Find the answer to your Linux question:
Results 1 to 3 of 3
So, there's tons of "docs" out there trying to explain how to do proper traffic shaping for networks using VOIP and needing the VOIP traffic to be the highest priority. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2011
    Location
    Los Angeles, CA
    Posts
    2

    TC Traffic Shaping and VOIP


    So, there's tons of "docs" out there trying to explain how to do proper traffic shaping for networks using VOIP and needing the VOIP traffic to be the highest priority. The problem is that none of them really deal with an actual network that needs to prioritize more than just VOIP.

    After more than 5 days of hard core work on this, I think it's time for some help.

    Here's what I need to accomplish:

    1. VOIP traffic using ports 5060, 5061, and 10000:11000 needs to be the highest priority, followed by the hierarchy I setup for my other important network traffic.

    2. If nothing is going on, All available network bandwidth up/down (i.e. from eth1 which is the WAN side) should be able to be used without issue. However, should a higher priority packet need bandwidth, all the bandwidth it needs should be "stolen" from lower priority packets, in the order of the priorities. In essence if the phone call needs 60k up/down to be perfectly clear, I expect that an upload using all available upload bandwidth should be immediately reduced by 60k.

    Right now, no bandwidth is being stolen. Packets are being marked and QDiscs are being sent the correct traffic, however, let's say I start an upload and use 100% of my upload speed. Although I can place a phone call, there is extremely high latency and a very choppy connection. If I stop the upload the latency lowers and the choppiness goes away.

    What I want to have happen is that when I get/make a phone call, all the bandwidth that the VOIP traffic needs becomes immediately available, even if that means virtually halting all other network traffic and thus taking over the available bandwidth. That way I can always ensure a flawless and latent free phone conversation. When I disconnect from the call, the traffic should resume as normal.

    You can see from the script below that I have prioritized a number of different types of traffic and I need the prioritization to work as I just described for all traffic (not just VOIP) and in the hierarchy I've setup.

    Let me give another example.

    Say I'm uploading a large file, or http traffic is using up the available bandwidth, but I need to SSH as well as use my cell phone via the AT&T Microcell. Since the Microcell has the higher priority and SSH is below that, while regular uploading and web surfing is below that, the Microcell should take all the bandwidth it needs, followed by the SSH connection taking all the bandwidth it needs, and finally leaving whatever is left over for the uploading and web surfing. If the Microcell needs a bunch of bandwidth and doesn't leave enough for the SSH connection, the SSH connection should be starved as it is a lower priority. Likewise, if together the Microcell and SSH connection use up all available bandwidth, the rest of the traffic should be starved.

    Make sense? Hope so. Here's what I have currently (traffic shaping starts on line 146 and everything is heavily commented to make it easy to understand).

    --------------

    #!/bin/bash

    # VARIABLES
    IPT=/sbin/iptables
    WANIP="123.123.123.123"
    INTDEV="eth0"
    WANDEV="eth1"

    case "$1" in

    start)

    # Load modules:
    modprobe ip_tables
    modprobe iptable_nat
    modprobe iptable_filter
    modprobe nf_conntrack
    modprobe nf_nat
    modprobe sch_prio
    modprobe sch_cbq

    modprobe nf_conntrack_sip ports=5060,5061
    sip_direct_signalling=0 sip_direct_media=0
    modprobe nf_nat_sip

    # ALLOW FORWARDING
    echo 1 > /proc/sys/net/ipv4/ip_forward

    # Clear the QDisc so there are no conflicts
    tc qdisc del dev eth0 root 2>/dev/null || tc qdisc del dev eth1 root 2>/dev/null

    # flush all chains
    $IPT -t filter -F INPUT
    $IPT -t filter -F OUTPUT
    $IPT -t filter -F FORWARD
    $IPT -t nat -F
    $IPT -t mangle -F INPUT
    $IPT -t mangle -F FORWARD
    $IPT -t mangle -F OUTPUT
    $IPT -t mangle -F POSTROUTING
    $IPT -X

    # set the default policy for each of the pre-defined chains
    $IPT -P INPUT DROP
    $IPT -P OUTPUT ACCEPT
    $IPT -P FORWARD ACCEPT

