|
||||||||
---------- Forwarded message ---------- From: Ivan Blanco <ivanwhite at gmail dot com> Date: Jul 5, 2005 8:26 AM Subject: Bridging shaper To: m0n0wall at lists dot m0n0 dot ch Corky, Technically, m0n0 can do what you need. You will need three interfaces,=20 WAN, LAN, and OPT1, and bridge the WAN and OPT1 together. To allow=20 everything to pass, just create your own rule that allows anything to=20 pass - no problem. Take note that when configuring shaping on a bridge=20 in m0n0wall, you can only shape the inbound traffic on each interface. m0n0wall uses FreeBSD's dummynet and ipfw for shaping, and it works=20 really well. I took a m0n0wall, and set it up as a shaping bridge, and=20 took it to one of my sites where I had many users beating the heck out=20 of a 2xT1 link. Essentially, I classified traffic into 4 queues: VoIP Test traffic Traffic destined for main office (VPN, etc.) Bulk Traffic P2P Traffic I placed the m0n0wall between the Cisco router and the core switch. =20 There was an immediate improvement in VPN responsiveness and my network=20 monitor (located at the main office) went from having some ping times of=20 more than 1000ms to all less than 150ms. SSH sessions from the main=20 office showed a huge improvement. I thought everything was good to go=20 until we started running VoIP tests. I couldn't get much improvement on=20 the MOS scores. I even set up a dedicated 400kbit pipe for VoIP to use,=20 and that helped a little, but not enough. My hunch is that the problem is due to either the WFQ scheduler, UDP=20 VoIP not having a backoff algorithm, or the fact that I can only shape=20 on inbound packets (or a combo of all 3). I am going to setup an=20 OpenBSD box using pf and ALTQ to see if I can get better results. If I=20 hadn't had a VoIP requirement, that box would have become a permanent=20 fixture there. Anyways, to answer your question, m0n0wall should be able to do what you=20 want, and do it well -- especially if your critical interactive traffic=20 is TCP based. I recommend you set it up, configure bridging, then turn=20 on the Magic Shaper Wizard to get you started. If you want, I can send=20 you the config.xml from the site I mentioned above. Justin biz2 wrote: >I don't understand mailing lists, If I'm doing this wrong feel free to >correct. > >Someone suggested I explore monowall for a need I have. After reading and >trying for a while I'd like to make sure m0n0wall will eventually do what I >want before investing too much more time > >I want a transparent bridge that passes all traffic. Within the bridge I >want to identify "bulk" traffic streams and lower their priority so they >don't hinder interactive streams. However, when interactive loads are >light, I want bulk traffic to get all the leftover bandwidth. To be >effective it needs to *quickly* (~ 1 second) throttle bulk connections when >interactive connections show up. Otherwise users will feel the system being >sluggish. Ideally I'd carve out a small protected minimum amount of >bandwidth so the connections don't die outright when the system has heavy >interactive loads. > >There is a documentation topic I found: > >"Configure a filtered bridge" >http://m0n0.ch/wall/docbook-current/examples-filtered-bridge.html > >which sorta suggests it might work. Issues I see are: =20 > >1) My WRAP board has 3 Ethernet jacks, but m0n0wall only shows LAN and WAN >on the GUI. Could this be done with a 2 port board, or is there a way to >get monowall to see the 3rd port? >2) The filter rules shown seem to assume everything not allowed is blocked= . >I want everything to pass, albeit some things slowly. >3) Does m0n0wall have a way to detect "bulk" traffic? Possible approaches >are connections that have moved more than X bytes, or connections that hav= e >averaged > Xbps over the last Y seconds. Possibly others? > >Am I on a rabbit trail, or can m0n0wall help me? > >Corky >www.pvco.net > > > Hi everybody Justin i have the same inconvinient that corky has it will be posible you send me the config.xml form the site you metioned. i will apreciate. |