Shorewall users - Feb 2009 - Traffic Shaping (including router)

Hi,

I am relatively new to shorewall and setting up a router manually and
would like some advice if possible on how to get TOS working.

What I am attempting to do is not limit any protocol with numbers (ie
give torrents 50kbit and voip the rest) but rather just simple
priorities. For example if I am using my Asterisk PBX I would rather
incomming calls not stutter because BT is running. Currently even if I
run bit torrent artificially limited (allowing avaliable bandwidth) I
still get stuttering, I can only assume this is because the torrent
packets are impeding the VoIP traffic. It is only if I turn it off
that it functions properly. Torrents will be running both on the
internet facing server with shorewall (10.0.0.1) and one of the other
servers on the lan.

I have attached a shorewall dump as well as the rules files as I do
not know what information is required to resolve this. If you need any
more please let me know.

Thanks in advance!
Dan







------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com

Dan Saul wrote:
> 
> I have attached a shorewall dump as well as the rules files as I do
> not know what information is required to resolve this. If you need any
> more please let me know.
>
You are not classifying any traffic from the firewall itself. Please
re-read http://www.shorewall.net/traffic_shaping.htm#tcrules. Be sure to
reload the page as it was just changed yesterday in an attempt to avoid
the very trap you fell into.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com

I think what you''re missing is tcclasses. I used the sample config from
one
of Shorewall''s authors and upped the kbit range on VoIP a little to
make it
clearer. Here''s my setup:

tcclasses
$EXT_IF         1       180kbit         260kbit         1
tos=0x68/0xfc,tos=0xb8/0xfc
$EXT_IF         2       full/4          full            2
tcp-ack,tos-minimize-delay
$EXT_IF         3       full/4          full            3
default
$EXT_IF         4       full/8          full*8/10       4

Priority 1 uses special flags for VoIP/SIP traffic, and gets dedicated
bandwidth. All torrent traffic is priority 4. Along with tcdevices set to
80% of the theoretical max upload, it works out very well. I get extremely
clear calls even when saturating my upload. Remember, you''re not really
doing QoS if you try to use ALL your theoretical max upload. So if you have
1mbit up, putting 1024, even if you have a lower priority for your torrents,
etc., can and will start queuing up packets at the Shorewall router instead
of at the ISP (who can generally handle it better). Try 80% then creep
upwards if you must.


-----Original Message-----
From: Dan Saul [mailto:daniel.saul@gmail.com] 
Sent: Wednesday, February 04, 2009 9:57 AM
To: shorewall-users@lists.sourceforge.net
Subject: [Shorewall-users] Traffic Shaping (including router)

Hi,

I am relatively new to shorewall and setting up a router manually and would
like some advice if possible on how to get TOS working.

What I am attempting to do is not limit any protocol with numbers (ie give
torrents 50kbit and voip the rest) but rather just simple priorities. For
example if I am using my Asterisk PBX I would rather incomming calls not
stutter because BT is running. Currently even if I run bit torrent
artificially limited (allowing avaliable bandwidth) I still get stuttering,
I can only assume this is because the torrent packets are impeding the VoIP
traffic. It is only if I turn it off that it functions properly. Torrents
will be running both on the internet facing server with shorewall (10.0.0.1)
and one of the other servers on the lan.

I have attached a shorewall dump as well as the rules files as I do not know
what information is required to resolve this. If you need any more please
let me know.

Thanks in advance!
Dan


------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com

Hi,

I did have a tcclasses before but not to the sophistication of yours.
Using your example I got it working much better then before, there
still is a tiny bit of stuttering on the IVR, but it is barely
noticable. Realistically if I ever started a business where i''d be
using a true IVR -- no torrents would be running on the connection!
Here are my files for others if they need them:

tcdevices:
wan0		0		819kbit #(1024*.8)

tcclasses:
wan0			1	180kbit		260kbit		1       	tos=0x68/0xfc,tos=0xb8/0xfc
wan0			2	full/4		full		2       	tcp-ack,tos-minimize-delay
wan0			3	full/4		full		3		default
wan0			4	full/8		full*8/10	4