    # accept anything on loopback

    $IPT -A INPUT -i lo -j ACCEPT
    $IPT -A OUTPUT -o lo -j ACCEPT

    # Let established traffic origin from local system pass thru

    $IPT -A INPUT -p tcp -i $INTDEV -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    $IPT -A INPUT -p udp -i $INTDEV -j ACCEPT

    # PORT FORWARDING AND NAT BEGIN

    $IPT -t nat -A PREROUTING -i $WANIP -p tcp --dport 53 -j DNAT --to-dest 10.0.0.4:53
    $IPT -t nat -A PREROUTING -i $WANIP -p udp --dport 53 -j DNAT --to-dest 10.0.0.4:53
    $IPT -t nat -A PREROUTING -i $WANIP -p tcp --dport 20 -j DNAT --to-dest 10.0.0.4:20
    $IPT -t nat -A PREROUTING -i $WANIP -p udp --dport 20 -j DNAT --to-dest 10.0.0.4:20
    $IPT -t nat -A PREROUTING -i $WANIP -p tcp --dport 21 -j DNAT --to-dest 10.0.0.4:21
    $IPT -t nat -A PREROUTING -i $WANIP -p tcp --dport 25743 -j DNAT --to-dest 10.0.0.4:25743
    $IPT -t nat -A PREROUTING -i $WANIP -p udp --dport 25743 -j DNAT --to-dest 10.0.0.4:25743

    # This is for VNC to Office

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 28495 -j DNAT --to-dest 10.0.1.1:5900
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 28495 -j DNAT --to-dest 10.0.1.1:5900

    # This is for Darwin Calendar and Contact Server

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 8443 -j DNAT --to-dest 10.0.1.1:8443
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 8443 -j DNAT --to-dest 10.0.1.1:8443

    # This is for DirecTV

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 27177 -j DNAT --to-dest 10.0.1.233:27177
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 27177 -j DNAT --to-dest 10.0.1.233:27177
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 27178 -j DNAT --to-dest 10.0.1.233:27178
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 27178 -j DNAT --to-dest 10.0.1.233:27178

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 27179 -j DNAT --to-dest 10.0.1.234:27179
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 27179 -j DNAT --to-dest 10.0.1.234:27179
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 27180 -j DNAT --to-dest 10.0.1.234:27180
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 27180 -j DNAT --to-dest 10.0.1.234:27180

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 27181 -j DNAT --to-dest 10.0.1.232:27181
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 27181 -j DNAT --to-dest 10.0.1.232:27182
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 27182 -j DNAT --to-dest 10.0.1.232:27182
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 27182 -j DNAT --to-dest 10.0.1.232:27182

    # This is for AT&T Microcell

    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 123 -j DNAT --to-dest 10.0.1.236:123
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 443 -j DNAT --to-dest 10.0.1.236:443
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 4500 -j DNAT --to-dest 10.0.1.236:4500
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 4500 -j DNAT --to-dest 10.0.1.236:4500
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 500 -j DNAT --to-dest 10.0.1.236:500
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 500 -j DNAT --to-dest 10.0.1.236:500

    # This is for Vuze

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 29272 -j DNAT --to-dest 10.0.1.1:29272
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 29272 -j DNAT --to-dest 10.0.1.1:29272

    # This is for Source-Connect

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 23580 -j DNAT --to-dest 10.0.1.3:23580
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 23580 -j DNAT --to-dest 10.0.1.3:23580
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 23581 -j DNAT --to-dest 10.0.1.3:23581
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 23581 -j DNAT --to-dest 10.0.1.3:23581

    # This is for Apple Remote Desktop

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 5900 -j DNAT --to-destination 10.0.1.1:5900
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 5900 -j DNAT --to-destination 10.0.1.1:5900
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 3283 -j DNAT --to-destination 10.0.1.1:3283
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 3283 -j DNAT --to-destination 10.0.1.1:3283
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 22 -j DNAT --to-destination 10.0.1.1:22

    # This is for Vonage

    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 1039 -j DNAT --to-dest 10.0.0.248:1039
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 5060 -j DNAT --to-dest 10.0.0.248:5060
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 5060 -j DNAT --to-dest 10.0.0.248:5060
    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 5061 -j DNAT --to-dest 10.0.0.248:5061
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 5061 -j DNAT --to-dest 10.0.0.248:5061
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 10000:11000 -j DNAT --to-dest 10.0.0.248

