User:Fog Watch/Packet Shaping on an ADSL link

Practice shaping
We need to develop our techniques on a testbed. A good testbed is two inter-connected machines: +-+ +-+
 * |Terminal|              |
 * |Switch|                            |
 * +-Server-/        \-Client---+ |
 * |sshd   |         |sshd                      | |
 * |iperf -s|        |iperf -c  -i2 -t10| |
 * |       |         |shorewall                 | |
 * |eth0   |         |                          | |
 * ++        |eth0                      | |
 * |ifb0                     | |
 * +-Server-/        \-Client---+ |
 * |sshd   |         |sshd                      | |
 * |iperf -s|        |iperf -c  -i2 -t10| |
 * |       |         |shorewall                 | |
 * |eth0   |         |                          | |
 * ++        |eth0                      | |
 * |ifb0                     | |

Server
Any old box will do for this purpose. We need test traffic between the client and the server. is good for this.

Client
Any old box can be used for this too. One of them will function as the tc firewall and the client. The other will be the server.

Kernel
Specifying a shaping kernel is documented here and here.

If you don't reboot:

Traffic
Some traffic is required between the machines in order to do the testing. iperf can be used for this. I tutorial is available here.

Learning
A Practical Guide to Linux Traffic Control

Linux Advanced Routing & Traffic Control HOWTO Trouble is its old

HTB Linux queuing discipline manual - user guide

The CISCO document Enterprise QoS Solution Reference Network Design Guide, possibly available from here, is interesting, especially for VoIP.

Make sure that everything going out is REJECTed, unless specifically ACCEPTed. That way you can be sure that you are shaping all traffic.

dmax with the HFSC qdisc takes affect when deciding which packets to send that have equal priority. It has a particular effect when the packets are not small.

Notes about the viability of egress and ingress traffic shaping

hysteresis
0 Should be by default for recent kernels.
 * 1) cat /sys/module/sch_htb/parameters/htb_hysteresis

kernel timer
Not the kernel timer frequency setting

qdisc
ppp

FreePBX recommends setting TOS bytes with iptables.

conntrack

To shape through the firewall you have to make sure that you know what is coming in and out. Therefore
 * 1) start off with a reject policy.
 * 2) open up ports with specific rules for specific services
 * 3) Then develop tcrules and tcclasses for each service
 * 4) maybe concatenate them later

Asterisk SIP NAT

 * 1) DIDWW
 * 2) Linux Journal
 * 3) NAT and VoIP
 * 4) general
 * 5) FreePBX perspective
 * 6) Asterisk Guru

ATM padding and HTB

 * 1) Jason's blog
 * 2) Russell Stuart's howto
 * 3) ADSL-optimizer

queuing disciplines

 * 1) HFSC. Also look at Shorewall
 * 2) An HFSC script
 * 3) HFSC notes with some terms explained.
 * 4) Baseless opinion
 * 5) The black art of traffic shaping: HFSC is your friend

General traffic shaping

 * 1) Linux Advanced Routing & Traffic Control HOWTO Old but can be interesting.
 * 2) Netfilter documentation Much of this is quite old
 * 3) Oskar Andreasson's iptables tutorial Some of the best and most modern documentation.
 * 4) Shorewall The most current and some of the best documentation, including traffic shaping.

Conntrack

 * 1) nf_conntrack
 * 2) conntrack entries are cleared with shorewall restart -p, but this doesn't work without #conntrack-tools
 * 3) [The conntrack-tools user manual
 * 4) How to do an shorewall iptrace (23 down the bottom)

Ingress

 * 1) ifb
 * 2) Do we need a lossy class

Utilities

 * 1) tcpdump tutorial