Shaping & QoS with 2 subnets

Home Page Forums Network Management ZeroShell Shaping & QoS with 2 subnets

This topic contains 2 replies, has 0 voices, and was last updated by  Aileron 11 years, 2 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41096

    Aileron
    Member

    Hi!

    I have two subnets – 192.168.2.0/24 (LAN1) and 192.168.4.0/24 (LAN2), each connected to a separate interface on the zeroshell box which has an 8 mbit wan interface as well, so three interfaces in total.

    I would like to achieve the following: LAN1 generally has higher priority and about 7mbit should always be available to LAN1 when needed. At that time, LAN2 bandwidth needs to be reduced to about 1mbit. When LAN1 is idle, LAN2 may use up to 4 mbit. Bandwidth values are only approximate and of course only apply to downstream bandwidth. There is a similar bandwidth distribution for upstream traffic.

    The first problem that became obvious is the fact that i only can shape outgoing traffic on each interface. But as the two LAN interfaces depend on each other as described above, that somehow becomes difficult. I’m not sure how to solve that, maybe by using virtual interfaces, i do not know. If anyone had a solution, please let me know!

    Edit:
    In a test setup I have done the following: I have used only one single interface and assigned two ip adresses to it – one for LAN1 and one for LAN2. As shaping works on a per-interface basis, shaping works exactly the way i wanted. Unfortunately, several problems arise from that configuration. Users in LAN2 can easily switch to LAN1 by just changing their IP address. To prevent that, I could put a standalone NAT router between LAN2 and the zeroshell-box. If I do that, the captive portal, that I also intend to use, would not work any more as zeroshell cannot see the clients ip addresses anymore. Apart from that I want the captive portal only to be used for LAN2 – but as the captive portal works on interfaces, not on IP ranges, that seems to be another problem.

    Therefore, I’m still looking for a way to do traffic shaping the way I described above.

    #46662

    Aileron
    Member

    Theoretically I have solved the problem. Captive portal works on the bridged interface ETH02. The major problem is that the whole configuration is extremely unstable. First I thought the machine ran out of memory but i could rule that out after I had installed another 128 megs of RAM.

    System: 466MHz CPU, 384 MB RAM, 1GB CF Sandisk Ultra II, 3 Ethernet cards

    Configuration:
    – Subnets 192.168.0.0/24 and 192.168.10.0/24 on ETH1 and ETH2 bridged
    – Created QoS classes to shape inbound and outbound traffic on both interfaces. All rules affect forwarding between BRIDGE00 and ETH00 or vice versa.
    – Bound the QoS rules to traffic to/from particular IP ranges in the classifier
    – Added the classes for outbound traffic to eth0, for inbound traffic to the bridge
    – Added some firewall rules allowing only particular protocols from the 192.168.10.0/24 subnet, dropping all others.
    – Enabled Captive portal on bridged interface ETH02
    – Enabled DHCP

    Symptoms: This configuration runs fine for some minutes. But then performance drops significantly. Authorization via the Captive Portal works only one or two times, then no more connection to the ZeroBox can be established.

    As I mentioned before, i first blamed the lack of memory for that but after upgrading to 384mb the problem still remained. more than 128 mb of ram were always free.

    If somebody has an idea of what could be wrong here please let me know.

    #46663

    imported_fulvio
    Participant

    What release are you using? you should use the 1.0.beta10 because it improves the captive portal’s stability in presence of virus/worm in your LAN.

    Regards
    Fulvio

    #46664

    Aileron
    Member

    @fulvio wrote:

    What release are you using? you should use the 1.0.beta10 because it improves the captive portal’s stability in presence of virus/worm in your LAN.

    That is exactly the version I am using. There are no viruses nor worms as this behaviour does not depend on the OS on the clients: It is the same when using Linux on all the clients. (As zeroshell does not work reliably yet there is only one machine connected to each subnet for testing purposes.)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.