    # This is for the PCM96

    $IPT -t nat -A PREROUTING -d $WANIP -p tcp --dport 3804 -j DNAT --to-dest 10.0.1.3
    $IPT -t nat -A PREROUTING -d $WANIP -p udp --dport 3804 -j DNAT --to-dest 10.0.1.3

    # PORT FORWARDING AND NAT END

    # IP MASQUERADING

    $IPT -t nat -A POSTROUTING -o $WANDEV -j SNAT --to-source $WANIP

    # Packet Shaping and Traffic Control for the Router

    PRIO1="1"
    PRIO2="2"
    PRIO3="3"
    PRIO4="4"
    PRIO5="5"

    # Here are the priority marks

    # PRIO5 (this is for all packets not marked and serves as a "catch-all" according to TOS)

    $IPT -t mangle -A FORWARD -p tcp -m tos --tos Normal-Service -m mark --mark 0 -j MARK --set-mark $PRIO5
    $IPT -t mangle -A FORWARD -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark $PRIO5
    $IPT -t mangle -A FORWARD -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark $PRIO5
    $IPT -t mangle -A FORWARD -p tcp -m tos --tos Maximize-Reliability -m mark --mark 0 -j MARK --set-mark $PRIO5
    $IPT -t mangle -A FORWARD -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark $PRIO5

    # PRIO4

    # This is for the Darwin Calendar and Contacts Server
    $IPT -t mangle -A FORWARD -p tcp --dport 8443 -j MARK --set-mark $PRIO4
    $IPT -t mangle -A FORWARD -p udp --dport 8443 -j MARK --set-mark $PRIO4

    # This is for SSH
    $IPT -t mangle -A FORWARD -p tcp --dport 22 -j MARK --set-mark $PRIO4
    $IPT -t mangle -A FORWARD -p udp --dport 22 -j MARK --set-mark $PRIO4
    $IPT -t mangle -A FORWARD -p tcp --dport 25743 -j MARK --set-mark $PRIO4
    $IPT -t mangle -A FORWARD -p udp --dport 25743 -j MARK --set-mark $PRIO4

    # PRIO3

    # This is for VNC
    $IPT -t mangle -A FORWARD -p tcp --dport 5900 -j MARK --set-mark $PRIO3
    $IPT -t mangle -A FORWARD -p udp --dport 5900 -j MARK --set-mark $PRIO3

    # PRIO2

    # This is for the AT&T Microcell
    $IPT -t mangle -A FORWARD -p udp --dport 123 -j MARK --set-mark $PRIO2
    $IPT -t mangle -A FORWARD -p tcp --dport 443 -j MARK --set-mark $PRIO2
    $IPT -t mangle -A FORWARD -p tcp --dport 4500 -j MARK --set-mark $PRIO2
    $IPT -t mangle -A FORWARD -p udp --dport 4500 -j MARK --set-mark $PRIO2
    $IPT -t mangle -A FORWARD -p tcp --dport 500 -j MARK --set-mark $PRIO2
    $IPT -t mangle -A FORWARD -p udp --dport 500 -j MARK --set-mark $PRIO2

    # PRIO1 (the highest priority)

    # This is for Vonage
    $IPT -t mangle -A FORWARD -p udp --dport 1039 -j MARK --set-mark $PRIO1
    $IPT -t mangle -A FORWARD -p udp --dport 5060 -j MARK --set-mark $PRIO1
    $IPT -t mangle -A FORWARD -p udp --dport 5061 -j MARK --set-mark $PRIO1
    $IPT -t mangle -A FORWARD -p udp --dport 10000:11000 -j MARK --set-mark $PRIO1

    # This is for ICMP
    $IPT -t mangle -A FORWARD -i $INTDEV -o $WANDEV -p icmp -j MARK --set-mark $PRIO1

    # Mark all traffic that is for the local LAN to be put into 0
    $IPT -A POSTROUTING -t mangle -o $INTDEV -p tcp -d 10.0.0.0/8 -j MARK --set-mark 0

    # Done with Priority Markings

    # Rates
    UPRATE="1mbit"
    PRIORATE1="500kbit"
    PRIORATE2="100kbit"
    PRIORATE3="100kbit"
    PRIORATE4="100kbit"
    PRIORATE5="500kbit"

