aboutsummaryrefslogtreecommitdiffstats
path: root/main/iproute2-qos/qos.eth0.sample
diff options
context:
space:
mode:
Diffstat (limited to 'main/iproute2-qos/qos.eth0.sample')
-rw-r--r--main/iproute2-qos/qos.eth0.sample130
1 files changed, 130 insertions, 0 deletions
diff --git a/main/iproute2-qos/qos.eth0.sample b/main/iproute2-qos/qos.eth0.sample
new file mode 100644
index 0000000000..a8d1d38567
--- /dev/null
+++ b/main/iproute2-qos/qos.eth0.sample
@@ -0,0 +1,130 @@
+# Device being configured
+DEV=eth0
+
+# IFB device is used to mirror ingress traffic from $DEV (see INGRESS_ALG)
+IFB_DEV=ifb0 # Leave blank if $DEV is ifbX
+
+# Internet EGRESS/INGRES rates in kbit or mbit. Measure this on a free line to gain precise value
+EGRESS_RATE=1000kbit # 128kbit, 256kbit, 512kbit
+INGRESS_RATE=1000kbit # 256kbit, 512kbit, 1024kbit
+
+# In order to control a queue at the router/bridge side we will downgrade a real link speed on purpose
+RATE_SUB_PERCENT=5 # 20, 10
+
+# Device physical speed in kbit or mbit
+DEV_RATE=50mbit
+
+# EGRESS root Classfull Disciplins
+#
+# htb: if link is not congested or you want to control busrts of traffic; recommended for downstream.
+# hfsc: if link is congested and you need to control guarantees of delay; recommended for upstream.
+# dmax = 50-100 [ms] = 50000-100000 [microsec]
+# umax = MIN (rate * (dmax / 1000), 1500) [b]
+# prio: if rate is variable and you want to be sure that interactive traffic has ultimate priority
+# none: if link is not congested
+#
+EGRESS_ALG=hfsc
+
+# EGRESS leaf Queuing Disciplines
+#
+# pfifo: real-time streams or IPSEC
+# sfq: TCP sessions or best-effort class traffic
+# red: hightly congested links or high-speed Internet [> 10Mbit/sec])
+#
+INTERACTIVE_LEAF_QDISC=pfifo
+PRIVILEGED_LEAF_QDISC=pfifo
+BESTEFFORT_LEAF_QDISC=red
+LAN_LEAF_QDISC=sfq
+
+# INGRESS treatment
+#
+# police: if link is constantly heavy congested set simple traffic policing
+# cpolice: if link is constantly heavy congested but you need certain dedicated rates then set classfull traffic policiing
+# ifb: shape INGRESS traffic as EGRESS of intermediate IFB device (aka imq)
+# none: if link is not congested
+#
+INGRESS_ALG=ifb
+
+# Filter rules (see tc, tc-filters man pages).
+# You may have multiple <CLASS-NAME>_FILTER_<n> items.
+# Maximum 100 filter items are allowed for each class.
+# By default ALL unclassified traffic is being assined to Best-Effort class.
+
+# UDP
+INTERACTIVE_FILTER_1="protocol ip prio 100 u32 match ip protocol 0x11 0xff"
+
+# ICMP
+INTERACTIVE_FILTER_2="protocol ip prio 100 u32 match ip protocol 0x1 0xff"
+
+# ACK with payload < 64 bytes (32-bit version)
+INTERACTIVE_FILTER_3="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33"
+
+# ACK with payload < 64 bytes
+INTERACTIVE_FILTER_4="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x10 0xff at nexthdr+13 match u16 0x0000 0xffc0 at 2"
+
+# PHB TOS HEX
+# --------------------------
+# 0x10
+# 0x18
+# CS1 PRIORITY 0x20
+# AF11 0x28
+# AF12 0x30
+# AF13 0x38
+#
+# CS2 IMMEDIATE 0x40
+# AF21 0x48
+# AF22 0x50
+# AF23 0x58
+#
+# CS5 CRITICAL 0xA0
+# EF 0xB8
+#
+# CS6 INTERNETWORKCONTROL 0xC0
+# CS7 NETWORKCONTROL 0xE0
+
+INTERACTIVE_FILTER_5="protocol ip prio 100 u32 match ip tos 0x10 0xff"
+INTERACTIVE_FILTER_6="protocol ip prio 100 u32 match ip tos 0x18 0xff"
+INTERACTIVE_FILTER_7="protocol ip prio 100 u32 match ip tos 0xa0 0xff"
+INTERACTIVE_FILTER_8="protocol ip prio 100 u32 match ip tos 0xb8 0xff"
+
+# SSH
+PRIVILEGED_FILTER_1="protocol ip prio 100 u32 match ip dport 22 0xffff"
+PRIVILEGED_FILTER_2="protocol ip prio 100 u32 match ip sport 22 0xffff"
+
+# Remote Desktop
+PRIVILEGED_FILTER_3="protocol ip prio 100 u32 match ip dport 3389 0xffff"
+PRIVILEGED_FILTER_4="protocol ip prio 100 u32 match ip sport 3389 0xffff"
+
+# ESP
+PRIVILEGED_FILTER_5="protocol ip prio 100 u32 match ip protocol 0x32 0xff"
+
+# AH
+PRIVILEGED_FILTER_6="protocol ip prio 100 u32 match ip protocol 0x33 0xff"
+
+# PHB TOS HEX
+# --------------------------
+# CS3 FLASH 0x60
+# AF31 0x68
+# AF32 0x70
+# AF33 0x78
+#
+# CS4 FLASHOVERRIDE 0x80
+# AF41 0x88
+# AF42 0x90
+# AF43 0x98
+
+PRIVILEGED_FILTER_7="protocol ip prio 100 u32 match ip tos 0x88 0xff"
+
+# IPSEC-NAT
+PRIVILEGED_FILTER_8="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip dport 4500 0xffff"
+PRIVILEGED_FILTER_9="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip sport 4500 0xffff"
+
+
+# Example: Any traffic from/to 192.168.1.0/24 network will be classified as best-effort
+#
+### BESTEFFORT_FILTER_1="protocol ip prio 3 u32 match ip src 192.168.1.0/24"
+### BESTEFFORT_FILTER_2="protocol ip prio 4 u32 match ip dst 192.168.1.0/24"
+
+# Example: Traffic Originated from router
+#
+###LAN_FILTER_1="protocol ip prio 10 u32 match ip src 192.168.1.10" \ No newline at end of file