January 12, 2009 at 11:00 pm #41397
Hello, there is a feature I’m trying to get configured, but I cannot figure out how to.
I’m trying to make a banded approach to bandwidth. For instance, I’d like the first 10Mb of a connection to have the fastest bandwidth and highest priority. Then, after 10Mb of a connection, I’d like the system to move that connection into a lower level where there is a rate-limit and/or a priority change. I’d like to configure about four bands. My reasoning is if someone is casually browsing web pages, they’d like the fastest speed, but if someone is downloading big files over http, they might not care about it taking a few more minutes to conserve the speeds.
I’ve tried where I have http traffic set as a L7 bucket, but when I create the connection limit, all of the traffic moved to the default class, and no http traffic hits the http bucket, even new connections.
Is there a way to do this with Zeroshell?
GJanuary 14, 2009 at 5:15 pm #47384
Check out my post on the same topic, helped out, and resolved by Fulvio.January 14, 2009 at 5:19 pm #47385
Work top down in the classifier. 30Mbs on top with class 4@128k, 20Mbs second down with class 2@256k, 10Mbs third down with class 3@512k, and so on, you get the idea. Remember to save, and add the classes needed to the interface, and activate the last changes if changing anything to the interface’s QoS.January 14, 2009 at 5:20 pm #47386
Thanks again for your help Fulvio.January 23, 2009 at 2:51 pm #47387
did that help at all grunties?May 4, 2009 at 4:16 pm #47388
I’m still having difficulties with it. I’ve installed a test ZS box bridged into a test server.
Here are my Class Managers:
Default, no limit
In the Classifier, this is what I’ve got now:
1 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 connbytes ! 5242880:4294967295 connbytes mode bytes connbytes direction both MARK set 0xa DEFAULT no
2 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 connbytes ! 4194304:4294967295 connbytes mode bytes connbytes direction both MARK set 0xd LIMIT03 no
3 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 connbytes ! 3145728:4294967295 connbytes mode bytes connbytes direction both MARK set 0xc LIMIT02 no
4 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 connbytes ! 2097152:4294967295 connbytes mode bytes connbytes direction both MARK set 0xb LIMIT01 no
I’ve tired reversing the order, but cannot seem to figure it out. Taking out the default class from the chain, etc.
What I’m trying to do is create a tiered approach where the default class has unlimited bandwidth <10MB, the Limit01 @1Mb/s from 10Mb to 20Mb, the Limit02 @500Kb/s from 20Mb to 30Mb, Limit03 @256Kb/s from 30Mb on. Ideally, that is what I'd like, but I've changed the limits in the classifier because I wanted to see quickly if it was working.
Another problem, I didn’t know if “Traffic per connection” should be “more” or “less” with respect to the connection. I’ve tried both settings and then reversing the order again to no avail.
Thanks for you help on this, it’s very beneficial!
RegardsMay 4, 2009 at 5:06 pm #47389
I made some basic classes, 768, 512, 256, 128, etc. The default group is left at medium, then the other ones, are a High class. Then the classifiers are lowest setting towards the top.
In my case I wanted 1meg (default class) for up to 5megs transferred, then knocked down to 768 after 5megs, then down to 512 after 10, then 256 after 15, and 128 after 20. On the classifier, classifier 1 would be the 128k limit, set to all defaults when it comes up, but changed the L7 filter to “HTTP – Hypertext Transfer Protocol – RFC 2616”, then the “more or less” option is set to “more”, and set to “more than 20MB” as well, then the “Target Class” is set to 128. Then click confirm at the top. This will set anything using the HTTP L7 filter, that is transferred to more than 20MB gets knocked down to 128kbits/sec.
Next, I made another classifier, 2, that is sequence 2, L7 set to HTTP again, more than 15MB, target class of 256. Now anything over 15MB goes down to 256k, and if continues and goes to 20MB or more, then goes down to 128k.
Next I made another classifier, sequence 3, L7 set to HTTP again, more than 10MB transferred using HTTP, goes into the 512kbits/sec class. So, anything up to 10MB gets the default group of 1Meg, then knocked down to 512 after 10megs transferred, then down to 256 after 15megs, then down to 128 after 20megs.
