Shorewall users - Jul 2007 - Integrating QoS and Traffic Shaping from HowToForge Article

Hi !


I found an excellent article about QoS and traffic shaping for VoIP (Asterisk 
IAX protocol), which is designed to improve sound quality even over very busy 
lines.

http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk

Should I just cut and paste all that to shorewall''s tcrules (replacing
4569
with 5060)?

Additionally, author of this article uses IAX protocol, but today''s
standard
is SIP, which uses:
For SIP Messaging Protocol: TCP/UDP port 5060
For RTP Protocol: UDP port range 5061-5161 (might be different, depending on 
setup)


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Hi, Simon,

Thanks a lot for advice. I am sorry, but I am a bit confused. I do not use DSL 
for which wondershaper have been originally designed for, although I''ve
got
your idea to adopt it as VoIP traffic shaper.

Would you please just port your Shorewall config files here with few comments 
what have been in your mind when you wrote them? 

This is rather long-standing problem,, and if your solution is close to 
perfect state, it would be very nice to get rid of SIP QoS/shaping issue once 
and for all.

Thanks in advance

Andrei

On Sunday 29 July 2007 22:42:29 Simon Hobson wrote:
> Andrei Verovski (aka MacGuru) wrote:
> >I found an excellent article about QoS and traffic shaping for VoIP
> > (Asterisk IAX protocol), which is designed to improve sound quality
even
> > over very busy lines.
> >
> >http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk
>
> Actually I disagree that it''s excellent - it really
doesn''t cover all
> the issues, and in particular it does not address inbound congestion
> which is equally (if not more) important.
>
> I suggest you look at :
> http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
>
> >The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads
>
> and
>
> http://www.shorewall.net/traffic_shaping.htm#Wondershaper
>
> >Configuration to replace Wondershaper
>
> I setup a gateway at work using the latter config, and it really does
> work very nicely !
>
> >Should I just cut and paste all that to shorewall''s tcrules
(replacing
> > 4569 with 5060)?
>
> No, see the above for the other bits you need. Also, it isn''t the
SIP
> stuff on port 5060 that you need to worry about (though it is
> important). You need to prioritise the RTP stuff which is on various
> UDP ports (different by manufacturer and config). The default for
> Asterisk is to use the whole range from 10001 to 20000 !
>
> >Additionally, author of this article uses IAX protocol, but
today''s
> > standard is SIP, which uses:
> >For SIP Messaging Protocol: TCP/UDP port 5060
> >For RTP Protocol: UDP port range 5061-5161 (might be different,
depending
> > on setup)
>
> IAX2 is in many ways better than SIP, but less widely supported. SIP
> is a REAL P.I.T.A. when NAT is involved (ie most setups), and I
> really do mean a major PITA ! IAX2 is not a problem and you just the
> appropriate port forwarding/accept rules.
>
> And no, there is absolutely NO single way to make SIP work properly
> with NAT. There are many ways that work for some situations, but no
> universal solution.
>
> I''ve set up Asterisk boxes both with SIP trunks and IAX2 trunks -
> IAX2 is FAR easier to setup & configure. But for your endpoints you
> will almost certainly be using SIP since few devices support IAX2.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Andrei Verovski (aka MacGuru) wrote:
> Hi !
> 
> 
> I found an excellent article about QoS and traffic shaping for VoIP
(Asterisk
> IAX protocol), which is designed to improve sound quality even over very
busy
> lines.
> 
> http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk
> 
> Should I just cut and paste all that to shorewall''s tcrules
(replacing 4569
> with 5060)?
There are no iptables rules in that article at all. You don''t need
Shorewall at all for this unless you want to set
''TC_ENABLED=Yes'' in
shorewall.conf and place all of the commands in /etc/shorewall/tcstart.

See http://www.shorewall.net/traffic_shaping.htm#External

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Andrei Verovski (aka MacGuru) wrote:
>I found an excellent article about QoS and traffic shaping for VoIP
(Asterisk
>IAX protocol), which is designed to improve sound quality even over very
busy
>lines.
>
>http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk
Actually I disagree that it''s excellent - it really doesn''t
cover all
the issues, and in particular it does not address inbound congestion 
which is equally (if not more) important.

I suggest you look at :
http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
>The Ultimate Traffic Conditioner: Low Latency, Fast Up & Downloads
and

http://www.shorewall.net/traffic_shaping.htm#Wondershaper
>Configuration to replace Wondershaper

I setup a gateway at work using the latter config, and it really does 
work very nicely !

>Should I just cut and paste all that to shorewall''s tcrules
(replacing 4569
>with 5060)?
No, see the above for the other bits you need. Also, it isn''t the SIP 
stuff on port 5060 that you need to worry about (though it is 
important). You need to prioritise the RTP stuff which is on various 
UDP ports (different by manufacturer and config). The default for 
Asterisk is to use the whole range from 10001 to 20000 !


>Additionally, author of this article uses IAX protocol, but today''s
standard
>is SIP, which uses:
>For SIP Messaging Protocol: TCP/UDP port 5060
>For RTP Protocol: UDP port range 5061-5161 (might be different, depending on
>setup)
IAX2 is in many ways better than SIP, but less widely supported. SIP 
is a REAL P.I.T.A. when NAT is involved (ie most setups), and I 
really do mean a major PITA ! IAX2 is not a problem and you just the 
appropriate port forwarding/accept rules.

And no, there is absolutely NO single way to make SIP work properly 
with NAT. There are many ways that work for some situations, but no 
universal solution.

I''ve set up Asterisk boxes both with SIP trunks and IAX2 trunks - 
IAX2 is FAR easier to setup & configure. But for your endpoints you 
will almost certainly be using SIP since few devices support IAX2.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/