[Asterisk-Users] Asterisk QOS working perfect using sveasoft 3.11g

Andrew Kohlsmith akohlsmith-asterisk at benshaw.com
Thu Aug 5 03:56:24 MST 2004 

On Wednesday 04 August 2004 05:26, lists-jmhunter wrote:
> As seen on my post at:
> http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112
> This works very well... It does NOT work with stable 4.0!  sveasoft
> will be issuing a bug fix for this (4.1) in the near future.

I've been using the following script on my 4032/800kbps ADSL connection for 
over three weeks now -- note I am using an Sangoma S518 ADSL PCI card so I do 
not have to rate limit my uplink lower than my line rate -- if you are using 
a craptastic Speedstream DSL modem (the kind Bell Canada gives you) or really 
any external ADSL modem connected via ethernet or USB you will need to rate 
limit your uplink by adjusting the UPRATE variable.

What it does:
- short queue lengths to prevent backlog of time-sensitive packets
- prioritize outgoing traffic on the DSL side, keeping the total outgoing rate 
to my line speed
- prioritize outgoing traffic on the ethernet side (just a priomap) so that 
any incoming VOIP traffic gets spat out the ethernet interface first
- P2P traffic is marked using ipt_p2p and given lowest priority

This is on a router serving a small network of local businesses so SFQ is used 
everywhere and I can guarantee minimum rates by adjusting the limiter.  I 
think they only thing I'd change in the next iteration is to add another htb 
leaf and have p2p bumped down one class lower than SMTP traffic.

I can saturate the link in both directions (a dozen or so separate bittorrent 
transfers, some freetracker stuff and a couple big FTPs in both directions) 
and VOIP traffic doesn't seem to suffer at all.

-A.

#!/bin/bash

DSLDEV=wp1adsl
LANDEV=eth0
UPRATE=800
DOWNRATE=4032

if [ "$1" = "upstatus" ]
then
        tc -s qdisc ls dev $DSLDEV
        echo
        tc -s class ls dev $DSLDEV
        exit
fi

if [ "$1" = "downstatus" ]
then
        tc -s qdisc ls dev $LANDEV
        echo
        tc -s class ls dev $LANDEV
        exit
fi

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DSLDEV root    2> /dev/null > /dev/null
tc qdisc del dev $DSLDEV ingress 2> /dev/null > /dev/null

tc qdisc del dev $LANDEV root    2> /dev/null > /dev/null
tc qdisc del dev $LANDEV ingress 2> /dev/null > /dev/null

iptables -t mangle -D PREROUTING -m p2p -j CONNMARK --set-mark 1 2> /dev/null 
> /dev/null
iptables -t mangle -D PREROUTING -m connmark --mark 1 -j CONNMARK 
--restore-mark 2> /dev/null > /dev/null

if [ "$1" = "stop" ]
then
        exit
fi

# *** UPSTREAM (SENDING) CONFIG ***

CEIL=$[100*$UPRATE/100]
VOIPRATE=$[50*$CEIL/100]
MISCRATE=$[50*$CEIL/100]

# set packet queue much smaller than default (100):
ip link set dev $DSLDEV qlen 10

# install root HTB, point default traffic to 1:30:
tc qdisc add dev $DSLDEV root handle 1: htb r2q 1 default 30

# shape everything at $CEIL speed - this prevents huge queues in the DSL modem 
which destroy latency:
tc class add dev $DSLDEV parent 1: classid 1:1 htb rate ${CEIL}kbit

# 1:10 - VOIP traffic
# 1:20 - high priority (interactive) traffic
# 1:30 - default (bulk) traffic
# 1:40 - lowest priority traffic
tc class add dev $DSLDEV parent 1:1 classid 1:10 htb rate ${VOIPRATE}kbit ceil 
${CEIL}kbit prio 1
tc class add dev $DSLDEV parent 1:1 classid 1:20 htb rate 
$[50*$MISCRATE/100]kbit ceil ${CEIL}kbit prio 2
tc class add dev $DSLDEV parent 1:1 classid 1:30 htb rate 
$[30*$MISCRATE/100]kbit ceil ${CEIL}kbit prio 3
tc class add dev $DSLDEV parent 1:1 classid 1:40 htb rate 
$[20*$MISCRATE/100]kbit ceil ${CEIL}kbit prio 4

# VOIP gets FIFO with a (very) short queue, the rest get Stochastic Fairness:
tc qdisc add dev $DSLDEV parent 1:10 handle 10: pfifo limit 5
tc qdisc add dev $DSLDEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DSLDEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DSLDEV parent 1:40 handle 40: sfq perturb 10

# VOIP traffic in 1:10
# TOS min delay, ICMP, DNS and TCP ACKs in 1:20
# bulk traffic is already thrown in to 1:30 by "default" in root qdisc
# all SMTP and P2P traffic and anything to/from Rosu's or Bakelaar's IPs go 
into 1:40

tc filter add dev $DSLDEV parent 1: protocol ip prio 10 u32 match ip dport 
4569 0xffff match ip protocol 17 0xff flowid 1:10
tc filter add dev $DSLDEV parent 1: protocol ip prio 11 u32 match ip sport 
4569 0xffff match ip protocol 17 0xff flowid 1:10
tc filter add dev $DSLDEV parent 1: protocol ip prio 12 u32 match ip dst 
66.225.202.72 flowid 1:10

tc filter add dev $DSLDEV parent 1:0 protocol ip prio 21 u32 match ip protocol 
1 0xff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 22 u32 match ip protocol 
47 0xff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 23 u32 match ip protocol 
50 0xff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 24 u32 match ip sport 53 
0xffff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 25 u32 match ip dport 53 
0xffff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 26 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:20

