assumptions :
1- LAN IP Address = 192.168.1.0/24 on ether2
2-Internet static IP address = 85.85.85.85 on ether2 (Bandwidth=1Mb/s up and 1Mb/s down)
3-VOIP device (IP PBX) IP address = 192.168.1.100 connected to LAN listening on port 5060 for UDP packets
4- we have port forwarding ( chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=5060 protocol=udp dst-address=85.85.85.85 dst-port=5060
5-we do not know how many voip calls may be made in/out of office via Internet ( Every VOIP call needs 100 Kb/s bandwidth)
6-we want to allocate all the bandwidth to the first client and then if second one came in, it devided by two - that is everyone can have 512Kb/s - and so on. and as soon as the Router detects a VOIP call, we expect that the router provides the needed bandwidth - that is 100Kb/s - by obtaining it from the clients and gives it to the VOIP call - and if more calls came in/out it gives them the needed bandwidth according to this ratio. We mean for example if we have 2 concurrent VOIP calls the Router must release 200Kb/s of Internet bandwidth for these two VOIP calls and divides the remaining bandwidth - that is 800Kb/s - between the clients equally. and as soon as any of the VOIP calls ended, the Router gives back the released bandwidth ( allocated to that VOIP call ) to the clients.
7- we use mangle to mark packets ( we have two distinct marks , “voip” and “else” )
8-VOIP packets priority=2 and else=5
9- we want to use queue tree not simple queue
questions:
1- how to use mangle to mark packets for VOIP and else ?
2- How to configure queue tree ?
for marking packets as:
voip ==> Because all voip calls are handled by IP PBX so First we mark the connection from 192.168.1.100 (IP address of IP PBX) with the protocol UDP in prerouting chain as “voip” connenction and then mark any packet in this connection as “voip” packet mark.so we have:
_0 chain=prerouting action=mark-connection new-connection-mark=voip
passthrough=yes protocol=udp src-address=192.168.1.100
1 chain=prerouting action=mark-packet new-packet-mark=voip passthrough=no
connection-mark=voip_
Because in SIP calls we have signaling which occurs usually on port 5060 and also RTP packets for transmitting voices on ports usually between 10000 - 20000 so we do not consider the port numbers for these two mangle rules.
of course if it is possible to mark them by their TOS bits.
else==> And because we have just two kind of packets, I mean “voip” and " else", so when we specify the “voip” packets then others are “else” packets . so we have:
2 chain=forward action=mark-connection new-connection-mark=else
passthrough=yes src-address=192.168.1.0/24 out-interface=ether1-public
3 chain=forward action=mark-packet new-packet-mark=else passthrough=no
connection-mark=else
And what about Queues:
First for Download Queues:
1- Create the Parent Queue for Download
name=“Parent_Download” parent=ether2-Lan packet-mark=“” limit-at=0
priority=8 max-limit=1024K burst-limit=0 burst-threshold=0 burst-time=0s
2- Create the Child queues :
A) “voip_down” queue :
name=“voip_down” parent=Parent_Download packet-mark=voip limit-at=0
queue=default priority=2 max-limit=1024k burst-limit=0 burst-threshold=0
burst-time=0s
***** before adding the “else_down” queue, we should create two PCQ-type queues, one for download and one for upload ( because we want to distribute the available bandwidth equally between clients). so:
name=“pcq_download” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64
and …
name=“pcq_upload” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64
And now we continue to add our another child queue :
B) “else_down” queue :
name=“else_down” parent=Parent_Download packet-mark=else limit-at=0
queue=pcq_download priority=5 max-limit=1024k burst-limit=0
burst-threshold=0 burst-time=0s
These are two child queues for download. and now it is time to create the queues for uploading:
3- Create the Parent Queue for Uploading
name=“Parent_Upload” parent=ether1-public packet-mark=“” limit-at=0
priority=8 max-limit=1024k burst-limit=0 burst-threshold=0 burst-time=0s
4- Create the Child queues :
C) “voip_up” queue :
name=“voip_up” parent=Parent_Upload packet-mark=voip limit-at=0
queue=default priority=2 max-limit=1024k burst-limit=0 burst-threshold=0
burst-time=0s
D) “else_up” queue :
name=“else_up” parent=Parent_Upload packet-mark=else limit-at=0
queue=pcq_upload priority=5 max-limit=1024k burst-limit=0
burst-threshold=0 burst-time=0s
and I think it is the “END”.
may be … What is your opinion ?