[ previous ] [ next ] [ threads ]
 
 From:  "biz2" <biz2 at peavys dot net>
 To:  "'Justin Ellison'" <justin at techadvise dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Bridging shaper
 Date:  Mon, 4 Jul 2005 18:53:09 -0500 
Hi Justin,

I run a WISP and wanted to use this in that environment.  Your comments
about VOIP are sobering.  I have quite a few voip users.  I suspect however
from what you are saying it would not make matters any worse for them.
Anything I use has to be pretty benign, because of the wide diversity of
uses people make of the system.

I'd really appreciate your config file, thanks for the offer!

What hardware did you use?  I'm puzzled why m0n0wall did not see all 3
ethernet ports on my WRAP board, especially since it seems to be one of the
targeted hardware platforms.

I gather that m0n0wall is lousy at identifying p2p since it does not do
advanced packet inspection and connection following.  For that I plan to
just keep a Mikrotik box in the line and not try and force m0n0wall to work
outside it's area of strength.

Corky



 

-----Original Message-----
From: Justin Ellison [mailto:justin at techadvise dot com] 
Sent: Friday, July 01, 2005 1:50 PM
To: biz2
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Bridging shaper

Corky,

Technically, m0n0 can do what you need.  You will need three interfaces, 
WAN, LAN, and OPT1, and bridge the WAN and OPT1 together.  To allow 
everything to pass, just create your own rule that allows anything to 
pass - no problem.  Take note that when configuring shaping on a bridge 
in m0n0wall, you can only shape the inbound traffic on each interface.

m0n0wall uses FreeBSD's dummynet and ipfw for shaping, and it works 
really well.  I took a m0n0wall, and set it up as a shaping bridge, and 
took it to one of my sites where I had many users beating the heck out 
of a 2xT1 link.  Essentially, I classified traffic into 4 queues:

VoIP Test traffic
Traffic destined for main office (VPN, etc.)
Bulk Traffic
P2P Traffic

I placed the m0n0wall between the Cisco router and the core switch.  
There was an immediate improvement in VPN responsiveness and my network 
monitor (located at the main office) went from having some ping times of 
more than 1000ms to all less than 150ms.  SSH sessions from the main 
office showed a huge improvement.  I thought everything was good to go 
until we started running VoIP tests.  I couldn't get much improvement on 
the MOS scores.  I even set up a dedicated 400kbit pipe for VoIP to use, 
and that helped a little, but not enough.

My hunch is that the problem is due to either the WFQ scheduler, UDP 
VoIP not having a backoff algorithm, or the fact that I can only shape 
on inbound packets (or a combo of all 3).  I am going to setup an 
OpenBSD box using pf and ALTQ to see if I can get better results.  If I 
hadn't had a VoIP requirement, that box would have become a permanent 
fixture there.

Anyways, to answer your question, m0n0wall should be able to do what you 
want, and do it well -- especially if your critical interactive traffic 
is TCP based.  I recommend you set it up, configure bridging, then turn 
on the Magic Shaper Wizard to get you started.  If you want, I can send 
you the config.xml from the site I mentioned above.

Justin


biz2 wrote:

>I don't understand mailing lists, If I'm doing this wrong feel free to
>correct.
> 
>Someone suggested I explore monowall for a need I have.  After reading and
>trying for a while I'd like to make sure m0n0wall will eventually do what I
>want before investing too much more time --
> 
>I want a transparent bridge that passes all traffic.  Within the bridge I
>want to identify "bulk" traffic streams and lower their priority so they
>don't hinder interactive streams.  However, when interactive loads are
>light, I want bulk traffic to get all the leftover bandwidth.  To be
>effective it needs to *quickly* (~ 1 second) throttle bulk connections when
>interactive connections show up.  Otherwise users will feel the system
being
>sluggish.  Ideally I'd carve out a small protected minimum amount of
>bandwidth so the connections don't die outright when the system has heavy
>interactive loads.
> 
>There is a documentation topic I found: 
> 
>"Configure a filtered bridge"
>http://m0n0.ch/wall/docbook-current/examples-filtered-bridge.html
> 
>which sorta suggests it might work.  Issues I see are:  
> 
>1) My WRAP board has 3 Ethernet jacks, but m0n0wall only shows LAN and WAN
>on the GUI.  Could this be done with a 2 port board, or is there a way to
>get monowall to see the 3rd port?
>2) The filter rules shown seem to assume everything not allowed is blocked.
>I want everything to pass, albeit some things slowly.
>3) Does m0n0wall have a way to detect "bulk" traffic?  Possible approaches
>are connections that have moved more than X bytes, or connections that have
>averaged > Xbps over the last Y seconds.  Possibly others?
> 
>Am I on a rabbit trail, or can m0n0wall help me?
> 
>Corky
>www.pvco.net
> 
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch