Shorewall users - May 2004 - TOS and VoIP

Hi,

I''ve got a question about optimal setup of Vonage VoIP for a DSL line,
using shorewall on Mandrake 9.2 (Athlon 900, 768M RAM). Shorewall is
working great, but I''m having TOS issues -- traffic makes the VoIP get
choppy. MRTG shows that it''s all okay within the bandwidth limitations
of
my line (up and downstream). Here''s my info:
[root@felix root]# shorewall version
1.4.8
[root@felix root]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:c0:f0:5b:10:e4 brd ff:ff:ff:ff:ff:ff
    inet 198.144.201.9/26 brd 198.144.201.63 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:c0:f0:4f:0a:de brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:c0:f0:2d:f9:18 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:04:5a:80:3f:31 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.1.255 scope global eth3
[root@felix root]# ip route show
198.144.201.0/26 dev eth0  scope link
192.168.2.0/24 dev eth3  scope link
192.168.1.0/24 dev eth1  scope link
192.168.0.0/24 dev eth2  scope link
127.0.0.0/8 dev lo  scope link
default via 198.144.201.1 dev eth0
[root@felix root]# cat /etc/shorewall/tos | grep -v \#
blue:192.168.1.8 fw     udp             -               3483            16
blue:192.168.1.8 fw     udp             3483            -               16
blue:192.168.1.9 net    udp             -               -               16
blue:192.168.1.9 net    tcp             -               -               16
all     all             tcp             -               ssh             16
all     all             tcp             ssh             -               16
all     all             tcp             -               ftp             2
all     all             tcp             ftp             -               2
all     all             tcp             ftp-data        -               2
all     all             tcp             -               ftp-data        2
all     all             tcp             -               http            8
all     all             tcp             -               smtp            8
all     all             tcp             smtp            -               8

The phone is at blue:192.168.1.9, forced by DHCP address reservation. I
can''t find much information on how values like 16, 2, 8 actually
configure
the QOS algorithm.

thanks,
-- 
Jack At Monkeynoodle.Org:
It''s A Scientific Venture...

Jack Coates wrote:
> Hi,
> 
> I''ve got a question about optimal setup of Vonage VoIP for a DSL
line,
> using shorewall on Mandrake 9.2 (Athlon 900, 768M RAM). Shorewall is
> working great, but I''m having TOS issues -- traffic makes the VoIP
get
> choppy. MRTG shows that it''s all okay within the bandwidth
limitations of
> my line (up and downstream). 
I think you will get better results using real Traffic Shaping (see 
http://shorewall.net/traffic_shaping.htm) rather than fooling around 
with TOS and the simple pfifo_fast qdisc (which is what I assume that 
you are using).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Jack Coates wrote:
> 
> The phone is at blue:192.168.1.9, forced by DHCP address reservation. I
> can''t find much information on how values like 16, 2, 8 actually
configure
> the QOS algorithm.
> 
Look at the section about pfifo_fast in the LARTC. You will find several 
pages on the subject.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

> Jack Coates wrote:
>> Hi,
>>
>> I''ve got a question about optimal setup of Vonage VoIP for a
DSL line,
>> using shorewall on Mandrake 9.2 (Athlon 900, 768M RAM). Shorewall is
>> working great, but I''m having TOS issues -- traffic makes the
VoIP get
>> choppy. MRTG shows that it''s all okay within the bandwidth
limitations
>> of
>> my line (up and downstream).
>
> I think you will get better results using real Traffic Shaping (see
> http://shorewall.net/traffic_shaping.htm) rather than fooling around
> with TOS and the simple pfifo_fast qdisc (which is what I assume that
> you are using).
>
> -Tom
Thanks a ton, that''s a big help.

I''ve inserted the wondershaper htc as my tcstart and made this change:

# TOS Minimum Delay (ssh, NOT scp) in 1:10:

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# I''d also like minimum delay for Vonage
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip dst 192.168.1.9 flowid 1:10

I''ve also set MARK_IN_FORWARD_CHAIN=Yes and TC_ENABLED=Yes, of course.
Should I also do a tc filter matching Vonage''s subnet, or is this going
to
be enough to support bidirectional traffic?
-- 
Jack At Monkeynoodle.Org:
It''s A Scientific Venture...

Jack Coates wrote:
> 
> I''ve also set MARK_IN_FORWARD_CHAIN=Yes and TC_ENABLED=Yes, of
course.
> Should I also do a tc filter matching Vonage''s subnet, or is this
going to
> be enough to support bidirectional traffic?
You cannot effectivly shape incoming traffic -- ingress filtering simply 
throws packets away.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net