[Asterisk-Users] Re: Linux Bridge + QoS Shaper HOWTO available

Jean-Michel Hiver hiver.j at wanadoo.fr
Wed Feb 23 00:20:53 MST 2005 

Ken D'Ambrosio wrote:

> Howdy!  I'm VERY interested in your HOWTO... but the link you have, 
> below, times out.  Any chance you could mail me the HOWTO, or point me 
> to a new link?

Well, linux bridging is *really* easy, here is what I have on my box 
(eth0 goes to the LAN, eth1 to the netgear modem).

  root at stargazer:/etc/extra/bridge# more bridge-up.sh
  brctl addbr br0
  brctl stp br0 off
  brctl addif br0 eth0
  brctl addif br0 eth1
  ifconfig eth0 down
  ifconfig eth1 down
  ifconfig eth0 0.0.0.0 up
  ifconfig eth1 0.0.0.0 up
  ifconfig br0 192.168.0.150 up
  echo "1" > /proc/sys/net/ipv4/ip_forward
  route add default gw 192.168.0.1

For the shaping, just use and modify any shaping scripts out there. 
Wondershaper is a good start.

Cheers,
Jean-Michel.


NB: I use this modified script I found on the voip-info wiki. It makes a 
very noticeable difference...


#!/bin/bash

DSLDEV=eth1
LANDEV=eth0

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DSLDEV root    2> /dev/null > /dev/null
tc qdisc del dev $DSLDEV ingress 2> /dev/null > /dev/null

tc qdisc del dev $LANDEV root    2> /dev/null > /dev/null
tc qdisc del dev $LANDEV ingress 2> /dev/null > /dev/null

iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu 2> /dev/null

if [ "$1" = "stop" ]
then
        exit
fi

# *** UPSTREAM (SENDING) CONFIG ***

# set packet queue much smaller than default (100):
ip link set dev $DSLDEV qlen 3

# install root HTB, point default traffic to 1:30:
tc qdisc add dev $DSLDEV root handle 1: htb r2q 1 default 30

# shape everything at $CEIL speed - this prevents huge queues in the DSL 
modem which destroy latency:
tc class add dev $DSLDEV parent 1: classid 1:1 htb rate 100kbit

# 1:10 - ICMP ECHO, TCP ACK, interactive traffic
# 1:20 - web traffic
# 1:30 - default (bulk) traffic
# 1:40 - mail
# 1:50 - lowest priority traffic

tc class add dev $DSLDEV parent 1:1 classid 1:10 htb rate 35kbit ceil 
100kbit prio 1
tc class add dev $DSLDEV parent 1:1 classid 1:20 htb rate 25kbit ceil 
100kbit prio 2
tc class add dev $DSLDEV parent 1:1 classid 1:30 htb rate 20kbit ceil 
100kbit prio 3
tc class add dev $DSLDEV parent 1:1 classid 1:40 htb rate 10kbit ceil 
100kbit prio 4
tc class add dev $DSLDEV parent 1:1 classid 1:50 htb rate 10kbit ceil 
100kbit prio 5

# Every qdisc gets Stochastic Fairness (VOIP is not in a qdisc):
tc qdisc add dev $DSLDEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DSLDEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DSLDEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DSLDEV parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev $DSLDEV parent 1:50 handle 50: sfq perturb 10

# VOIP traffic in 1:0 (i.e. skip the HTB entirely and drop it directly 
into the interface queue)
# TOS min delay, ICMP, DNS and TCP ACKs in 1:10
# web traffic (HTTP, HTTPS, 8080, etc.) in 1:20
# bulk traffic is already thrown in to 1:30 by "default" in root qdisc
# all SMTP and P2P traffic and anything to/from Rosu's or Bakelaar's IPs 
go into 1:40

tc filter add dev $DSLDEV parent 1:0 protocol ip prio 1 u32 match ip 
dport 4569 0xffff match ip protocol 17 0xff flowid 1:0
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 2 u32 match ip 
sport 4569 0xffff match ip protocol 17 0xff flowid 1:0

# this computer has priority over others, excluding for VoIP.
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 3 u32 match ip src 
192.168.0.50 flowid 1:0
# tc filter add dev $DSLDEV parent 1:0 protocol ip prio 3 u32 match ip 
dst 66.225.202.72 flowid 1:0

tc filter add dev $DSLDEV parent 1:0 protocol ip prio 10 u32 match ip 
tos 0x10 0xff flowid 1:10
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 11 u32 match ip 
protocol 1 0xff flowid 1:10
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 12 u32 match ip 
protocol 47 0xff flowid 1:10
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 13 u32 match ip 
protocol 50 0xff flowid 1:10
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 14 u32 match ip 
sport 53 0xffff flowid 1:10
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 15 u32 match ip 
dport 53 0xffff flowid 1:10
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 16 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

# web traffic in 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 20 u32 match ip 
sport 80 0xfff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 21 u32 match ip 
sport 443 0xfff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 22 u32 match ip 
dport 80 0xfff flowid 1:20
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 23 u32 match ip 
dport 443 0xfff flowid 1:20

# low-priority src/dest ports
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 40 u32 match ip 
dport 25 0xffff flowid 1:40
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 41 u32 match ip 
sport 25 0xffff flowid 1:40
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 42 u32 match ip 
sport 110 0xffff flowid 1:40
tc filter add dev $DSLDEV parent 1:0 protocol ip prio 43 u32 match ip 
sport 143 0xffff flowid 1:40

# low-priority specific src/dest *hosts*
# tc filter add dev $DSLDEV parent 1:0 protocol ip prio 44 u32 match ip 
src 165.154.13.82 flowid 1:40
# tc filter add dev $DSLDEV parent 1:0 protocol ip prio 45 u32 match ip 
src 165.154.13.83 flowid 1:40

# any traffic that the p2p match module for iptables finds (it marks 
with --set-mark 1):
# tc filter add dev $DSLDEV parent 1:0 protocol ip prio 59 handle 1 fw 
flowid 1:50

# LAN ingress handler; drop any NON-VOIP traffic > rate
tc qdisc add dev $DSLDEV handle ffff: ingress
tc filter add dev $DSLDEV parent ffff: protocol ip prio 90 u32 match ip 
dport 4569 0xffff match ip protocol 17 0xff flowid :1
tc filter add dev $DSLDEV parent ffff: protocol ip prio 91 u32 match ip 
sport 4569 0xffff match ip protocol 17 0xff flowid :1
# tc filter add dev $DSLDEV parent ffff: protocol ip prio 92 u32 match 
ip dst 165.154.13.120 flowid :1

tc filter add dev $DSLDEV parent ffff: protocol ip prio 99 u32 match ip 
dst 0.0.0.0/0 \
   police rate 400kbit burst 10k drop flowid :1

More information about the asterisk-users mailing list