---------- Forwarded message ----------
From: Ivan Blanco <ivanwhite at gmail dot com>
Date: Jul 5, 2005 8:26 AM
Subject: Bridging shaper
To: m0n0wall at lists dot m0n0 dot ch
Technically, m0n0 can do what you need. You will need three interfaces,=20
WAN, LAN, and OPT1, and bridge the WAN and OPT1 together. To allow=20
everything to pass, just create your own rule that allows anything to=20
pass - no problem. Take note that when configuring shaping on a bridge=20
in m0n0wall, you can only shape the inbound traffic on each interface.
m0n0wall uses FreeBSD's dummynet and ipfw for shaping, and it works=20
really well. I took a m0n0wall, and set it up as a shaping bridge, and=20
took it to one of my sites where I had many users beating the heck out=20
of a 2xT1 link. Essentially, I classified traffic into 4 queues:
VoIP Test traffic
Traffic destined for main office (VPN, etc.)
I placed the m0n0wall between the Cisco router and the core switch. =20
There was an immediate improvement in VPN responsiveness and my network=20
monitor (located at the main office) went from having some ping times of=20
more than 1000ms to all less than 150ms. SSH sessions from the main=20
office showed a huge improvement. I thought everything was good to go=20
until we started running VoIP tests. I couldn't get much improvement on=20
the MOS scores. I even set up a dedicated 400kbit pipe for VoIP to use,=20
and that helped a little, but not enough.
My hunch is that the problem is due to either the WFQ scheduler, UDP=20
VoIP not having a backoff algorithm, or the fact that I can only shape=20
on inbound packets (or a combo of all 3). I am going to setup an=20
OpenBSD box using pf and ALTQ to see if I can get better results. If I=20
hadn't had a VoIP requirement, that box would have become a permanent=20
Anyways, to answer your question, m0n0wall should be able to do what you=20
want, and do it well -- especially if your critical interactive traffic=20
is TCP based. I recommend you set it up, configure bridging, then turn=20
on the Magic Shaper Wizard to get you started. If you want, I can send=20
you the config.xml from the site I mentioned above.
>I don't understand mailing lists, If I'm doing this wrong feel free to
>Someone suggested I explore monowall for a need I have. After reading and
>trying for a while I'd like to make sure m0n0wall will eventually do what I
>want before investing too much more time
>I want a transparent bridge that passes all traffic. Within the bridge I
>want to identify "bulk" traffic streams and lower their priority so they
>don't hinder interactive streams. However, when interactive loads are
>light, I want bulk traffic to get all the leftover bandwidth. To be
>effective it needs to *quickly* (~ 1 second) throttle bulk connections when
>interactive connections show up. Otherwise users will feel the system being
>sluggish. Ideally I'd carve out a small protected minimum amount of
>bandwidth so the connections don't die outright when the system has heavy
>There is a documentation topic I found:
>"Configure a filtered bridge"
>which sorta suggests it might work. Issues I see are: =20
>1) My WRAP board has 3 Ethernet jacks, but m0n0wall only shows LAN and WAN
>on the GUI. Could this be done with a 2 port board, or is there a way to
>get monowall to see the 3rd port?
>2) The filter rules shown seem to assume everything not allowed is blocked=
>I want everything to pass, albeit some things slowly.
>3) Does m0n0wall have a way to detect "bulk" traffic? Possible approaches
>are connections that have moved more than X bytes, or connections that hav=
>averaged > Xbps over the last Y seconds. Possibly others?
>Am I on a rabbit trail, or can m0n0wall help me?
Justin i have the same inconvinient that corky has it will be posible
you send me the config.xml form the site you metioned.
i will apreciate.