[ previous ] [ next ] [ threads ]
 
 From:  Ivan Blanco <ivanwhite at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Fwd: Bridging shaper
 Date:  Sat, 16 Jul 2005 12:03:54 -0500
---------- Forwarded message ----------
From: Ivan Blanco <ivanwhite at gmail dot com>
Date: Jul 5, 2005 8:26 AM
Subject: Bridging shaper
To: m0n0wall at lists dot m0n0 dot ch


Corky,

Technically, m0n0 can do what you need.  You will need three interfaces,=20
WAN, LAN, and OPT1, and bridge the WAN and OPT1 together.  To allow=20
everything to pass, just create your own rule that allows anything to=20
pass - no problem.  Take note that when configuring shaping on a bridge=20
in m0n0wall, you can only shape the inbound traffic on each interface.

m0n0wall uses FreeBSD's dummynet and ipfw for shaping, and it works=20
really well.  I took a m0n0wall, and set it up as a shaping bridge, and=20
took it to one of my sites where I had many users beating the heck out=20
of a 2xT1 link.  Essentially, I classified traffic into 4 queues:

VoIP Test traffic
Traffic destined for main office (VPN, etc.)
Bulk Traffic
P2P Traffic

I placed the m0n0wall between the Cisco router and the core switch. =20
There was an immediate improvement in VPN responsiveness and my network=20
monitor (located at the main office) went from having some ping times of=20
more than 1000ms to all less than 150ms.  SSH sessions from the main=20
office showed a huge improvement.  I thought everything was good to go=20
until we started running VoIP tests.  I couldn't get much improvement on=20
the MOS scores.  I even set up a dedicated 400kbit pipe for VoIP to use,=20
and that helped a little, but not enough.

My hunch is that the problem is due to either the WFQ scheduler, UDP=20
VoIP not having a backoff algorithm, or the fact that I can only shape=20
on inbound packets (or a combo of all 3).  I am going to setup an=20
OpenBSD box using pf and ALTQ to see if I can get better results.  If I=20
hadn't had a VoIP requirement, that box would have become a permanent=20
fixture there.

Anyways, to answer your question, m0n0wall should be able to do what you=20
want, and do it well -- especially if your critical interactive traffic=20
is TCP based.  I recommend you set it up, configure bridging, then turn=20
on the Magic Shaper Wizard to get you started.  If you want, I can send=20
you the config.xml from the site I mentioned above.

Justin


biz2 wrote:

>I don't understand mailing lists, If I'm doing this wrong feel free to
>correct.
>
>Someone suggested I explore monowall for a need I have.  After reading and
>trying for a while I'd like to make sure m0n0wall will eventually do what I
>want before investing too much more time
>
>I want a transparent bridge that passes all traffic.  Within the bridge I
>want to identify "bulk" traffic streams and lower their priority so they
>don't hinder interactive streams.  However, when interactive loads are
>light, I want bulk traffic to get all the leftover bandwidth.  To be
>effective it needs to *quickly* (~ 1 second) throttle bulk connections when
>interactive connections show up.  Otherwise users will feel the system being
>sluggish.  Ideally I'd carve out a small protected minimum amount of
>bandwidth so the connections don't die outright when the system has heavy
>interactive loads.
>
>There is a documentation topic I found:
>
>"Configure a filtered bridge"
>http://m0n0.ch/wall/docbook-current/examples-filtered-bridge.html
>
>which sorta suggests it might work.  Issues I see are: =20
>
>1) My WRAP board has 3 Ethernet jacks, but m0n0wall only shows LAN and WAN
>on the GUI.  Could this be done with a 2 port board, or is there a way to
>get monowall to see the 3rd port?
>2) The filter rules shown seem to assume everything not allowed is blocked=
.
>I want everything to pass, albeit some things slowly.
>3) Does m0n0wall have a way to detect "bulk" traffic?  Possible approaches
>are connections that have moved more than X bytes, or connections that hav=
e
>averaged > Xbps over the last Y seconds.  Possibly others?
>
>Am I on a rabbit trail, or can m0n0wall help me?
>
>Corky
>www.pvco.net
>
>
>


Hi everybody

Justin i have the same inconvinient that corky has it will be posible
you send me the config.xml form the site you metioned.

i will apreciate.