And continue as needed. You can also set to things to say, after all those and the ip gets down to 128k after 20megs, make another classifier, 4 this time, that states anything using HTTP, that is more than 50megs transferred, goes to the 768k class. This way the connection actually goes back up to max 768, after 50megs. A neat way of going back to speed, so the download doesn’t take FOREVER. Then you could make another that goes to 128k again after 80megs transferred, at sequence 5.
The parallel connection option is pretty nice too. For people on the lan that have p2p running, and you don’t want to block all together (in the firewall section drop/reject all L7 equivilant sigs, and/or use the ipp2p section, I used both, L7=23 total sigs, ipp2p uses 1, for all 5 ipp2p sigs, total of 24 firewall rules) you can limit the total number concurrent/parallel connections to say 5, in the firewall section though, not the QoS section. This way, whatever L7 you want to match it will get no more than 5 concurrent connections, if after, you can drop/reject, or go to another chain, etc.
Pretty awesome/powerful stuff, thanks Fulvio, and again for MRTG!May 4, 2009 at 5:10 pm #47390
Another thing, take out the default rule DEFAULT rule on the sequence list, and flip the order. Default is not needed, if my case it wasn’t. Yours is stating going from 1meg and down, it needs to go smallest to largest.
Another things, you can also do, less than, instead of more than. So, if a connection is less than 5megs transferred can go up to a higher class, then after “more than 5megs” gets a slower class. Things don’t necessarily have to go to the default class.May 4, 2009 at 5:13 pm #47391
Also make sure your classes are set to the correct eth interface. It will not be the lan side, but the wan side. Because it will be the wan’s upload to the lan’s download. The Qos can’t do download shaping, only upload, meaning the only way around that is to shape (apply the classes) to the wan interface, sending to the lan, being the lan’s download. And remember to save all and activate all last changes.May 4, 2009 at 5:32 pm #47392
I also have two eth interfaces bridged, ETH00 and ETH01. My box is an inline transparent bridge setup. ETH00 is the wan side, and ETH01 is the lan side. ETH01 (LAN) is the side that has the classes assigned to it on QoS-> Interface Manager.May 4, 2009 at 7:56 pm #47393
Thanks a bunch for that information. That cleared up my problem!
I do have a follow up question. I though “Traffic per connection” would allow each connection the limit that was set in the Classifier. It seems they was I just implemented will give all connections a total bandwidth that the Classifier specifies.
So, when connections hit the first limit, all connections in that limit share the rate limit, not each connection getting the full rate-limit.
Is that the behavior, or just how I set it up?
Regards.May 4, 2009 at 9:46 pm #47394
It appears that when a connection is made, in my case a download through the web, gets the connection limits. Then when another connection is made, say a speedtest, or another download, it is a new connection, thus getting a whole other separate set of limits.
You could set the overall bandwidth for the ETH01 (LAN) in my case, to 10megs. Then initiate 10 separate downloads, and each will knock down limit by limit, individually, from limit1, limit2, limit3, and so forth. That’s how it works on mine. Each download goes separately through its own tiers. makes sense, since it’s connection oriented. If one connection is held open for however long, then it will go into its limits accordingly, and does not effect other connections, each is stateful in its own. If I download something, it goes into it’s default BW at 10megs, then knocked back to 512k lets say, after 5megs of transfer. Now 9.5megs of BW are free and becomes the default. Initiate another download, it will default at 9.5megs BW, then after 5megs, goes into 512k. Now 9megs is the default, until one of the two goes into the next tier.
Like the old saying about HTB QoS, it’s like filling a bucket with water, and shooting wholes at it. I won’t go into detail about the bucket thing, you can google it. It’s basically emptying water out through a whole, the download, then how ever much water is emptied, the whole will go into the next limit, and get smaller. The water that should have been emptied, which is now cut in half lets say, gets put back into the bucket.May 5, 2009 at 3:32 pm #47395
Ahhh, so I’m getting something right, I just need to increase the limits for each class.
I just changed the rate limits on the classifiers, and that fixed the other problem, though I’ll try on the test install of changing the global bandwidth as you suggested.
RegardsMay 8, 2009 at 12:28 pm #47396
Have any luck?May 18, 2009 at 3:16 pm #47397
It works great! Thanks for all of your help!
You must be logged in to reply to this topic.