[Asterisk-Users] Asterisk QOS working perfect using sveasoft 3.11g

John Baker JohnB at listbrokers.com
Wed Aug 4 23:54:09 MST 2004 

1) I would think pfifo would be a better choice than sfq for your voip 
qdisc.  Something like:

$TC qdisc add dev $DEV parent 1:10 handle 10: pfifo limit 10

2) Marking packets worked better for me.  I could never get it to work 
any other way.  (Hey, I'm not arguing.  I'm jealous.)

3) Shouldn't you also add rules to your PREROUTING table for your 
inbound packets?  Maybe:

iptables -t mangle -A PREROUTING -p udp -m udp --sport 5036 -j MARK 
--set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5036 -j RETURN
iptables -t mangle -A PREROUTING -p udp -m udp --sport 4569 -j MARK 
--set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 4569 -j RETURN
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5060 -j MARK 
--set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5060 -j RETURN

For starters (or use your classify method)

4) Might want to look at an ingress filter so your modem doesn't get 
filled up.

Nice contribution!  I like your queue length idea especially.

John


lists-jmhunter wrote:
> As seen on my post at:
> http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112
> This works very well... It does NOT work with stable 4.0!  sveasoft
> will be issuing a bug fix for this (4.1) in the near future.
> 
> Final Rev of working script w/ asterisk support 
> 
> I'm not going to run alchemy on production machines until it is stablish. 
> 
> Remember to set your uplink properly and to set your proper wan port.
> I use pppoe for mine.
> 
> This must be used with pre 3.11 
> 
> Here are detailed instructions on how to commit this to nvram:
> http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=2943&start=0
> 
> I used that same script but did some final tweaks to make it work
> perfect for Asterisk using IAX and SIP!
> 
> 
> 
> Code:
> 
> 
> IPT=/usr/sbin/iptables 
> IP=/usr/sbin/ip 
> TC=/usr/sbin/tc 
> 
> # Specify ethernet device, Queue length, and MTU size 
> # ((qlen * mtu) / rate) / 1024 = time 
> DEV=ppp0 
> OUT_QLEN=30 
> MTU=1492 
> 
> # Set to ~80% of tested maximum bandwidth 
> UPLINK=495 
> 
> # specify class rates - We grant each class at LEAST its "fair share" of 
> # bandwidth. this way no class will ever be starved by another class. 
> UPLINK_1_R=200 # VOIP only 
> UPLINK_2_R=64 # Interactive (low port) traffic and ICMP/ACK 
> UPLINK_3_R=16 # Everything else (ssh) 
> UPLINK_4_R=16 # P2P 
> 
> # Each class is also permitted to consume all of the available bandwidth 
> # if no other classes are in use. 
> UPLINK_1_C=${UPLINK} 
> UPLINK_2_C=${UPLINK} 
> UPLINK_3_C=${UPLINK} 
> UPLINK_4_C=${UPLINK} 
> 
> # remove old qdiscs 
> $TC qdisc del dev $DEV root 2> /dev/null > /dev/null 
> $TC qdisc del dev $DEV ingress 2> /dev/null > /dev/null 
> 
> # reset iptables rules 
> $IPT -t mangle -D POSTROUTING -o $DEV -j MYOUT 
> $IPT -t mangle -F MYOUT 
> $IPT -t mangle -X MYOUT 
> 
> # set outgoing queue length 
> $IP link set dev $DEV qlen ${OUT_QLEN} 
> 
> # lower the MTU to decrease latency 
> #$IP link set dev $DEV mtu $MTU 
> 
> # Create HTB root qdisc with an htb default of 30 
> $TC qdisc add dev $DEV root handle 1: htb default 40 
> 
> # create main rate limit class 
> $TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit 
> 
> # create leaf rate limit classes 
> $TC class add dev $DEV parent 1:1 classid 1:10 htb rate
> ${UPLINK_1_R}kbit ceil ${UPLINK_1_C}kbit prio 0
> $TC class add dev $DEV parent 1:1 classid 1:20 htb rate
> ${UPLINK_2_R}kbit ceil ${UPLINK_2_C}kbit prio 1
> $TC class add dev $DEV parent 1:1 classid 1:30 htb rate
> ${UPLINK_3_R}kbit ceil ${UPLINK_3_C}kbit prio 2
> $TC class add dev $DEV parent 1:1 classid 1:40 htb rate
> ${UPLINK_4_R}kbit ceil ${UPLINK_4_C}kbit prio 3
> 
> # attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ 
> # insures that within each class connections will be treated (almost) fairly. 
> $TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 
> $TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 
> $TC qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 
> $TC qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10 
> 
> # add MYOUT chain to the mangle table in $IPT - this sets up the table 
> # we use to filter and mark packets. 
> $IPT -t mangle -N MYOUT 
> $IPT -t mangle -I POSTROUTING -o $DEV -j MYOUT 
> 
> # add fwmark entries to classify different types of traffic - Set fwmark from 
> # 10-40 according to desired class. 10 is highest prio. 
> 
> # outgoing VOIP rules - trumps everything else 
> $IPT -t mangle -A MYOUT -p udp --sport 5060:5063 -j CLASSIFY --set-class 1:10 
> $IPT -t mangle -A MYOUT -p udp --dport 5060:5063 -j CLASSIFY --set-class 1:10 
> $IPT -t mangle -A MYOUT -p udp --sport 4569:4569 -j CLASSIFY --set-class 1:10 
> $IPT -t mangle -A MYOUT -p udp --dport 4569:4569 -j CLASSIFY --set-class 1:10 
> $IPT -t mangle -A MYOUT -p udp --sport 5036:5036 -j CLASSIFY --set-class 1:10 
> $IPT -t mangle -A MYOUT -p udp --dport 5036:5036 -j CLASSIFY --set-class 1:10 
> 
> # default for outgoing interactive ports rules 
> $IPT -t mangle -A MYOUT -p tcp --sport 0:1024 -j CLASSIFY --set-class 1:20 
> $IPT -t mangle -A MYOUT -p tcp --dport 0:1024 -j CLASSIFY --set-class 1:20 
> 
> # the ack rule -- for ack packets smaller than 64 bytes --it must be
> added using
> # tc filter instead of iptables for now because the length module appears to be 
> # broken and/or missing from the wrt54g iptables 
> $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip
> protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33
> flowid 1:10
> $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip
> protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0x60 0xff at 33
> flowid 1:10
> $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip
> protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0xb8 0xff at 33
> flowid 1:10
> # outgoing DNS rule 
> $IPT -t mangle -A MYOUT -p udp --dport domain -j CLASSIFY --set-class 1:20 
> 
> # cheap outgoing ping rule 
> $IPT -t mangle -A MYOUT -p icmp -j CLASSIFY --set-class 1:20 
> 
> # outgoing ssh connection rule 
> $IPT -t mangle -A MYOUT -p tcp --sport ssh -j CLASSIFY --set-class 1:20 
> $IPT -t mangle -A MYOUT -p tcp --dport ssh -j CLASSIFY --set-class 1:20 
> 
> # outgoing P2P rules -- these are close to last b/c they use
> relatively costly layer 7 matching
> $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols
> --l7proto directconnect -j CLASSIFY --set-class 1:40
> $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols
> --l7proto fasttrack -j CLASSIFY --set-class 1:40
> 
> # outgoing default rule - unmarked packets get schleped into lowest prio 
> $IPT -t mangle -A MYOUT -m mark --mark 0 -j CLASSIFY --set-class 1:30 
> 
> # All done, exit ok 
> exit 0 
> '
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>

More information about the asterisk-users mailing list