QoS: Classifier works but not assign to proper target Class

Home Page Forums Network Management ZeroShell QoS: Classifier works but not assign to proper target Class

This topic contains 3 replies, has 0 voices, and was last updated by  ingeniado 10 years, 11 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #40938

    ingeniado
    Member

    Hello,

    I’ve a bridged Zeroshell box for QoS-ing and it works fine with 80 users.
    Now I want to limit http massive downloads (megaupload, rapidshare,..).
    I know the source IP range.
    I created some rules in QoS to get download traffic classified it in a CLASS named “DESCARGAS”.
    These are my rules:


    1 * * MARK all opt -- in * out * 62.67.46.0/24 -> 0.0.0.0/0 MARK set 0x17 DESCARGAS no
    2 * * MARK all opt -- in * out * 64.72.115.0/24 -> 0.0.0.0/0 MARK set 0x17 DESCARGAS no
    3 * * MARK all opt -- in * out * 85.17.190.0/24 -> 0.0.0.0/0 MARK set 0x17 DESCARGAS no
    4 * * MARK all opt -- in * out * 87.255.33.0/24 -> 0.0.0.0/0 MARK set 0x17 DESCARGAS no
    5 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 --kazaa --gnu --edk --dc --bit MARK set 0x12 P2P no
    6 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto ares MARK set 0x12 P2P no
    7 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto bittorrent MARK set 0x12 P2P no
    8 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0x12 P2P no
    9 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto gnutella MARK set 0x12 P2P no
    10 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto fasttrack MARK set 0x12 P2P no
    11 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto http-dap MARK set 0x12 P2P no
    12 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto http MARK set 0x13 PRIO no
    13 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto ssl MARK set 0x13 PRIO no
    14 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto httpvideo MARK set 0x13 PRIO no
    15 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto msnmessenger MARK set 0x13 PRIO no
    16 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto skypetoskype MARK set 0x13 PRIO no
    17 * * MARK tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:1442 MARK set 0x13 PRIO no
    18 * * MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto rdp MARK set 0x13 PRIO no

    and these are the classes assignation:

    ETH00


    DEFAULT Default class for unclassified traffic Medium
    DESCARGAS TRAFICO DE DESCARGA (MEGAUPLOAD...) Low 500Kbit/s
    P2P PROGRAMAS P2P Low 990Kbit/s
    PRIO SERVICIOS HABITUALES (HTTP, ...) High 3700Kbit/s

    ETH01


    DEFAULT Default class for unclassified traffic Medium
    DESCARGAS TRAFICO DE DESCARGA (MEGAUPLOAD...) Low 100Kbit/s
    P2P PROGRAMAS P2P Low 140Kbit/s
    PRIO SERVICIOS HABITUALES (HTTP, ...) High 720Kbit/s

    The rules work fine:


    Chain FORWARD (policy ACCEPT 1393K packets, 584M bytes)
    pkts bytes target prot opt in out source destination
    0 0 MARK all -- * * 62.67.46.0/24 0.0.0.0/0 MARK set 0x17
    481 719K MARK all -- * * 64.72.115.0/24 0.0.0.0/0 MARK set 0x17

    but.. it gets this traffic classified in DEFAULT class, not in “DESCARGAS” class:


    Interface/Class Priority Maximum Guaranteed Traffic Sent (bytes) Rate
    ETH00 -- 7000Kbit/s 5000Kbit/s 93766815 1364Kbit
    DEFAULT Medium -- -- 58552646 804392bit
    DESCARGAS Low 500Kbit/s -- 0 0bit
    P2P Low 990Kbit/s -- 20527720 236360bit
    PRIO High -- 3700Kbit/s 14700936 284408bit

    ETH01 -- 970Kbit/s 800Kbit/s 295317546 748624bit
    DEFAULT Medium -- -- 235522122 601576bit
    DESCARGAS Low 100Kbit/s -- 0 0bit
    P2P Low 140Kbit/s -- 55929378 127640bit
    PRIO High -- 720Kbit/s 6920653 16952bit

    Any idea?

    thanks.
    Michael

    #46207

    ingeniado
    Member

    I’ve solved the problem.
    I’ve put the rules of class “DESCARGAS” in the bottom of them and now that traffic is assigned ok to that class. 😯

    Strange behaviour, isn’t it? 😕

    Regards.
    Michael

    #46208

    aeronet
    Member

    Amigo, Buen dia. Veo que estas bien ducho con Zeroshell. Yo lo tengo funcionando como router desde hace unos 6 meses, con unos 45 clientes, pero no se como controlar las descargas de P2P y otros como Ares, E-Mule, etc. Crees que me podrias ayudar a configurar el ZS para controlar esas descargas? Te estare muy agradecido.
    MS.

    #46209

    ingeniado
    Member

    Hello MS,

    I reply in english because this an english forum (i prefer in spanish but..), and I reply to you using the forum and no private way because we must contribute to knowledge of the comunity.

    Shapping P2P is not effective at 100% (in general, not in Zeroshell), you can shape some P2P (emule,..) and only block other (ares). Furthermore, Zeroshell (or Linux kernel, I don’t know) has some strange behaviour, as you can see in my previous post.

    I’ve it in a bridged Zeroshell box, but you can do it in a routed box.

    1.- First you have to create the classes (QoS->Class manager): One for prioritary traffic (with High priority), one for P2P (Low priority). This would be enough for a minimal configuration.
    2.- Now you must define the global bandwith of the interfaces (two, I suposse) in QoS->Interface manager.
    3.- Now you must define the rules in QoS->Classifier. Theoretically, lower rule is prioritary to higher rule, but most likely you will have to reorder them to get more effectiveness.
    You must create rules to get prio traffic matched. Example: one rule with Layer 7 filter and HTTP protocol and other rule with SSL protocol. You must specify the target class in the rules.
    You must create rules to get P2P traffic matched. Example: one rule with ipp2p match (peer-to-peer), other with Layer 7 and bittorrent protocol, and so.

    4.- Now you must assign the classes to the interfaces. The two classes to each interfaces, and most likely change the parameter (local parameter) of the class, if you have different values in upstream and downstream.

    Other question is that traffic not matched is collected in the “DEFAULT” class.
    I think this is enough.

    And keep in mind that if you make changes in classifier you must reset QoS (I normally reboot, to get sure)

    regards.
    Michael

    #46210

    aeronet
    Member

    Thanks a lot ¡¡¡¡¡. I´ll follow your directions and will see how it works. i´m not very familiar with this about classes, but I am trying. Any thing I get stock with, I´ll get to you again.
    Miguel S.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.