Well.. ok... here goes the "Short" version, I will be adding examples and explanations to the wiki when I get off work... :-)
Bear in mind this is what I do, change it to fit your situation... I'm on a cable modem which everyone knows just BLOWS for latency, also it's an external one so you can't control the buffering... but I've been able to use Linux QoS to make it near toll-quality with the occasional jitter during heavy downloading... I have 3Mbit download speed and an abysmal 256kbit upload speed... Needless to say that upload is a problem when shared between 6 machines... Everything that you do requires sending SYN/ACK packets and such which destroys upstream band... Unless you use QoS these packets will just be thrown at the interface willy-nilly with no regard for speed and time... There are 2 ways that I know of to do this and because of the topology of my network I actually use BOTH methods so I know it works very well! The first is to use the linux bridging code included in the 2.4.X and 2.6.X series kernels and the bridge-firewalling code included with the ebtables project (http://ebtables.sourceforge.net) to create a Layer-2 ethernet switch with QoS support. I use ebtables and it's packet marking target to mark packets that are received from my LAN and are destined to be bridged to my WAN interface hooked into the cable modem. Then I create QoS filters based on those marks... Using ebtables also allows you to mark packets based on their destination MAC whereas iptables does not... Bear in mind that this is a software switch not a hardware switch so it can pass packets at wire speed but some network drivers are horribly broken and slow (rtl8139, 3c90x, eepro100, etc..) and also when you open a lot of TCP sockets simultaneously it uses a lot of memory and CPU... This works beautifully and to the end users and applications it's completely transparent! The second way is to simply use IPTABLES and NAT to create a NAT router. In this scenario you're just using iptables' connection tracking code to do NAT/MASQUERADING (like in the good ol' IPCHAINS days of 2.2.x or the IPFWADM days of 2.1.x!). In this situation packet marking is done in the MANGLE table, in the FORWARDING chain... For those of you who feel brave/foolish enough to use the U32 packet matching code instead of marking the packets, that will work for the NAT router but not in the way you would expect for the bridge because it works at layer 2... If you already have a router like a LinkSys or a Dlink that doesn't support Qos, don't worry! I would suggest using the Linux bridge code and placing a linux box between your LAN and the router. That way you can implement QoS and strong firewalling based on IPTABLES to your hardware router! Again, I'm going to be posting examples of my setup on the wiki. Also I've written an init-style script for ebtables and am currently working on an ifup style script for the bridge device. That one's tricky because the bridge code doesn't pass packets for 30 seconds while it's "Learning". Also the bridge device is traditionally not assigned an IP address... -Chris _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
