[ previous ] [ next ] [ threads ]
 
 From:  Daniel Heise <daniel dot heise at dhml dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  traffic shaper problem / missunderstandig the traffic shaper
 Date:  Thu, 09 Feb 2006 09:53:18 +0100 
German speeking people look below this english post for a localized version!


Aim: P2P applications sholdn't disturb normal web surfing.

To accomplish this I've created the following pipes, queues and rules in the
m0n0wall traffic shaper:

Pipes:

    No. Bandwidth    Delay   PLR  QueueMask      Description      
    1   640 Kbit/s                total outboud
    2   4608 Kbit/s               total inbound

    I've heard that you shouldn't give in your providers data and use real
    measured data instead.

    But than the following problem occures:
    With the help of www.speedmeter.nl I've got the following values for my
    real up- and downstream:
    
    Upstream:   480 KByte = 3840 KBit
    Downstream: 62,5 KByte = 500 KBit
    
    While using this values for my pipes I couldn't reach my maximum up- and
    download speed anymore.
    If I use the providers values I reach my maximum speed again.
    
    
Queues:

    No. Pipe            Weight  Mask                     Description      
    1   total outboud   99      high priority outbound
    2   total outboud   1       low priority outbound
    3   total inbound   99      high priority inbound
    4   total inbound   1       low priority inbound


Rules:

    http, https, pop3, dns, icmp and small packets with a length of 0-80 
Byte
    were directed to the heigh weight queues all other packets should go 
to the
    low weight queues.

    If      Proto   Source            Destination       
Target                  Description
    WAN     *       LAN net           *                 high priority 
outbound  small packet outbound
    WAN     *       *                 LAN net           high priority 
inbound   small packet inbound
    WAN     *       LAN net           * Port:53(DNS)    high priority 
outbound  dns outbound
    WAN     *       * Port:53(DNS)    LAN net           high priority 
inbound   dns inbound
    WAN     ICMP    LAN net           *                 high priority 
outbound  icmp outbound
    WAN     ICMP    *                 LAN net           high priority 
inbound   icmp inbound
    WAN     TCP     LAN net           * Port:80(HTTP)   high priority 
outbound  http outbound
    WAN     TCP     * Port:80(HTTP)   LAN net           high priority 
inbound   http inbound
    WAN     TCP     LAN net           * Port:110(POP3)  high priority 
outbound  pop3 outbound
    WAN     TCP     * Port:110(POP3)  LAN net           high priority 
inbound   pop3 inbound  
    WAN     TCP     LAN net           * Port:443(HTTPS) high priority 
outbound  https outbound
    WAN     TCP     * Port:443(HTTPS) LAN net           high priority 
inbound   https inbound
    WAN     *       LAN net           *                 low priority 
outbound   catch all outbound
    WAN     *       *                 LAN net           low priority 
inbound    catch all inbound


Unfortunately my current ruleset seem to do not what I aimed for. While 
browsing
with a parallel startet P2P application, my page load times increase to 3-5
times of normal loading time.
I hope that somebody will see the mistake I've made in the above rules 
and help
me to catch the problem.

With kind regards
Daniel Heise


////////////////GERMAN 
VERSION////////////////////////////////////////////////


Ziel: P2P Programme sollen normales Websurfen nach Moeglichket nicht 
stoeren.

Zur erreichung des Ziels habe ich die folgenden Pipes, Queues und Rules im
m0n0wall Traffic Shaper erzeugt:

Pipes:

    No. Bandwidth    Delay   PLR  QueueMask      Description      
    1   640 Kbit/s                total outboud
    2   4608 Kbit/s               total inbound
    
    Ich habe schon mal gelesen, das hier nicht die vom Provider angegebenen
    Daten eingegeben werden sollen, sondern Werte die auch wirklich beim 
Down-
    und Uploaden erreicht werden koennen.
    
    Dabei ergibt sich das folgende Problem:
    Mit Hilfe von www.speedmeter.nl habe ich bei deaktiviertem Traffic 
Shaper
    meinen Durchsatz getestet und gemittel etwa die folgenden Werte 
erhalten:
    
    Upstream:   480 KByte = 3840 KBit
    Downstream: 62,5 KByte = 500 KBit
    
    Wenn ich diese Werte für die Groessen der Pipes verwende erreiche 
ich bei
    Up- und Downloads nicht mehr meine maximale Kapazitaet.
    Verwende ich die vom Provider genannten Werte, erreiche ich auch wieder
    meinen maximalen Up- und Downstream.


Queues:

    No. Pipe            Weight  Mask                     Description      
    1   total outboud   99      high priority outbound
    2   total outboud   1       low priority outbound
    3   total inbound   99      high priority inbound
    4   total inbound   1       low priority inbound


Rules:

    http, https, pop3, dns, icmp und kleine Packet mit einer Laenge von 
0-80
    Byte geht an in die hoch gewichtete Queues alles andere soll an die
    Queues mit niedrigem Gewicht gehen.

    If      Proto   Source            Destination       
Target                  Description
    WAN     *       LAN net           *                 high priority 
outbound  small packet outbound
    WAN     *       *                 LAN net           high priority 
inbound   small packet inbound
    WAN     *       LAN net           * Port:53(DNS)    high priority 
outbound  dns outbound
    WAN     *       * Port:53(DNS)    LAN net           high priority 
inbound   dns inbound
    WAN     ICMP    LAN net           *                 high priority 
outbound  icmp outbound
    WAN     ICMP    *                 LAN net           high priority 
inbound   icmp inbound
    WAN     TCP     LAN net           * Port:80(HTTP)   high priority 
outbound  http outbound
    WAN     TCP     * Port:80(HTTP)   LAN net           high priority 
inbound   http inbound
    WAN     TCP     LAN net           * Port:110(POP3)  high priority 
outbound  pop3 outbound
    WAN     TCP     * Port:110(POP3)  LAN net           high priority 
inbound   pop3 inbound  
    WAN     TCP     LAN net           * Port:443(HTTPS) high priority 
outbound  https outbound
    WAN     TCP     * Port:443(HTTPS) LAN net           high priority 
inbound   https inbound
    WAN     *       LAN net           *                 low priority 
outbound   catch all outbound
    WAN     *       *                 LAN net           low priority 
inbound    catch all inbound


Leider scheint mein Regelwerk nicht so zu funktionieren wie ich es mir 
wuensche.
Beim Browsen mit gleichzeitig laufendem P2P Programm nimmt die Ladezeit von
Websites um ca. das 3-5 -fache zu.
Erkennt jemand vielleicht den Fehler und kann mir bei der Behebung 
behilflich
sein?

Mit freundlichen Gruessen
Daniel Heise