Hi, QOS seems to have worked fine for me. However, Astaro places priority-based-discard on the egress(upload) side of the interface. You have to design your QOS setup around this. Here is my understanding so far, with suggestions.
The best place for prioritisation-based-discard is just after the packet filter has marked the traffic. The best and toughest way to discard-on-priority is to then check the ingress port and work out if your P2P traffic is overwhelming the Voip traffic. You then discard P2P based on ingress. Astaro does not do this. It checks the egress port instead. You can still do QOS but it requires wrapping a hot towel round your head and thinking hard.
Am building a couple of different lab setups to prove this function. Try the following and tell me how you get on.
Upload Bandwidth: 450K
Download Bandwidth: 180K
(do speed tests and monitor using Reporting -> Network)
(Internet to LAN) INTERNAL Upload QOS (egress)
450 (priority only) or 450:450:400:400 (reserve 50K of bandwidth)
(Lan to Internet) EXTERNAL Upload QOS (egress)
180 (priority only)or 180:180:130:130 (reserve 50K of bandwidth
Download QOS (ingress)for both INTERNAL and EXTERNAL
100000
Prioritisation on Discard only happens as the packet leaves (egress) the firewall. So received traffic prioritisation for Voip and P2P downloads should happen as those packets egress on the internal interface. So designing the rules to get what you want is tricky.
I suggest setting your ingress(download) discard threshold high. You do not want packet discard on ingress, as it discards packets from all types. So Voip traffic is hit. Leave the discarding to the egress QOS so lower priority traffic is dropped first.
I think you can only reserve bandwidth if you have Multiple lans. What I want to try next is this.
Upload
EXT: 180:50:130:130 (LAN+DMZ to Internet)
INT: 100000:450:100000:400 (Internet+DMZ to LAN)
DMZ: 100000:50:100000:130 (Internet+LAN to DMZ)
Download: all interfaces set to 100000
The questions I need to prove to go forward are:
1. Any packet filter rule (for say FTP) will mark packets travelling in both directions as Low, Medium or High - default being Medium.
2. Overload of the ingress port (download QOS) results in randomly selected packets being discarded regardless of whether they may be low(p2p), medium or high(voip) priority.
3. It is only on egress from the firewall (both internal or external interfaces) that the lower priority packets can be discarded in favour of higher priority packets.
4. The QOS policy must be designed to avoid packet discards on ingress(download) in favour of egress(upload) to protect high priority traffic.
5. The QOS setting 1024:512:128:128: sets maximum allowed bandwidths, i.e. it is not bandwidth reservation. So 1024:512:1024:128 would be valid....
6. Its right to enable/set QOS on all the physical ports.
Will keep you posted,
Adrien.
This thread was automatically locked due to age.
