[Asterisk-Users] VOIP CBQ BandLimit HELP!!

Andrew Kohlsmith akohlsmith-asterisk at benshaw.com
Tue Jun 1 06:30:29 MST 2004 

On Tuesday 01 June 2004 05:44, joachim wrote:
> Do you have a working firewall ruleset for HTB, optimized for voip ?

Here, for your viewing pleasure, is my htb script.  I am *positive* it can be 
improved upon.  I found I had to put the bulk traffic in a separate HTB 
"branch" or otherwise it would tend to borrow from the VOIP branch way too 
early and cause a lot of stutter.

Again, this isn't to be taken as an official, proven and perfect system.  I am 
welcome to any suggestions or improvements.  As you can see from the diagram 
I am planning on doing some more fine tuning, but it works pretty damned well 
as is.  My next post will be the Cisco 2610's configuration on the other side 
of the link.

Regards,
Andrew

#!/bin/sh

TCOP="add"
IPTOP="-A"

if [ "$1" == "stop" ]; then
        echo "Stopping..."
        TCOP="del"
        IPTOP="-D"
fi

#          +---------+
#          | root 1: |
#          +---------+
#               |
# +----------------------------+
# |         class 1:1          |
# +----------------------------+
#   |           |           |
# +----+      +----+      +----+
# |1:10|      |1:20|      |1:30|
# +----+      +----+      +----+
#               |
#      +--------+--------+
#      |        |        |
#   +-----+  +-----+  +-----+
#   |1:100|  |1:101|  |1:102|
#   +-----+  +-----+  +-----+

# 1:10 is the class for VOIP traffic, pfifo qdisc
# 1:20 is for bulk traffic (htb, leaves use sfq)
# 1:30 is the class that interactive and TCP SYN/ACK traffic (sfq qdisc)

# 1:20 is further split up into different kinds of bulk traffic: web, mail and
# everything else.  1:100-102 fight amongst themselves for their slice of 
excess
# bandwidth, and in turn 1:10,20 and 30 then fight for any excess above their
# minimum rates.

# which interface to throw all this on (DSL)
IF=eth2

# ciel is 75% of max rate (768kbps)
# rate is 65% of max rate
# we don't let it go to 100% because we don't want the DSL modems to have a 
ton
# of packets in their buffers.  *we* want to do the buffering.

RATE=576
CEIL=640
#RATE=450
#CEIL=500

tc qdisc ${TCOP} dev ${IF} root handle 1: htb default 102
tc class ${TCOP} dev ${IF} parent 1:   classid 1:1 htb rate ${RATE}kbit ceil 
${CEIL}kbit

tc class ${TCOP} dev ${IF} parent 1:1  classid 1:10 htb rate 64kbit ceil 
${RATE}kbit prio 1
tc class ${TCOP} dev ${IF} parent 1:1  classid 1:20 htb rate 64kbit ceil 
${RATE}kbit prio 2

tc class ${TCOP} dev ${IF} parent 1:20 classid 1:100 htb rate ${RATE}kbit
tc class ${TCOP} dev ${IF} parent 1:20 classid 1:101 htb rate ${RATE}kbit
tc class ${TCOP} dev ${IF} parent 1:20 classid 1:102 htb rate ${RATE}kbit

tc qdisc ${TCOP} dev ${IF} parent 1:10  handle 10:  pfifo
tc qdisc ${TCOP} dev ${IF} parent 1:100 handle 100: sfq perturb 10
tc qdisc ${TCOP} dev ${IF} parent 1:101 handle 101: sfq perturb 10
tc qdisc ${TCOP} dev ${IF} parent 1:102 handle 102: sfq perturb 10

tc filter ${TCOP} dev ${IF} parent 1:0 protocol ip prio 1 handle 1 fw classid 
1:10
tc filter ${TCOP} dev ${IF} parent 1:0 protocol ip prio 4 handle 4 fw classid 
1:100

# IAX2 prio 0.
iptables -t mangle ${IPTOP} PREROUTING -p udp -m udp --dport 4569 -j MARK 
--set-mark 0x1
iptables -t mangle ${IPTOP} PREROUTING -p udp -m udp --dport 4569 -j RETURN

# everything else goes into lowest priority (best effort).
iptables -t mangle ${IPTOP} PREROUTING -j MARK --set-mark 0x4
iptables -t mangle ${IPTOP} OUTPUT -j MARK --set-mark 0x4

More information about the asterisk-users mailing list