$TC qdisc add dev $DEV parent 1:10 handle 10: pfifo limit 10
2) Marking packets worked better for me. I could never get it to work any other way. (Hey, I'm not arguing. I'm jealous.)
3) Shouldn't you also add rules to your PREROUTING table for your inbound packets? Maybe:
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5036 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5036 -j RETURN
iptables -t mangle -A PREROUTING -p udp -m udp --sport 4569 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 4569 -j RETURN
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5060 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5060 -j RETURN
For starters (or use your classify method)
4) Might want to look at an ingress filter so your modem doesn't get filled up.
Nice contribution! I like your queue length idea especially.
John
lists-jmhunter wrote:
As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future.
Final Rev of working script w/ asterisk support
I'm not going to run alchemy on production machines until it is stablish.
Remember to set your uplink properly and to set your proper wan port. I use pppoe for mine.
This must be used with pre 3.11
Here are detailed instructions on how to commit this to nvram: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=2943&start=0
I used that same script but did some final tweaks to make it work perfect for Asterisk using IAX and SIP!
Code:
IPT=/usr/sbin/iptables IP=/usr/sbin/ip TC=/usr/sbin/tc
# Specify ethernet device, Queue length, and MTU size # ((qlen * mtu) / rate) / 1024 = time DEV=ppp0 OUT_QLEN=30 MTU=1492
# Set to ~80% of tested maximum bandwidth UPLINK=495
# specify class rates - We grant each class at LEAST its "fair share" of # bandwidth. this way no class will ever be starved by another class. UPLINK_1_R=200 # VOIP only UPLINK_2_R=64 # Interactive (low port) traffic and ICMP/ACK UPLINK_3_R=16 # Everything else (ssh) UPLINK_4_R=16 # P2P
# Each class is also permitted to consume all of the available bandwidth # if no other classes are in use. UPLINK_1_C=${UPLINK} UPLINK_2_C=${UPLINK} UPLINK_3_C=${UPLINK} UPLINK_4_C=${UPLINK}
# remove old qdiscs $TC qdisc del dev $DEV root 2> /dev/null > /dev/null $TC qdisc del dev $DEV ingress 2> /dev/null > /dev/null
# reset iptables rules $IPT -t mangle -D POSTROUTING -o $DEV -j MYOUT $IPT -t mangle -F MYOUT $IPT -t mangle -X MYOUT
# set outgoing queue length $IP link set dev $DEV qlen ${OUT_QLEN}
# lower the MTU to decrease latency #$IP link set dev $DEV mtu $MTU
# Create HTB root qdisc with an htb default of 30 $TC qdisc add dev $DEV root handle 1: htb default 40
# create main rate limit class $TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit
# create leaf rate limit classes $TC class add dev $DEV parent 1:1 classid 1:10 htb rate
${UPLINK_1_R}kbit ceil ${UPLINK_1_C}kbit prio 0
$TC class add dev $DEV parent 1:1 classid 1:20 htb rate
${UPLINK_2_R}kbit ceil ${UPLINK_2_C}kbit prio 1
$TC class add dev $DEV parent 1:1 classid 1:30 htb rate
${UPLINK_3_R}kbit ceil ${UPLINK_3_C}kbit prio 2
$TC class add dev $DEV parent 1:1 classid 1:40 htb rate
${UPLINK_4_R}kbit ceil ${UPLINK_4_C}kbit prio 3
# attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ # insures that within each class connections will be treated (almost) fairly. $TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 $TC qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10
# add MYOUT chain to the mangle table in $IPT - this sets up the table # we use to filter and mark packets. $IPT -t mangle -N MYOUT $IPT -t mangle -I POSTROUTING -o $DEV -j MYOUT
# add fwmark entries to classify different types of traffic - Set fwmark from # 10-40 according to desired class. 10 is highest prio.
# outgoing VOIP rules - trumps everything else $IPT -t mangle -A MYOUT -p udp --sport 5060:5063 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --dport 5060:5063 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --sport 4569:4569 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --dport 4569:4569 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --sport 5036:5036 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --dport 5036:5036 -j CLASSIFY --set-class 1:10
# default for outgoing interactive ports rules $IPT -t mangle -A MYOUT -p tcp --sport 0:1024 -j CLASSIFY --set-class 1:20 $IPT -t mangle -A MYOUT -p tcp --dport 0:1024 -j CLASSIFY --set-class 1:20
# the ack rule -- for ack packets smaller than 64 bytes --it must be
added using
# tc filter instead of iptables for now because the length module appears to be # broken and/or missing from the wrt54g iptables $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip
protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33
flowid 1:10
$TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip
protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0x60 0xff at 33
flowid 1:10
$TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip
protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0xb8 0xff at 33
flowid 1:10
# outgoing DNS rule $IPT -t mangle -A MYOUT -p udp --dport domain -j CLASSIFY --set-class 1:20
# cheap outgoing ping rule $IPT -t mangle -A MYOUT -p icmp -j CLASSIFY --set-class 1:20
# outgoing ssh connection rule $IPT -t mangle -A MYOUT -p tcp --sport ssh -j CLASSIFY --set-class 1:20 $IPT -t mangle -A MYOUT -p tcp --dport ssh -j CLASSIFY --set-class 1:20
# outgoing P2P rules -- these are close to last b/c they use relatively costly layer 7 matching $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto directconnect -j CLASSIFY --set-class 1:40 $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto fasttrack -j CLASSIFY --set-class 1:40
# outgoing default rule - unmarked packets get schleped into lowest prio $IPT -t mangle -A MYOUT -m mark --mark 0 -j CLASSIFY --set-class 1:30
# All done, exit ok exit 0 '
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
