IPTABLES and QOS

metallica1973 · 02-27-2008, 06:52 AM

Can anyone point me in the right direction for setting up QOS and prioritization of packets. I have a small office with VOIP appliances and wanted to know the correct way to approach QOS for the VOIP phones and data thanks

fmyhr · 02-28-2008, 12:53 AM

Hi,

I've played with this in the past. With real-time data streams like VOIP it's all about latency (and jitter - variations in latency). If you can't deliver your VOIP packet within x ms, you might as well drop it, it's useless.

Some tips:

If your uplink is relatively slow (like ADSL), choose an MTU smaller than default 1500 to limit jitter. Figure jitter = time to send largest possible packet. (Large data packet "getting in the way" of your VOIP stream.) In my case, jitter of around 20ms seemed ok, I ended up using MTU 736 to achieve this. (For DSL there are "magic" MTU's that give best efficiency, 736 was one such for me.)

Use a tbf at the root of your egress queue that limits the rate to slightly less than your unmanaged upload speed. This is so that your linux machine, rather than any buffer in your uplink device, controls the queue. Use a small bucket size to limit jitter (think jitter = time to send full bucket). In case you had to use small MTU in previous step, the bucket size will ideally be MTU size. Small buckets lead to problems with metering--new tokens are available only once (I think) each "jiffie". Newer kernels allow you to set HZ to 1000, this helps.

Inside your tbf use a prio that gives VOIP packets priority over data packets.

Inside the prio for VOIP, use another tbf to limit max bandwidth that all your VOIP calls can use. Use a smaller rate than in your root tbf. This ensures that you'll always be able to get SOME data out. Use a high enough rate to accommodate the bandwidth of the maximum number of simultaneous VOIP calls you expect. Hopefully you'll have enough upload bandwidth to go around.

Inside the prio for data, use whatever queuing you like for data packets. I like hfsc here.

Instead of the above scheme, you could try using hfsc at the root of the queue and specify realtime bandwidth for your VOIP data. That's how I started but ran into some problems. Those problems could have been caused by my own ignorance though, as I was just starting with QoS. I haven't gone back to try the hfsc at root again. It does seem more elegant than the scheme above. Please let me know if you try it and it works :-)

In case you need some references for QoS:
http://www.tldp.org/HOWTO/html_singl...Control-HOWTO/
http://edseek.com/~jasonb/articles/t...ing/index.html
http://www.opalsoft.net/qos/DS.htm
http://lartc.org/howto/
http://linux-ip.net/articles/hfsc.en/

Have fun!
Frank

metallica1973 · 02-28-2008, 05:07 PM

Wow, my brain is on fire. It will take a bit for me to get this stuff but do you have any IPTABLES/firewall examples of these examples by chance?

Deleriux · 02-28-2008, 06:03 PM

Personally I use the hbf but its the same kind of thing on a classful qdisc.

For iptables you can use the CLASSIFY target to drop certain packets into certain queues - I find it simpler than using the tc filter mechanism which feels somewhat cryptic to me.

If your linux box acts as a gateway (has two interfaces) you can setup egress qdiscs on both interfaces and therefore manage traffic going in and coming out.

metallica1973 · 02-28-2008, 07:49 PM

I will look into this. many thanks