Seems interesting enough. I have two questions. a. what are you running on Fedora Core to shape the traffic? b. let's say that you have VPN site to site tunnels from the FW behind the QoS machines towards a branch office and that some of the traffic in the Tunnel has higher priority then other traffic. The QoS device sees it all as encrypted traffic and can't help there. What would you suggest? would placing the QoS machines elsewhere help?
________________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 9:02 AM To: [EMAIL PROTECTED] Subject: RE: [Asterisk-Users] QOS Device? I will be putting documentation together shortly on how to build a high-availability QoS setup using 2 spare PCs and 4 NICs. I've been very successful with this approach for a T-1 that shares both Citrix and Video Conferencing + normal web traffic and such. The real key is a combination of packet prioritization with traffic shaping. The QoS boxes I build use Fedora Core 1 and are configured as bridges. This way, you just drop them into the right spot on the network and don't have to change routes or anything. Also, I put ntop on them, so they can monitor traffic statistics to/from the WAN. They use Spanning Tree Protocol (part of the bridge-utils package) to make the solution high availability. All traffic routes through the primary QoS box, but if it fails traffic goes through the second box. I took this approach because I was using old HP Vectras (Pentium 200 Pros) that have old drives in them, which _will_ fail at some point. The Vectras were just sitting on the shelf, and I've got more customized shaping going on than any cookie cutter solution will give you. Here's a simple diagram: � � �----------------- � � �| � � �T-1 � � �| � � �----------------- � � � � � � �| � � � � ----------- � � � � | switch �| � � � � ----------- � � � � | � � � � | � � � � � | � � � � | � � � ------ � �------ � � � |QoS1| � �|QoS2| � � � ------ � �------ � � � � | � � � � | � � � � | � � � � | � � � � ----------- � � � � | switch �| � � � � ----------- � � � � � � �| � � � � ------------ � � � � | firewall | � � � � ------------ � � � � �| � � � �| � � � ------- �------- � � � | LAN | �| DMZ | � � � ------- �------- � � � � � -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
