw add pipe 2 all from any to any via xl1 in
ipfw pipe 1 config bw 0 delay 0 plr 0
ipfw pipe 2 config bw 0 delay 0 plr 0

The first two lines create the two pipes used to control the network profile. Pipe #1 controls traffic entering the delay router on interface xl0, pipe #2 controls bandwidth entering the delay router on interface xl1. The last two lines configure the two pipes with no restrictions, i.e. bandwidth will be whatever your system will support.

4. Adjust the pipes to simulate your network conditions.

To simulate a full T1 with low latency and no packet loss enter the following on a command line as root.

delay-router# ipfw pipe 1 config bw 1.544Mbit/s delay 20ms
delay-router# ipfw pipe 2 config bw 1.544Mbit/s delay 20ms

To simulate a 4.5/3.2 Mbit asymmetric cross country link with 10% packet loss enter the following on a command line as root.

delay-router# ipfw pipe 1 config bw 4.5Mbit/s delay 120ms plr .1
delay-router# ipfw pipe 2 config bw 3.2Mbit/s delay 120ms plr .1

Donít forget to configure each pipe, otherwise traffic will flow at the speed of the interfaces.

5. Basic pipe configuration options.

bw bandwidth | device
Bandwidth, measured in [K|M]{bit/s|Byte/s}.

delay ms-delay
Propagation delay, measured in milliseconds. The value is rounded to the next multiple of the clock tick (typically 10ms, but it is a good practice to run kernels with “options HZ=1000” to reduce the granularity to 1ms or less). Default value is 0, meaning no delay.

plr packet-loss-rate
Packet loss rate. Argument packet-loss-rate is a floating-point number between 0 and 1, with 0 meaning no loss, 1 meaning 100% loss. The loss rate is internally represented on 31 bits.

6. Further reading.

This example configuration is extremely basic, using dummynet and ipfw a wide varity of network topology and configuration options available. For example: using a routing configuration instead of a bridge.

I highly recommend for additional information reading Luigi Rizzoís (the creator of dummynet) documentation available on the web here: http://info.iet.unipi.it/~luigi/ip_dummynet/

HIPAA
HITRUST
FEDRAMP
ITAR
PCI
SOC