    # Quantum
    QUANTUM1="12187"
    QUANTUM2="8625"
    QUANTUM3="5062"
    QUANTUM4="3000"
    QUANTUM5="1500"

    # Burst
    BURST1="1k"
    BURST2="1k"
    BURST3="1k"
    BURST4="1k"
    BURST5="1k"
    CBURST1="1k"
    CBURST2="1k"
    CBURST3="1k"
    CBURST4="1k"
    CBURST5="1k"

    # Set queue length for $WANDEV

    ifconfig $WANDEV txqueuelen 4

    # Specify queue discipline

    tc qdisc add dev $WANDEV root handle 1: htb default 20 r2q 1

    # Set root class

    tc class add dev $WANDEV parent 1:0 classid 1:1 htb rate $UPRATE burst $BURST1 cburst $CBURST1

    # Specify sub classes

    tc class add dev $WANDEV parent 1:1 classid 1:2 htb rate $PRIORATE1 ceil $PRIORATE1 prio 1
    tc class add dev $WANDEV parent 1:1 classid 1:3 htb rate $PRIORATE2 ceil $PRIORATE2 prio 2
    tc class add dev $WANDEV parent 1:1 classid 1:4 htb rate $PRIORATE3 ceil $PRIORATE3 prio 3
    tc class add dev $WANDEV parent 1:1 classid 1:5 htb rate $PRIORATE4 ceil $PRIORATE4 prio 4
    tc class add dev $WANDEV parent 1:1 classid 1:6 htb rate $PRIORATE5 ceil $PRIORATE5 prio 5

    # Filter packets

    tc filter add dev $WANDEV parent 1: prio 1 protocol ip u32 match ip tos 0x68 0xff match ip protocol 0x11 0xff flowid 1:2
    tc filter add dev $WANDEV parent 1: prio 1 protocol ip u32 match ip tos 0xb8 0xff match ip protocol 0x11 0xff flowid 1:2
    #tc filter add dev $WANDEV protocol ip parent 1: prio 1 handle $PRIO1 fw flowid 1:2
    tc filter add dev $WANDEV protocol ip parent 1: prio 2 handle $PRIO2 fw flowid 1:3
    tc filter add dev $WANDEV protocol ip parent 1: prio 3 handle $PRIO3 fw flowid 1:4
    tc filter add dev $WANDEV protocol ip parent 1: prio 4 handle $PRIO4 fw flowid 1:5
    tc filter add dev $WANDEV protocol ip parent 1: prio 5 handle $PRIO5 fw flowid 1:6

    # Add qdiscs and queuing disciplines

    tc qdisc add dev $WANDEV parent 1:2 handle 10: tbf rate 0.5mbit burst 5kb latency 40ms peakrate 1mbit minburst 1540
    tc qdisc add dev $WANDEV parent 1:3 sfq perturb 16 quantum $QUANTUM2
    tc qdisc add dev $WANDEV parent 1:4 sfq perturb 16 quantum $QUANTUM3
    tc qdisc add dev $WANDEV parent 1:5 sfq perturb 16 quantum $QUANTUM4
    tc qdisc add dev $WANDEV parent 1:6 sfq perturb 16 quantum $QUANTUM5

    ### End Packet Shaping ###

    # FILTERING BEGIN

    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 20 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 20 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 21 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 21 -j ACCEPT

    # The following is for Vuze

    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 29272 -j ACCEPT

    # The following are general accept ports

    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 25743 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 25743 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 23579 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 23579 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 53 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 53 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 25 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 25 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 110 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 110 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 80 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 80 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 443 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 443 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 143 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 143 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 9091 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 9091 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 9090 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 9090 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 6667 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 6667 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 6881 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 6881 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 19090 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 19090 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 23580 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 23580 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 23581 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p udp --dport 23581 -j ACCEPT

    # The following line is for Source-Connect

    $IPT -t filter -A INPUT -i $WANDEV -s 147.202.41.185 -p tcp -m tcp --dport 5222 -j ACCEPT

    # The following are tests for open proxies via phpbb

    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 2301 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 3128 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 6588 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 8000 -j ACCEPT
    $IPT -t filter -A INPUT -i $WANDEV -p tcp --dport 8080 -j ACCEPT

