Matching by DSCP field for QOS and load balancing rules.

Forums Network Management ZeroShell Matching by DSCP field for QOS and load balancing rules.

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • March 23, 2009 at 2:45 pm #41568
    olivier1010
    Member

    Is it possible to match by DSCP field value for QOS and load balancing rules ?

    As it is possible with the linux filter, i suppose it is just a matter of modifying the GUI interface ?

    It is interesting for VOIP, with DSCP we do not have to worry about IP adresses or protocol to filter.

    For example when we access a phone web interface through a low bandwith VPN, the bandwith need to be managed finely and differently according to protocols.

    Using DSCP for Qos or Balancing means that we do not have to worry about protocol or source IP filtering, all the RTP and SIP traffic is automaticaly matched by the DSCP field.

    Today all VOIP softwares and hardware is supporting DSCP tagging.

    Olivier.

    March 24, 2009 at 8:03 am #47865
    ppalias
    Member

    Although I haven’t found a way to do it via the web interface QoS, manually entering it on the shell works.

    root@zeroshell root> iptables -t mangle -A FORWARD -p tcp --dport 12345 -j DSCP --set-dscp 1
    
root@zeroshell root> iptables -t mangle -L -v
    
Chain PREROUTING (policy ACCEPT 12M packets, 1040M bytes)
    
pkts bytes target     prot opt in     out     source               destination
    
[...]
    

    
Chain INPUT (policy ACCEPT 1198K packets, 92M bytes)
    
pkts bytes target     prot opt in     out     source               destination
    
[...]
    

    
Chain FORWARD (policy ACCEPT 11M packets, 948M bytes)
    
pkts bytes target     prot opt in     out     source               destination
    
[...]
    
0     0 DSCP       tcp  --  any    any     anywhere             anywhere            tcp dpt:italk DSCP set 0x01
    March 24, 2009 at 12:55 pm #47866
    olivier1010
    Member

    The problem with manipulating iptables manually is that if you don’t do it every day, you forget all syntax details and the process become very long.

    That’s why i think it is very important to keep the GUI interface working for most jobs.

    Zeroshell is really the smarter router i’ve ever seen, just a couple of details are missing to be able to use it for advanced work.

    The difference between zeroshell and other similar routers, is that when you do advanced things it does work. Other routers generally stop to work correctly as soon as you try to do multiwan, multilan, multi port forwarding, inbound load balancing and other things you can do reliabily on professional routers.

    Pfense version 2 alpha seems to have interesting possibilities, but the testing i’ve done on it a couple of days ago show that advanced functions are extremely buggy or not working at all. The road seems very long to get a stable version, if there is one one day.

    Pfsense version 1.2 is just not powerfull enough regarding routing possibilities in a multilan – multiwan setup. It does work with multiwan, but stop to work as soon as you try to add multilan at the same time.

    At opposite zeroshell seems efficient and stable, more usable in the real life, even if the Pfsense GUI is better in some aspects, specially in the OpenVPN area.

    May 21, 2009 at 3:18 pm #47867
    imported_fulvio
    Participant

    The new release of Zeroshell manages DSCP for differentiated services. It is possible either to match the DSCP bits or assign a DSCP value to a QoS class. In this way Zeroshell is able to alter the DSCP field of the traffic.

    Regards
    Fulvio

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.