# low-priority src/dest ports
tc filter add dev $DSLDEV parent 1: protocol ip prio 40 u32 match ip dport 25 
0xffff flowid 1:40
tc filter add dev $DSLDEV parent 1: protocol ip prio 41 u32 match ip sport 25 
0xffff flowid 1:40
tc filter add dev $DSLDEV parent 1: protocol ip prio 42 u32 match ip sport 110 
0xffff flowid 1:40
tc filter add dev $DSLDEV parent 1: protocol ip prio 43 u32 match ip sport 143 
0xffff flowid 1:40

# low-priority specific src/dest *hosts*
tc filter add dev $DSLDEV parent 1: protocol ip prio 44 u32 match ip src 
a.b.c.d flowid 1:40
tc filter add dev $DSLDEV parent 1: protocol ip prio 45 u32 match ip src 
a.b.c.d flowid 1:40

# any traffic that the p2p match module for iptables finds (it marks with 
--set-mark 1): 
tc filter add dev $DSLDEV parent 1: protocol ip prio 46 handle 1 fw flowid 
1:40

# LAN ingress handler; drop any NON-VOIP traffic > rate
# note the weird match to anything on eth1's network (the /25) -- I don't want 
to limit anything that is just passing
# through the router and back out the same interface.
tc qdisc add dev $DSLDEV handle ffff: ingress
tc filter add dev $DSLDEV parent ffff: protocol ip prio 50 u32 match ip dport 
4569 0xffff match ip protocol 17 0xff flowid :1
tc filter add dev $DSLDEV parent ffff: protocol ip prio 51 u32 match ip sport 
4569 0xffff match ip protocol 17 0xff flowid :1
tc filter add dev $DSLDEV parent ffff: protocol ip prio 52 u32 match ip dst 
66.225.202.72 flowid :1
tc filter add dev $DSLDEV parent ffff: protocol ip prio 54 u32 match ip dst 
0.0.0.0/0 \
   police rate $[90*$DOWNRATE/100]kbit burst 10k drop flowid :1



# *** DOWNSTREAM (RECEIVING) CONFIG ***
# You don't want to police incoming traffic, so we instead limit the rate at 
which we send packets out to the LAN side
CEIL=$[100*$DOWNRATE/100]
# Leave $VOIPRATE the same as before since it'll always be symmetrical (or at 
least it should be)
MISCRATE=$[$[90*$CEIL/100]-$VOIPRATE]

#echo CEIL is $CEIL, VOIPRATE is $VOIPRATE, MISCRATE is $MISCRATE

# set packet queue much smaller than default (100):
ip link set dev $LANDEV qlen 10

# default priomap -----------------------------------------> 1 2 1 1 2 2 2 2 0 
0 0 0 1 1 1 1
tc qdisc add dev $LANDEV root handle 1: prio bands 5 priomap 2 2 2 2 2 2 2 2 1 
1 1 1 2 2 2 2

# 1:1 - VOIP
# 1:2 - interactive traffic
# 1:3 - bulk traffic
# 1:4 - low-priority traffic
# 1:5 - P2P traffic
tc qdisc add dev $LANDEV parent 1:1 handle 10: sfq
tc qdisc add dev $LANDEV parent 1:2 handle 20: sfq
tc qdisc add dev $LANDEV parent 1:3 handle 30: sfq
tc qdisc add dev $LANDEV parent 1:4 handle 40: sfq
tc qdisc add dev $LANDEV parent 1:5 handle 50: sfq

tc filter add dev $LANDEV parent 1: protocol ip prio 11 u32 match ip dport 
4569 0xffff match ip protocol 17 0xff flowid 1:1
tc filter add dev $LANDEV parent 1: protocol ip prio 12 u32 match ip sport 
4569 0xffff match ip protocol 17 0xff flowid 1:1

tc filter add dev $LANDEV parent 1:0 protocol ip prio 21 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:2

tc filter add dev $LANDEV parent 1: protocol ip prio 41 u32 match ip dport 25 
0xffff flowid 1:4
tc filter add dev $LANDEV parent 1: protocol ip prio 42 u32 match ip sport 25 
0xffff flowid 1:4
tc filter add dev $LANDEV parent 1: protocol ip prio 43 u32 match ip src 
a.b.c.d flowid 1:4
tc filter add dev $LANDEV parent 1: protocol ip prio 44 u32 match ip src 
a.b.c.d flowid 1:4

tc filter add dev $LANDEV parent 1: protocol ip prio 51 handle 1 fw flowid 1:5

# p2p detection
iptables -t mangle -A PREROUTING -m p2p -j CONNMARK --set-mark 1
iptables -t mangle -A PREROUTING -m connmark --mark 1 -j CONNMARK 
--restore-mark

More information about the asterisk-users mailing list