aboutsummaryrefslogblamecommitdiffstats
path: root/main/iproute2-qos/qos.eth0.sample
blob: 1578dfa5726940f57720b44a6f061a1d2aac90e7 (plain) (tree)
1
2
3
4
5
6
7
8
9






                                                                                                 

                                                    















                                                                                                         
              






                                                                         
                             
                           
                          















                                                                                                                           


                                   

                                              
                                                                                                                                                      

                             
                                                                                                                                      
 


                                                











                            
                                            
 
                                             

                             













                                                                           

     

                                                                       

                

                                                                         

     
                                                                          

    




                                                                                                     
 


                                          




                            
                                      


                            

                                                                     
 


                                   
 



                                                                     


                                                                                       





                                                                             


                                         
                                                                    
# Device being configured
DEV=eth0

# IFB device is used to mirror ingress traffic from $DEV (see INGRESS_ALG)
IFB_DEV=ifb0 # Leave blank if $DEV is ifbX

# Internet EGRESS/INGRES rates in kbit or mbit. Measure this on a free line to gain precise value
EGRESS_RATE=512kbit	# 128kbit, 256kbit, 512kbit
INGRESS_RATE=2048kbit	# 256kbit, 512kbit, 1024kbit

# In order to control a queue at the router/bridge side we will downgrade a real link speed on purpose
RATE_SUB_PERCENT=5	# 20, 10

# Device physical speed in kbit or mbit
DEV_RATE=50mbit

# EGRESS root Classfull Disciplins
#
#  htb:    if link is not congested or you want to control busrts of traffic; recommended for downstream.
#  hfsc:   if link is congested and you need to control guarantees of delay; recommended for upstream.
#		dmax = 50-100 [ms] = 50000-100000 [microsec]
#		umax = MIN (rate * (dmax / 1000), 1500) [b]
#  prio:   if rate is variable and you want to be sure that interactive traffic has ultimate priority
#  none:   if link is not congested 
#
EGRESS_ALG=htb

# EGRESS leaf Queuing Disciplines
#
#  pfifo:  real-time streams or IPSEC
#  sfq:    TCP sessions or best-effort class traffic
#  red:    hightly congested links or high-speed Internet [> 10Mbit/sec])
#
INTERACTIVE_LEAF_QDISC=pfifo 
PRIVILEGED_LEAF_QDISC=pfifo
BESTEFFORT_LEAF_QDISC=red 
LAN_LEAF_QDISC=sfq

# INGRESS treatment
#
#  police:  if link is constantly heavy congested set simple traffic policing
#  cpolice: if link is constantly heavy congested but you need certain dedicated rates then set classfull traffic policiing
#  ifb:    shape INGRESS traffic as EGRESS of intermediate IFB device (aka imq)
#  none:    if link is not congested 
#
INGRESS_ALG=ifb

# Filter rules (see tc, tc-filters man pages). 
#  You may have multiple <CLASS-NAME>_FILTER_<n> items. 
#  Maximum 100 filter items are allowed for each class.
#  By default ALL unclassified traffic is being assined to Best-Effort class.

###################################
### INTERACTIVE FILTERING RULES ###
###################################

# ACK with payload < 64 bytes (32-bit version)
INTERACTIVE_FILTER_10="protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33"

# ACK with payload < 64 bytes
INTERACTIVE_FILTER_11="protocol ip prio 11 u32 match ip protocol 6 0xff match u8 0x10 0xff at nexthdr+13 match u16 0x0000 0xffc0 at 2"

# PHB	TOS		HEX  NOTES
# ----------------------------------------------
#			0x10 SSH, IAX2
#			0x18
# CS1	PRIORITY	0x20
# AF11 			0x28
# AF12 			0x30
# AF13 			0x38
#
# CS2	IMMEDIATE	0x40
# AF21			0x48
# AF22			0x50
# AF23			0x58
#
# CS5	CRITICAL	0xA0
# EF			0xB8 IAX2, SIP Voice
#
# CS6 INTERNETWORKCNTRL 0xC0 BGP (by default)
# CS7 NETWORKCONTROL	0xE0 

INTERACTIVE_FILTER_30="protocol ip prio 30 u32 match ip tos 0xb8 0xff"
INTERACTIVE_FILTER_31="protocol ip prio 31 u32 match ip tos 0x10 0xff"
INTERACTIVE_FILTER_32="protocol ip prio 32 u32 match ip tos 0x18 0xff"
INTERACTIVE_FILTER_33="protocol ip prio 33 u32 match ip tos 0xa0 0xff"

# UDP
INTERACTIVE_FILTER_90="protocol ip prio 90 u32 match ip protocol 0x11 0xff"

# ICMP
INTERACTIVE_FILTER_91="protocol ip prio 91 u32 match ip protocol 0x1 0xff"

##################################
### PRIVILEGED FILTERING RULES ###
##################################

# SSH
PRIVILEGED_FILTER_20="protocol ip prio 20 u32 match ip dport 22 0xffff"
PRIVILEGED_FILTER_21="protocol ip prio 21 u32 match ip sport 22 0xffff"

# Remote Desktop
PRIVILEGED_FILTER_22="protocol ip prio 22 u32 match ip dport 3389 0xffff"
PRIVILEGED_FILTER_23="protocol ip prio 23 u32 match ip sport 3389 0xffff"

# ESP
PRIVILEGED_FILTER_50="protocol ip prio 50 u32 match ip protocol 0x32 0xff"

# AH
PRIVILEGED_FILTER_51="protocol ip prio 51 u32 match ip protocol 0x33 0xff"

# IPSEC-NAT
PRIVILEGED_FILTER_52="protocol ip prio 52 u32 match ip protocol 0x11 0xff match ip dport 4500 0xffff"
PRIVILEGED_FILTER_53="protocol ip prio 53 u32 match ip protocol 0x11 0xff match ip sport 4500 0xffff"

# PHB	TOS		HEX  NOTES
# --------------------------------------
# CS3	FLASH		0x60 SIP signaling
# AF31			0x68
# AF32			0x70
# AF33			0x78
#
# CS4	FLASHOVERRIDE 	0x80
# AF41			0x88 SIP Video
# AF42			0x90
# AF43			0x98

PRIVILEGED_FILTER_80="protocol ip prio 80 u32 match ip tos 0x60 0xff"
PRIVILEGED_FILTER_81="protocol ip prio 81 u32 match ip tos 0x88 0xff"

###################################
### BEST-EFFORT FILTERING RULES ###
###################################

BESTEFFORT_FILTER_85="protocol ip prio 85 u32 match ip tos 0x4 0xff"
BESTEFFORT_FILTER_86="protocol ip prio 86 u32 match ip tos 0x6 0xff"
BESTEFFORT_FILTER_87="protocol ip prio 87 u32 match ip tos 0x90 0xff"
BESTEFFORT_FILTER_88="protocol ip prio 88 u32 match ip tos 0x98 0xff"

# Example: Any traffic from/to 192.168.1.0/24 network will be classified as best-effort
#
### BESTEFFORT_FILTER_5="protocol ip prio 10 u32 match ip src 192.168.1.0/24"
### BESTEFFORT_FILTER_6="protocol ip prio 11 u32 match ip dst 192.168.1.0/24"

###########################
### LAN FILTERING RULES ###
###########################

# Example: Traffic Originated from router
#
###LAN_FILTER_10="protocol ip prio 10 u32 match ip src 192.168.1.10"