[Asterisk-Users] M0n0Wall traffic shaping rules

Mike Fedyk mfedyk at mikefedyk.com
Wed Jan 4 23:45:23 MST 2006


Michael Graves wrote:

>On Wed, 04 Jan 2006 19:04:18 +0100, Matt Riddell wrote:
>  
>
>>I don't use m0n0wall, but wouldn't it be better just to shape based on a Type
>>Of Service and then set the TOS flags in iax.conf and sip.conf accordingly?
>>
>>-- 
>>Cheers,
>>
>>Matt Riddell
>>    
>>
>
>In a more general sense yes, TOS based QoS is better as it relates to
>outside your LAN. However, when using m0n0wall (great software!) it's
>easiest to assign priority based upon source machine (your * server) IP
>or port number.
>
>The examples given previously in this thread are derived from the
>built-in traffic shaping wizard. This establishes a series of weighted
>ques for data. All you really need to do is be certain that the IAX
>traffic is assigned to the highest priority que. Or all traffic to/from
>your server can be assigned to the hi priority que.
>
>It all sets up the same thing. Since QoS across the internet is pretty
>hard to achieve there's some question as to the actual usefullness of
>TOS bits. In future Telco/DSL providers may actually filter traffic
>looking for TOS tags to deter your from voip applications.
>  
>
Actually no, TOS is mostly useless because it has so few combinations, 
and you have to trust the sender to have a clue.  Unless it originates 
from within your realm of control (most likely one of your LANs), then 
TOS is the last thing you should trust.  It is only useful when you want 
to know the intent of the sender (which is seldom useful).

That is why most examples use source and/or destination port 
specifications in addition to the IP addresses of the machines within 
your network(s) when assigning packet priority.  This prevents people 
from taking advantage of your QoS rules.

When you an ISP it is critical to think of these scenarios.  It doesn't 
hurt to do it the same way in smaller setups where there is much less 
chance of someone trying to take advantage.

Mike



More information about the asterisk-users mailing list