tcrules:
2	-	-	icmp	echo-request
2	-	-	icmp	echo-reply

1       -	-	all	-	-        -         -         -              -        -    sip

4	-	-	tcp	1:20		# not used
3	-	-	tcp	21		# ftp
1	-	-	tcp	22		# ssh
4	-	-	tcp	23:52		# not used
1	-	-	tcp	53		# dns
4	-	-	tcp	54:79		# not used
2	-	-	tcp	80		# http
4	-	-	tcp	81:5189		# not used
3	-	-	tcp	5190		# aim
4	-	-	tcp	5191:6879	# not used
2	-	-	tcp	6880		# Half Life Source
4	-	-	tcp	6881:8079	# not used
2	-	-	tcp	8080		# http alt
4	-	-	tcp	8081:27014	# not used
2	-	-	tcp	27015:27016	# counter strike source
4	-	-	tcp	27017:65535	# not used

I know my tcrules file is not the cleanest however I had to take a few
things into consideration when making it. Even though my BT client
specified port 20000, a quick netstat showed it was still opening
other ports to do some of the transfering. These ports were anonymous
ports so it was not possible for me to specify them. My kernel did not
have ipp2p so shorewall complained when trying to use that as the
protocol type, I would rather use a stock kernel if at all possible as
I don''t want to have to keep that up to date manually. specifying bulk
for all traffic at the start does not seem to have an effect if you
specify not bulk later I seem to recall the docs saying that it kept
on reading until the end of the file. I did not try specifying bulk at
the end to see if that made a difference. Over all this seemed to be a
comprimise that was kind of dirty but worked.

Thank you for your assistance all,

Dan Saul

On Wed, Feb 4, 2009 at 9:36 AM, GeneralNMX <generalmx@gmail.com>
wrote:
>
> I think what you''re missing is tcclasses. I used the sample config
from one
> of Shorewall''s authors and upped the kbit range on VoIP a little
to make it
> clearer. Here''s my setup:
>
> tcclasses
> $EXT_IF         1       180kbit         260kbit         1
> tos=0x68/0xfc,tos=0xb8/0xfc
> $EXT_IF         2       full/4          full            2
> tcp-ack,tos-minimize-delay
> $EXT_IF         3       full/4          full            3
> default
> $EXT_IF         4       full/8          full*8/10       4
>
> Priority 1 uses special flags for VoIP/SIP traffic, and gets dedicated
> bandwidth. All torrent traffic is priority 4. Along with tcdevices set to
> 80% of the theoretical max upload, it works out very well. I get extremely
> clear calls even when saturating my upload. Remember, you''re not
really
> doing QoS if you try to use ALL your theoretical max upload. So if you have
> 1mbit up, putting 1024, even if you have a lower priority for your
torrents,
> etc., can and will start queuing up packets at the Shorewall router instead
> of at the ISP (who can generally handle it better). Try 80% then creep
> upwards if you must.
>
>
> -----Original Message-----
> From: Dan Saul [mailto:daniel.saul@gmail.com]
> Sent: Wednesday, February 04, 2009 9:57 AM
> To: shorewall-users@lists.sourceforge.net
> Subject: [Shorewall-users] Traffic Shaping (including router)
>
> Hi,
>
> I am relatively new to shorewall and setting up a router manually and would
> like some advice if possible on how to get TOS working.
>
> What I am attempting to do is not limit any protocol with numbers (ie give
> torrents 50kbit and voip the rest) but rather just simple priorities. For
> example if I am using my Asterisk PBX I would rather incomming calls not
> stutter because BT is running. Currently even if I run bit torrent
> artificially limited (allowing avaliable bandwidth) I still get stuttering,
> I can only assume this is because the torrent packets are impeding the VoIP
> traffic. It is only if I turn it off that it functions properly. Torrents
> will be running both on the internet facing server with shorewall
(10.0.0.1)
> and one of the other servers on the lan.
>
> I have attached a shorewall dump as well as the rules files as I do not
know
> what information is required to resolve this. If you need any more please
> let me know.
>
> Thanks in advance!
> Dan
>
>
>
------------------------------------------------------------------------------
> Create and Deploy Rich Internet Apps outside the browser with
Adobe(R)AIR(TM)
> software. With Adobe AIR, Ajax developers can use existing skills and code
to
> build responsive, highly engaging applications that combine the power of
local
> resources and data with the reach of the web. Download the Adobe AIR SDK
and
> Ajax docs to start building applications
today-http://p.sf.net/sfu/adobe-com
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com