Dynamic QoS How-TO (FwGuardian steps)
Dynamic QoS HOW-TO By Humberto L Jucá (betolj@gmail.com) The purpose of this how-to is to demonstrate a technique for dynamic QoS, similar to Squid delay_pools, just using the firewall features and traffic control native on the Linux kernel (2.6 series). The idea is basically to divide the total bandwidth into smaller slices (virtual links). The TCP/UDP sessions will be distributed in round-robin to each of these slices. We will do a load-balance between classes using the extension of netfilter "statistic" (nth mode) and load-balance will be made per session (using CONNMARK) or hash IP address (using recent). - Enable QoS module: ./fwguardian --enable tfstart - Change config file: vim fw4.2/tfshape/shape.conf set-qos lannet speed=eth0:100Mbit with-ingress set-egress lannet->download rate=1500kbit:1500kbit burst=10k set-egress download->dwn1 rate=500Kbit:1300Kbit nf-lb nf-mark set-egress download->dwn2 rate=500Kbit:1300Kbit nf-lb nf-mark set-egress download->dwn3 rate=500Kbit:1300Kbit nf-lb nf-mark set-filter any->eth0 0/0 0/0 %LB - Reload firewall script: ./fwguardian The FwGuardian script will make qos rules into "QoS_LBRules" chain. So, you need "classify" the traffic using classification rules with "target %LB". PS.: 1. The "set-filter" rules only make sense if they are used as "triggers" or "Dynamic QoS". 2. The other classification rules are used as examples in the present configuration file. 3. Using "nf-mark" option, script will make "QoS by connection" (CONNMARK). 4. Without "nf-mark", script will make "QoS by Hash IP" (recent). Suggestions? betolj@gmail.com
HOW-TO
about
Current version:
4.2.5 (Pre 4.3)
Developed
by
Humberto L Jucá
betolj@gmail.com
FWGuardian Authenticated Area Access
Web server based in Horatio Project
