diff options
Diffstat (limited to 'main/iproute2-qos/qos.eth0.sample')
| -rw-r--r-- | main/iproute2-qos/qos.eth0.sample | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/main/iproute2-qos/qos.eth0.sample b/main/iproute2-qos/qos.eth0.sample new file mode 100644 index 0000000000..a8d1d38567 --- /dev/null +++ b/main/iproute2-qos/qos.eth0.sample @@ -0,0 +1,130 @@ +# Device being configured +DEV=eth0 + +# IFB device is used to mirror ingress traffic from $DEV (see INGRESS_ALG) +IFB_DEV=ifb0 # Leave blank if $DEV is ifbX + +# Internet EGRESS/INGRES rates in kbit or mbit. Measure this on a free line to gain precise value +EGRESS_RATE=1000kbit # 128kbit, 256kbit, 512kbit +INGRESS_RATE=1000kbit # 256kbit, 512kbit, 1024kbit + +# In order to control a queue at the router/bridge side we will downgrade a real link speed on purpose +RATE_SUB_PERCENT=5 # 20, 10 + +# Device physical speed in kbit or mbit +DEV_RATE=50mbit + +# EGRESS root Classfull Disciplins +# +# htb: if link is not congested or you want to control busrts of traffic; recommended for downstream. +# hfsc: if link is congested and you need to control guarantees of delay; recommended for upstream. +# dmax = 50-100 [ms] = 50000-100000 [microsec] +# umax = MIN (rate * (dmax / 1000), 1500) [b] +# prio: if rate is variable and you want to be sure that interactive traffic has ultimate priority +# none: if link is not congested +# +EGRESS_ALG=hfsc + +# EGRESS leaf Queuing Disciplines +# +# pfifo: real-time streams or IPSEC +# sfq: TCP sessions or best-effort class traffic +# red: hightly congested links or high-speed Internet [> 10Mbit/sec]) +# +INTERACTIVE_LEAF_QDISC=pfifo +PRIVILEGED_LEAF_QDISC=pfifo +BESTEFFORT_LEAF_QDISC=red +LAN_LEAF_QDISC=sfq + +# INGRESS treatment +# +# police: if link is constantly heavy congested set simple traffic policing +# cpolice: if link is constantly heavy congested but you need certain dedicated rates then set classfull traffic policiing +# ifb: shape INGRESS traffic as EGRESS of intermediate IFB device (aka imq) +# none: if link is not congested +# +INGRESS_ALG=ifb + +# Filter rules (see tc, tc-filters man pages). +# You may have multiple <CLASS-NAME>_FILTER_<n> items. +# Maximum 100 filter items are allowed for each class. +# By default ALL unclassified traffic is being assined to Best-Effort class. + +# UDP +INTERACTIVE_FILTER_1="protocol ip prio 100 u32 match ip protocol 0x11 0xff" + +# ICMP +INTERACTIVE_FILTER_2="protocol ip prio 100 u32 match ip protocol 0x1 0xff" + +# ACK with payload < 64 bytes (32-bit version) +INTERACTIVE_FILTER_3="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33" + +# ACK with payload < 64 bytes +INTERACTIVE_FILTER_4="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x10 0xff at nexthdr+13 match u16 0x0000 0xffc0 at 2" + +# PHB TOS HEX +# -------------------------- +# 0x10 +# 0x18 +# CS1 PRIORITY 0x20 +# AF11 0x28 +# AF12 0x30 +# AF13 0x38 +# +# CS2 IMMEDIATE 0x40 +# AF21 0x48 +# AF22 0x50 +# AF23 0x58 +# +# CS5 CRITICAL 0xA0 +# EF 0xB8 +# +# CS6 INTERNETWORKCONTROL 0xC0 +# CS7 NETWORKCONTROL 0xE0 + +INTERACTIVE_FILTER_5="protocol ip prio 100 u32 match ip tos 0x10 0xff" +INTERACTIVE_FILTER_6="protocol ip prio 100 u32 match ip tos 0x18 0xff" +INTERACTIVE_FILTER_7="protocol ip prio 100 u32 match ip tos 0xa0 0xff" +INTERACTIVE_FILTER_8="protocol ip prio 100 u32 match ip tos 0xb8 0xff" + +# SSH +PRIVILEGED_FILTER_1="protocol ip prio 100 u32 match ip dport 22 0xffff" +PRIVILEGED_FILTER_2="protocol ip prio 100 u32 match ip sport 22 0xffff" + +# Remote Desktop +PRIVILEGED_FILTER_3="protocol ip prio 100 u32 match ip dport 3389 0xffff" +PRIVILEGED_FILTER_4="protocol ip prio 100 u32 match ip sport 3389 0xffff" + +# ESP +PRIVILEGED_FILTER_5="protocol ip prio 100 u32 match ip protocol 0x32 0xff" + +# AH +PRIVILEGED_FILTER_6="protocol ip prio 100 u32 match ip protocol 0x33 0xff" + +# PHB TOS HEX +# -------------------------- +# CS3 FLASH 0x60 +# AF31 0x68 +# AF32 0x70 +# AF33 0x78 +# +# CS4 FLASHOVERRIDE 0x80 +# AF41 0x88 +# AF42 0x90 +# AF43 0x98 + +PRIVILEGED_FILTER_7="protocol ip prio 100 u32 match ip tos 0x88 0xff" + +# IPSEC-NAT +PRIVILEGED_FILTER_8="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip dport 4500 0xffff" +PRIVILEGED_FILTER_9="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip sport 4500 0xffff" + + +# Example: Any traffic from/to 192.168.1.0/24 network will be classified as best-effort +# +### BESTEFFORT_FILTER_1="protocol ip prio 3 u32 match ip src 192.168.1.0/24" +### BESTEFFORT_FILTER_2="protocol ip prio 4 u32 match ip dst 192.168.1.0/24" + +# Example: Traffic Originated from router +# +###LAN_FILTER_1="protocol ip prio 10 u32 match ip src 192.168.1.10"
\ No newline at end of file |