asterisk users - May 2008 - Setting the TOS using IPtables screws up the DSCP field

Concise summary: When I set the TOS to Minimize-Delay the DSCP field
in the packet changes from "Expedited Forwarding" to
"Unknown"

Here are the details:

Scenario 1: IpTables is not used to set the TOS

This is what the packet looks like using wireshark:
Internet Protocol, Src: 59.93.192.xx (59.93.192.xx), Dst:
64.62.134.yyy (64.62.134.yyy)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited
Forwarding; ECN: 0x00)
        1011 10.. = Differentiated Services Codepoint: Expedited
Forwarding (0x2e)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0


Scenario 2: IpTables is used to set the TOS

Output of $/etc/rc.d/init.d/iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    TOS        udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:5060:5069 TOS set 0x10
2    TOS        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpts:5060:5069 TOS set 0x10
3    TOS        udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:10000:20000 TOS set 0x10

This is what the packet looks like using wireshark:
Internet Protocol, Src: 59.93.192.xx (59.93.192.xx), Dst:
64.62.134.xxx (64.62.134.xxx)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0xb0 (DSCP 0x2c: Unknown DSCP; ECN: 0x00)
        1011 00.. = Differentiated Services Codepoint: Unknown (0x2c)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0


I have no idea what am I doing wrong.

Here is some reference reading I did:
http://www.tucny.com/dscp&tos

Any pointers in the right direction will be very much appreciated.

Thanks for your time,

Sysadmin
http://www.debtconsolidationcare.com
Internets First get out of debt community

This happens because the TOS and DSCP are the same field. TOS is the first
implementation of QoS on the IP header, DSCP is it's evolution and uses the
same field on the IP header, you can use only one of the two at the same
time.
Best Regards,

On Wed, May 7, 2008 at 8:59 AM, Vikas <topgun9 at gmail.com> wrote:
> Concise summary: When I set the TOS to Minimize-Delay the DSCP field
> in the packet changes from "Expedited Forwarding" to
"Unknown"
>
> Here are the details:
>
> Scenario 1: IpTables is not used to set the TOS
>
> This is what the packet looks like using wireshark:
> Internet Protocol, Src: 59.93.192.xx (59.93.192.xx), Dst:
> 64.62.134.yyy (64.62.134.yyy)
>    Version: 4
>    Header length: 20 bytes
>    Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited
> Forwarding; ECN: 0x00)
>        1011 10.. = Differentiated Services Codepoint: Expedited
> Forwarding (0x2e)
>        .... ..0. = ECN-Capable Transport (ECT): 0
>        .... ...0 = ECN-CE: 0
>
>
> Scenario 2: IpTables is used to set the TOS
>
> Output of $/etc/rc.d/init.d/iptables status
> Table: mangle
> Chain PREROUTING (policy ACCEPT)
> num  target     prot opt source               destination
>
> Chain INPUT (policy ACCEPT)
> num  target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> num  target     prot opt source               destination
> 1    TOS        udp  --  0.0.0.0/0            0.0.0.0/0           udp
> dpts:5060:5069 TOS set 0x10
> 2    TOS        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> dpts:5060:5069 TOS set 0x10
> 3    TOS        udp  --  0.0.0.0/0            0.0.0.0/0           udp
> dpts:10000:20000 TOS set 0x10
>
> This is what the packet looks like using wireshark:
> Internet Protocol, Src: 59.93.192.xx (59.93.192.xx), Dst:
> 64.62.134.xxx (64.62.134.xxx)
>    Version: 4
>    Header length: 20 bytes
>    Differentiated Services Field: 0xb0 (DSCP 0x2c: Unknown DSCP; ECN:
> 0x00)
>        1011 00.. = Differentiated Services Codepoint: Unknown (0x2c)
>        .... ..0. = ECN-Capable Transport (ECT): 0
>        .... ...0 = ECN-CE: 0
>
>
> I have no idea what am I doing wrong.
>
> Here is some reference reading I did:
> http://www.tucny.com/dscp&tos
>
> Any pointers in the right direction will be very much appreciated.
>
> Thanks for your time,
>
> Sysadmin
> http://www.debtconsolidationcare.com
> Internets First get out of debt community
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>


-- 
Guilherme Loch G?es

Visite nossa loja virtual: http://www.shopvoip.com.br

Not?cias e F?rum sobre VoIP com software livre:
http://www.asteriskexperts.com.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20080507/72d91b25/attachment.htm

Why are you trying to change the ToS from 46 (0x2e) Expedited for the RTP/RTCP
packets to 16 (0x10)?

I mean... these values really only need to be meaningful to yourself, your
switches, your routers etc.... however

ToS 46 (0x2e) is the "standard" value for RTP / RTCP as it is
basically the highest priority value you can assign to something... ToS 46 is
basically suppose to indicate that it trumps all other traffic and should be
send before anything else (Which is a good thing for the RTP traffic)

The SIP Signalling traffic is a little less important and its standard ToS value
is 26 (0x1a).

You also don;t need to use IPTables to set these values... Asterisk will do it
for you as long as you have installed libcaps (I believe its required for it).

And I don;t know what phones you are using... but your phones are probably also
setting these values for you.... I know the Aastra phones have QoS/ToS settings
under Options -> Network -> Type of Service

--
Matt
________________________________________
From: asterisk-users-bounces at lists.digium.com [asterisk-users-bounces at
lists.digium.com] On Behalf Of Vikas [topgun9 at gmail.com]
Sent: Wednesday, May 07, 2008 7:59 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] Setting the TOS using IPtables screws up the DSCP    
field

Concise summary: When I set the TOS to Minimize-Delay the DSCP field
in the packet changes from "Expedited Forwarding" to
"Unknown"

Here are the details:

Scenario 1: IpTables is not used to set the TOS

This is what the packet looks like using wireshark:
Internet Protocol, Src: 59.93.192.xx (59.93.192.xx), Dst:
64.62.134.yyy (64.62.134.yyy)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited
Forwarding; ECN: 0x00)
        1011 10.. = Differentiated Services Codepoint: Expedited
Forwarding (0x2e)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0


Scenario 2: IpTables is used to set the TOS

Output of $/etc/rc.d/init.d/iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    TOS        udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:5060:5069 TOS set 0x10
2    TOS        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpts:5060:5069 TOS set 0x10
3    TOS        udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:10000:20000 TOS set 0x10

This is what the packet looks like using wireshark:
Internet Protocol, Src: 59.93.192.xx (59.93.192.xx), Dst:
64.62.134.xxx (64.62.134.xxx)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0xb0 (DSCP 0x2c: Unknown DSCP; ECN: 0x00)
        1011 00.. = Differentiated Services Codepoint: Unknown (0x2c)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0


I have no idea what am I doing wrong.

Here is some reference reading I did:
http://www.tucny.com/dscp&tos

Any pointers in the right direction will be very much appreciated.

Thanks for your time,

Sysadmin
http://www.debtconsolidationcare.com
Internets First get out of debt community

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users