aboutsummaryrefslogtreecommitdiffstats
path: root/main/iproute2-qos/qos.ifb0.sample
blob: 2f382b27f52f3d00a08008d4144fbc3b59888ded (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Device being configured
DEV=ifb0

# IFB device is used to mirror ingress traffic from $DEV (see INGRESS_ALG)
IFB_DEV= # Leave it blank if $DEV is ifbX

# Internet EGRESS/INGRES rates in kbit or mbit. Measure this on a free line to gain precise value
EGRESS_RATE=1000kbit	# 128kbit, 256kbit, 512kbit
INGRESS_RATE=1000kbit	# 256kbit, 512kbit, 1024kbit

# In order to control a queue at the router/bridge side we will downgrade a real link speed on purpose
RATE_SUB_PERCENT=5	# 20, 10

# Device physical speed in kbit or mbit.
DEV_RATE=50mbit

# EGRESS root Classfull Disciplins
#
#  htb:    if link is not congested or you want to control busrts of traffic; recommended for downstream.
#  hfsc:   if link is congested and you need to control guarantees of delay; recommended for upstream.
#		dmax = 50-100 [ms] = 50000-100000 [microsec]
#		umax = MIN (rate * (dmax / 1000), 1500) [b]
#  prio:   if rate is variable and you want to be sure that interactive traffic has ultimate priority
#  none:   if link is not congested 
#
EGRESS_ALG=htb

# EGRESS leaf Queuing Disciplines
#
#  pfifo:  real-time streams or IPSEC
#  sfq:    TCP sessions or best-effort class traffic
#  red:    hightly congested links or high-speed Internet [> 10Mbit/sec])
#
INTERACTIVE_LEAF_QDISC=pfifo
PRIVILEGED_LEAF_QDISC=pfifo
BESTEFFORT_LEAF_QDISC=red
LAN_LEAF_QDISC=sfq

# INGRESS treatment
#
#  police:  if link is constantly heavy congested set simple traffic policing
#  cpolice: if link is constantly heavy congested but you need certain dedicated rates then set classfull traffic policiing
#  ifb:	    shape INGRESS traffic as EGRESS of intermediate IFB device (aka imq)
#  none:    if INGRESS traffic already is being shaped or if IFB device is being configured
#
INGRESS_ALG=none

# Filter rules (see tc, tc-filters man pages). 
#  You may have multiple <CLASS-NAME>_FILTER_<n> items. 
#  Maximum 100 filter items are allowed for each class.
#  By default ALL unclassified traffic is being assined to Best-Effort class.

# UDP
INTERACTIVE_FILTER_1="protocol ip prio 100 u32 match ip protocol 0x11 0xff"

# ICMP
INTERACTIVE_FILTER_2="protocol ip prio 100 u32 match ip protocol 0x1 0xff"

# ACK with payload < 64 bytes (32-bit version)
INTERACTIVE_FILTER_3="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33"

# ACK with payload < 64 bytes
INTERACTIVE_FILTER_4="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x10 0xff at nexthdr+13 match u16 0x0000 0xffc0 at 2"

# PHB	TOS		HEX
# --------------------------
#			0x10
#			0x18
# CS1	PRIORITY	0x20
# AF11 			0x28
# AF12 			0x30
# AF13 			0x38
#
# CS2	IMMEDIATE	0x40
# AF21			0x48
# AF22			0x50
# AF23			0x58
#
# CS5	CRITICAL	0xA0
# EF			0xB8
#
# CS6 INTERNETWORKCONTROL 0xC0
# CS7 NETWORKCONTROL	0xE0 

INTERACTIVE_FILTER_5="protocol ip prio 100 u32 match ip tos 0x10 0xff"
INTERACTIVE_FILTER_6="protocol ip prio 100 u32 match ip tos 0x18 0xff"
INTERACTIVE_FILTER_7="protocol ip prio 100 u32 match ip tos 0xa0 0xff"
INTERACTIVE_FILTER_8="protocol ip prio 100 u32 match ip tos 0xb8 0xff"


# SSH
PRIVILEGED_FILTER_1="protocol ip prio 100 u32 match ip dport 22 0xffff"
PRIVILEGED_FILTER_2="protocol ip prio 100 u32 match ip sport 22 0xffff"

# Remote Desktop
PRIVILEGED_FILTER_3="protocol ip prio 100 u32 match ip dport 3389 0xffff"
PRIVILEGED_FILTER_4="protocol ip prio 100 u32 match ip sport 3389 0xffff"

# ESP
PRIVILEGED_FILTER_5="protocol ip prio 100 u32 match ip protocol 0x32 0xff"

# AH
PRIVILEGED_FILTER_6="protocol ip prio 100 u32 match ip protocol 0x33 0xff"

# PHB	TOS		HEX
# --------------------------
# CS3	FLASH		0x60
# AF31			0x68
# AF32			0x70
# AF33			0x78
#
# CS4	FLASHOVERRIDE 	0x80
# AF41			0x88
# AF42			0x90
# AF43			0x98

PRIVILEGED_FILTER_7="protocol ip prio 100 u32 match ip tos 0x88 0xff"

# IPSEC-NAT
PRIVILEGED_FILTER_8="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip dport 4500 0xffff"
PRIVILEGED_FILTER_9="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip sport 4500 0xffff"


# Example: Any traffic from/to 192.168.1.0/24 network will be classified as best-effort
#
### BESTEFFORT_FILTER_1="protocol ip prio 3 u32 match ip src 192.168.1.0/24"
### BESTEFFORT_FILTER_2="protocol ip prio 4 u32 match ip dst 192.168.1.0/24"

# Example: Traffic Originated from router
#
###LAN_FILTER_1="protocol ip prio 10 u32 match ip src 192.168.1.10"