[ previous ] [ next ] [ threads ]
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Advanced traffic shaping
 Date:  Sun, 16 May 2004 20:57:57 +0200
Hello list,


I've been playing around with the traffic shaper and noticed that it is a
really useful feature. As it is now I'm using rules that give high weight to
outgoing SYN packets and all kinds of DNS queries, as well as outgoing ACK
packets (I have ADSL). These rules combined give very smooth web browsing
even if a user on the LAN is doing some heavy downloading.

The problems arise when a user is running an application that uses a high
number om simultaneous TCP connections (i.e. BitTorrent). Since the NAT
rules distribute bandwidth on a per-connection (as opposed to per-computer)
basis, this gives the unwanted effect that this user will occupy almost all
outgoing bandwidth available with the enormous amount of prioritized
ACK-packets BitTorrent generates.


A solution to this would be to have multiple pipes/queues into which the
packets are re-injected, after passing the initial prioritizing (based on
individual packet content), and using source-based pipes in the "second
round" to distribute available bandwidth evenly amongst the clients. This
seems to be possible, but does this method have any unexpected side effects?
Will it be possible to re-inject the packets into new queues even three or
four times without creating heavy delays or similar? I haven't been able to
set up a realistic test, and I really don't have any idea how much CPU time
in the m0n0wall the shaper needs.


Thanks in advance,


Thomas Hertz