[Firehol-support] FireQOS, bittorrent and VOIP

Tsaousis, Costa costa at tsaousis.gr
Thu Mar 26 20:15:06 CET 2015 

Hi Iaan,

Never be afraid that your questions might be stupid. You always have
the right to ask, no matter what.

Please always use the mailing list. What I am writing to you will be
helpful to other people too. If we don't post this on the list, we'll
have to support each of the firehol/fireqos users personally. We
can't! So, please always use the list.

To fix the issue you have, please follow this procedure:

1. Make sure everything is classified correctly. Test it. Open your
torrent client and monitor the traffic. Does it go the right class?
Make a voip call too. Is the voip traffic going to your voip class?

2. Once you have classification working, remove all the 'max'
parameters you have on your config from all classes. Leave only the
'commit'.

3. Lower the speed of the interface download and upload speeds to half
of what you think your speeds are. Does it now work as expected? The
voice quality should be perfect no matter what the torrents are doing.

4. Increase the speeds of the interface until torrents are affecting
the voip quality. This is the max speed you can have for crystal clear
voip.

Why this is required?

Torrents use UDP. If you have configured your torrents client(s) to
accept or initiate too many connections and you are downloading
something very popular, a lot of UDP packets are sent to you. UDP is a
nasty thing. There is no way to control what the other end is sending,
so a large number of UDP senders will always fill the queues of the
last router at your provider.

To increase the speed of the interface above this point, you will have
to lower the number of connections your torrent clients handles.

I, for example, have configured the deluge torrent client I use to use
up to 50 the semi-open connections, and allow up to 20 uploads. Under
this setup, I can configure fireqos up to 85% the download speed and
90% of the upload reported by my adsl modem, without any voip quality
issues.

You have to experiment. Lower the speed to 50% try it. It should work.
Increase the speed to find the max acceptable point.

Costa


On Thu, Mar 26, 2015 at 2:20 PM, Iaan Louw <iaan at vexen.co.za> wrote:
> Hi Costa,
>
> Sorry to mail you directly - but I'm afraid I might ask a stupid question on
> the mailing list.
>
> I am using Ubuntu 12.04 on my network.  Pluged into this on Eth1 is my
> public network, a 10MB (okay 8Mb ADSL modem) with fixed IP.
>
> I am using Firehol to do all my routing and firewalling for me, and fireqos
> to do my quality of service.
>
> We also have a bittorrent machine running on the network.   I have noticed
> that if I make the amount of connections a little too hight on the
> bittorrent machine, that the VOIP quality is bad, no matter how I try to
> shape the network.     I have tried a lot of stuff, and read up on all the
> manuals, but in my opinion fireqos should give me crystal clear voice
> irregardless of what the bittorrent client(s) are doing?
>
> Please let me know if there is something in my config I should change to
> better the situation....   ( I have also uplgraded my conntrack_max since I
> thought I might have been running out of connections - no change)
>
>
> Anyhelp/pointers are greatly appreciated.
>
> Iaan.
>
>
>
> ifconfig:
> eth0      Link encap:Ethernet  HWaddr 00:22:4d:7b:ca:e9
>           inet addr:10.3.0.236  Bcast:10.3.0.255 Mask:255.255.255.0
>           inet6 addr: fe80::222:4dff:fe7b:cae9/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
>           RX packets:1174227 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2004082 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:194270546 (194.2 MB)  TX bytes:2351474267 (2.3 GB)
>           Interrupt:20 Memory:fe600000-fe620000
>
> eth1      Link encap:Ethernet  HWaddr 00:0a:5e:1b:23:2d
>           inet addr:196.41.106.82  Bcast:196.41.106.83 Mask:255.255.255.252
>           inet6 addr: fe80::20a:5eff:fe1b:232d/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
>           RX packets:2539514 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2045710 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:1818066781 (1.8 GB)  TX bytes:226083777 (226.0 MB)
>           Interrupt:16
>
>
>
> My fireqos.conf.
>
>
>
> # incoming traffic from my ADSL router
> # interface eth1 adsl-in input rate 8128kbit  (I have moved the rate down
> -in order to prevent "queing" at the routers both ends)
> interface eth1 adsl-in input rate 7520kbit
>    class voip commit 160kbit
>      #match udp ports 5060,5061,10000:10100 # asterisk sip and rtp
>      match udp ports 5060,5061 # asterisk
>      match src 196.41.123.113  # voip provider's ip
>      match src 196.41.124.43
>      match udp ports 16393:16402 # apple facetime
>
>    class realtime commit 10%  max 75%
>      match tcp port 222,22 # ssh, openvpn, pptp
>      match udp port 53 # dns
>      match tcp syn
>      match tcp ack
>
>
>    class clients commit 5% max 75%
>      match tcp port 20,21,25,80,143,443,465,873,993,1195:1198,1753,3690 #
> mail, web, ftp, etc
>      match proto GRE
>      match icmp
>
>  # unmatched traffic goes here ('default' is a special name)
> #   class default max 65%
>     class default max 60%
>
>  # I define torrents beneath the default class, so they slow
>  # down when the default class is willing to get bandwidth
> #  class torrents max 65%
>   class torrents max 80%
>     match port 60364 # my torrent client
>
>  # outgoing traffic to my ADSL router
> # interface eth1 adsl-out output rate 928kbit
> interface eth1 adsl-out output rate 730kbit
>
>    class voip commit 160kbit
>      #match udp ports 5060,5061,10000:10100 # asterisk sip and rtp
>      match udp ports 5060,5061 # asterisk
>      match dst 196.41.123.113   # My Voip provider's IP
>     match dst 196.41.124.43
>      match udp ports 16393:16402 # apple facetime
>
>    class realtime commit 10% max 70%
>      match tcp port 222,22 # ssh, openvpn, pptp
>      match udp port 53 # dns
>      match tcp syn
>      match tcp ack
>
>    class clients commit 5% max 70%
>      match tcp port 20,21,25,80,143,443,465,873,993,1195:1198,1753,3690 #
> mail, web, ftp, etc
>      match proto GRE
>      match icmp
>
>  # unmatched traffic goes here ('default' is a special name)
>    class default max 40%
>
>  # I define torrents beneath the default class, so they slow
>  # down when the default class is willing to get bandwidth
>   class torrents  max 40%
>     match port 60364 # my torrent client
>
>
> --
> --
> Kind Regards
> Iaan Louw
>
> Mobile : 083 660 4359
> Office : 021 913 7819
> e-mail : iaan at vexen.co.za
> Web : http://www.vexen.co.za
> Vexen Technologies (PTY) Ltd
>
> Disclaimer and Confidentiality: This message contains information from Vexen
> Technologies (Pty) Ltd that may be confidential or privileged and Vexen
> Technologies (Pty) Ltd holds copyright in this message. Any review,
> disclosure, copying, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient, is prohibited. If you have
> received this message in error, please erase it and notify the sender.
> Agreements, conclusions and other information in this message not related to
> the official business of Vexen Technologies (Pty) Ltd shall be understood as
> neither given, nor endorsed nor authorised by it.
>

More information about the Firehol-support mailing list