[Asterisk-Users] Lower cost router suitable for VOIP ?
Chris Shaw
chriss at watertech.com
Fri Sep 3 14:48:00 MST 2004
Well.. ok... here goes the "Short" version, I will be adding examples and
explanations to the wiki when I get off work... :-)
Bear in mind this is what I do, change it to fit your situation...
I'm on a cable modem which everyone knows just BLOWS for latency, also it's
an external one so you can't control the buffering... but I've been able to
use Linux QoS to make it near toll-quality with the occasional jitter during
heavy downloading...
I have 3Mbit download speed and an abysmal 256kbit upload speed... Needless
to say that upload is a problem when shared between 6 machines... Everything
that you do requires sending SYN/ACK packets and such which destroys
upstream band... Unless you use QoS these packets will just be thrown at the
interface willy-nilly with no regard for speed and time...
There are 2 ways that I know of to do this and because of the topology of my
network I actually use BOTH methods so I know it works very well!
The first is to use the linux bridging code included in the 2.4.X and 2.6.X
series kernels and the bridge-firewalling code included with the ebtables
project (http://ebtables.sourceforge.net) to create a Layer-2 ethernet
switch with QoS support. I use ebtables and it's packet marking target to
mark packets that are received from my LAN and are destined to be bridged to
my WAN interface hooked into the cable modem. Then I create QoS filters
based on those marks... Using ebtables also allows you to mark packets based
on their destination MAC whereas iptables does not... Bear in mind that this
is a software switch not a hardware switch so it can pass packets at wire
speed but some network drivers are horribly broken and slow (rtl8139, 3c90x,
eepro100, etc..) and also when you open a lot of TCP sockets simultaneously
it uses a lot of memory and CPU... This works beautifully and to the end
users and applications it's completely transparent!
The second way is to simply use IPTABLES and NAT to create a NAT router. In
this scenario you're just using iptables' connection tracking code to do
NAT/MASQUERADING (like in the good ol' IPCHAINS days of 2.2.x or the IPFWADM
days of 2.1.x!). In this situation packet marking is done in the MANGLE
table, in the FORWARDING chain...
For those of you who feel brave/foolish enough to use the U32 packet
matching code instead of marking the packets, that will work for the NAT
router but not in the way you would expect for the bridge because it works
at layer 2...
If you already have a router like a LinkSys or a Dlink that doesn't support
Qos, don't worry! I would suggest using the Linux bridge code and placing a
linux box between your LAN and the router. That way you can implement QoS
and strong firewalling based on IPTABLES to your hardware router!
Again, I'm going to be posting examples of my setup on the wiki. Also I've
written an init-style script for ebtables and am currently working on an
ifup style script for the bridge device. That one's tricky because the
bridge code doesn't pass packets for 30 seconds while it's "Learning". Also
the bridge device is traditionally not assigned an IP address...
-Chris
More information about the asterisk-users
mailing list