    ;;

    stop)

    $IPT -t nat -F
    $IPT -t filter -F
    $IPT -X
    $IPT -P INPUT ACCEPT
    $IPT -P OUTPUT ACCEPT
    $IPT -P FORWARD ACCEPT
    echo 0 > /proc/sys/net/ipv4/ip_forward

    ;;

    *)

    echo "Usage $0 start or stop"

    ;;

    esac

    exit 0

  2. #2
    Just Joined!
    Join Date
    Sep 2011
    Location
    Los Angeles, CA
    Posts
    2
    OK. I got it figured out and working yesterday. The trick is to use HFSC instead of HTB. My only issue now is that when a file is uploading and then a phone call comes in, the bandwidth is limited just as I need it to be, however once the phone call is disconnected the upload speed never returns to where it was before (i.e. the bandwidth never seems to be given back). If I pause and then resume the upload the full speed returns, but I would like this to happen automatically when the bandwidth becomes available once again.

    Here's the new portion of the script (i.e. only the traffic shaping portion). Everything else in the script remains the same.

    ----------------------

    # Rates
    UPRATE="1000kbit"

    # Set queue length for $WANDEV

    ifconfig $WANDEV txqueuelen 4

    # Specify queue discipline

    tc qdisc add dev $WANDEV root handle 1: hfsc default 10

    # Set root class

    tc class add dev $WANDEV parent 1: classid 1:1 hfsc sc rate $UPRATE ul rate $UPRATE

    # Specify sub classes

    tc class add dev $WANDEV parent 1:1 classid 1:10 hfsc sc umax 1500b dmax 70ms rate 100kbit ul rate $UPRATE
    tc class add dev $WANDEV parent 1:1 classid 1:11 hfsc sc umax 1500b dmax 15ms rate 600kbit ul rate $UPRATE
    tc class add dev $WANDEV parent 1:1 classid 1:12 hfsc sc umax 1500b dmax 30ms rate 200kbit ul rate $UPRATE

    # Filter packets

    tc filter add dev $WANDEV protocol ip parent 1: prio 1 handle $PRIO1 fw flowid 1:11
    tc filter add dev $WANDEV protocol ip parent 1: prio 1 handle $PRIO2 fw flowid 1:12

  3. #3
    Just Joined!
    Join Date
    Mar 2014
    Posts
    1

    Thanks for the pointers!

    I used your idea to come up with a solution that is right for me. Here is what I did:

    ifconfig $DEV txqueuelen 100

    UPRATE=6Mbit

    tc qdisc add dev $DEV root handle 1: hfsc default 30
    tc class add dev $DEV parent 1: classid 1:1 hfsc sc rate $UPRATE ul rate $UPRATE
    tc class add dev $DEV parent 1:1 classid 1:10 hfsc sc umax 1500b dmax 50ms rate 1Mbit rt rate $UPRATE
    tc class add dev $DEV parent 1:1 classid 1:20 hfsc sc umax 1500b dmax 100ms rate 4Mbit sc rate $UPRATE
    tc class add dev $DEV parent 1:1 classid 1:30 hfsc sc umax 1500b dmax 500ms rate 1Mbit ul rate $UPRATE

    POSTROUTING="iptables -t mangle -A POSTROUTING"
    $POSTROUTING -j CLASSIFY --set-class 1:10 -p udp -s 10.0.0.220 # VoIP
    $POSTROUTING -j CLASSIFY --set-class 1:10 -p udp -d 10.0.0.220 # VoIP
    $POSTROUTING -j CLASSIFY --set-class 1:10 -p udp --dport ntp
    $POSTROUTING -j CLASSIFY --set-class 1:20 -p udp -m udp --dport domain
    $POSTROUTING -j CLASSIFY --set-class 1:20 -p tcp -m tcp --dport https
    $POSTROUTING -j CLASSIFY --set-class 1:20 -p tcp -m tcp --dport ssh

    I need to tune the firewall rules a bit more, but you get the idea. My call quality is much better now.

    The big difference between what you posted and what I ended up with is I use different types of hfsc queues. 1:10 is a real-time queue, 1:20 is a real-time + link share queue, and 1:30 is an upper limit service queue.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •