thr3ads.net - LARTC - Linux QOS and prioritization of real-time data (RTP/VoIP) [Dec 2003]

If this information is useful, please help other people find it:
Share via:
Greg Freeman
2003-Dec-03 01:01 UTC
Linux QOS and prioritization of real-time data (RTP/VoIP)

The questions I will be asking are: 
How can I prevent the latency on the VoIP traffic I am experiencing when
remote users copy files from the server to their local PC?
What rules do I need to Change/add? (I think I have too many rules at
this point, and probably not the right ones, since it doesn''t seem to
help.)
Is it related to the sfq queuing? Ie. should I be using another queuing
technique such as PQ?
(Please keep in mind I know very little Linux) and basically cut and
paste  :0)

Site details: 

Site 1 (Corp)
Firewall (10.0.0.1) running embedded Linux with an Ipsec tunnel to site
2. Internet connection is 640kbps/640kbps. Corporate side has a phone
server with a VoIP card at 10.0.0.7. The below rules are being applied,
but even with these rules in place I am seeing when data is pulled from
the file server (10.0.0.2), to one of the clients at site 2, the latency
on the VoIP traffic (measured by sending continuous ICMP packets from
the phone server (10.0.0.7) to an IP phone (10.0.1.20) at site 2 -for
testing) increases dramtically. With no data being copied from the
server (10.0.0.2) to a client at site 2 the average latency is 30ms.
When data is being copied from the server, it puts the average latency
of the ICMP test packets to about 300ms, with some as high as 600+. 

Here are the rules on the Corp side:
tc qdisc del dev ipsec0 root
tc qdisc add dev ipsec0 root handle 1: cbq bandwidth 10Mbit avpkt 1000
tc class add dev ipsec0 parent 1: classid 1:1 cbq rate 580kbit allot
1500 prio 2 bounded isolated
tc class add dev ipsec0 parent 1:1 classid 1:10 cbq rate 240kbit allot
1500 avpkt 1000 prio 1 
tc class add dev ipsec0 parent 1:1 classid 1:20 cbq rate 400kbit allot
1500 avpkt 1000 prio 10
tc qdisc add dev ipsec0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev ipsec0 parent 1:20 handle 20: sfq perturb 10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 6 0xff match ip src 10.0.0.0/24 flowid 1:20
tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 17 0xff match ip src 10.0.0.0/24 flowid 1:20
tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 1 0xff match ip src 10.0.0.0/24 flowid 1:20
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip src 10.0.0.7 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip src 10.0.0.7 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip src 10.0.0.7 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip dst 10.0.1.20 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip dst 10.0.1.21 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip dst 10.0.1.22 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip dst 10.0.1.20 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip dst 10.0.1.21 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip dst 10.0.1.22 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip dst 10.0.1.20 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip dst 10.0.1.21 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip dst 10.0.1.22 flowid 1:10 

Site 2 (Remote)
Firewall (10.0.1.1) running embedded Linux with an Ipsec tunnel to site
1. Internet connection speed is 640/640kbps. Each firewall has an eth0,
and eth1 interface in addition to the Ipsec0 interface. TheIP Phones are
at 10.0.1.20-22. 

The site 2 rules are: 

tc qdisc del dev ipsec0 root
tc qdisc add dev ipsec0 root handle 1: cbq bandwidth 10Mbit avpkt 1000
tc class add dev ipsec0 parent 1: classid 1:1 cbq rate 580kbit allot
1500 prio 1 bounded isolated
tc class add dev ipsec0 parent 1:1 classid 1:10 cbq rate 240kbit allot
1500 avpkt 1000 prio 1 
tc class add dev ipsec0 parent 1:1 classid 1:20 cbq rate 400kbit allot
1500 avpkt 1000 prio 10
tc qdisc add dev ipsec0 parent 1:10 handle 10: sfq perturb 10 
tc qdisc add dev ipsec0 parent 1:20 handle 20: sfq perturb 10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 6 0xff match ip src 10.0.1.0/24 flowid 1:20
tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 17 0xff match ip src 10.0.1.0/24 flowid 1:20
tc filter add dev ipsec0 parent 1:0 protocol ip prio 10 u32 match ip
protocol 1 0xff match ip src 10.0.1.0/24 flowid 1:20
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip src 10.0.1.20 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip src 10.0.1.20 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip src 10.0.1.20 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip src 10.0.1.21 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip src 10.0.1.21 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip src 10.0.1.21 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip src 10.0.1.22 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip src 10.0.1.22 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip src 10.0.1.22 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 4 u32 match ip
protocol 6 0xff match ip dst 10.0.0.7 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 17 0xff match ip dst 10.0.0.7 flowid 1:10
tc filter add dev ipsec0 parent 1:0 protocol ip prio 1 u32 match ip
protocol 1 0xff match ip dst 10.0.0.7 flowid 1:10 

My reasoning behind these rules - the VoIP traffic should be mainly,if
not entirely UDP,(there may be some TCP/IP with the session setup but
the amount of traffic would be negligiable). Each phone would require a
maximum of 80 kbps (and there are three phones). Would like to be able
to lock down the bandwidth to keep the server file transfers from
disturbing the voice traffic - not sure how to effectively do this.

Additional information:  average packet size of the VoIP traffic is
500bytes.  (I have also tried bumping down the avpkt to 500 on each
side, but this had no effect).  I also modified the cpq rate drastically
trying to limit lower priority to 100kb, and boost the size of the high
priority to 440kbit but this too had no effect.  I did aply the cbq
rules at one point on eth1 (wan port and it didn''t appear to have any
effect, I then tried eth0, which did reduce the speed of Internet
browsing but not to the rate I specified, Ie. it exceed the rate so the
rate must not be a true cap on what it gives to each class.  

 

Please help.
LARTC - Dec 2003 - Linux QOS and prioritization of real-time data (RTP/VoIP)

Linux QOS and prioritization of real-time data (RTP/VoIP)
