Advanced QoS for IPCop

This version of the manual is designed to get you up and running with out any knowledge of traffic shaping

Using this version of the manual will allow you to get traffic shaping working on your IPCop firewall with out any knowledge of QoS. You will however need knowledge of the following:

• PuTTY –Home Page
• Winscp –Home Page

Once you have a copy now connect to your IPCop machine using winscp, if you are connecting from a windows machine. Although SSH is done over port 22, IPCop uses port 222. Once you have connected to the firewall navigate first to the root of the file system then into the folder marked "tmp". Once inside transfer the qos tar file that you obtained from Source Forge.

OK, we really need to help people here - I know I spent about a day searching for how to do this and this is roughly correct - use something like:

1. if you are using Linux you can use

scp -v -P 222 /home/downloads/pathtofile/filename root@hostname:/tmp/

After three hours of wasted time, I found here:http://ipcops.com/faq/ipcop_faq.html#1.2.7

that one has to "enable SSH via the web interface"

1. if you are using Windows as your desktop tryWinSCP

• Connect to IPCop with PuTTy, remembering to connect using port 222.
  • If using linux ssh -l admin -p 222 192.168.1.1
• Navigate to the /tmp folder.

# cd /tmp

• Run the following command to extract the tar file.

# tar xvfz qos_ipcop_1.4.8.tar.gz

• Goto the extracted files

# cd /tmp/qos

• Run the install script

# ./install

Addition: Make sure you run the install from the directory of the installer! i.e. "./install" and not "qos/install" There is a friendly line at the end of the installer that nukes the current directory. I have just lost my root dir... - benaiah

Using a web browser navigate to your IPCop router/firewall and from there using the "Services" menu, select "QoS".

The first thing that needs to be defined is the root class for out going traffic on the red device, this will be either:

• ppp0 - if a PCI ADSL/ISDN MODEM or PPPoE is used
• eth1 - if an external MODEM is used (and you have only 2 interfaces, red and green, this applies to most users)
• ethx - if you have multiple network interfaces, such as blue and orange (red will always be the highest number)

1. First change the default class from the drop down box to 199.
2. Now add your upload speed in kbps to the text box below the default class. The figure you enter here should be 90% of the upload speed limit that your ISP provides you.

e.g.

ISP upload speed = 256 kbps×90% = 230 kbps.

So add 230 into the text box.

4. Now click save.

This is the class that will used to channel relatively time dependent protocols like, MSN, IRC and SSH.

1. Using the "Add a new class ppp0[eth1]" section, select 100 from the Class drop down box.
2. Select the priority as 2.
3. Set the "Minimum Upload in kbit" as 50 Kbps.
4. Set the "Maximum delay in milliseconds" as 40 ms.
5. Set the "Maximum Upload in kbit" as your upload speed given by your ISP.
6. Click on save.

This class is used for RTP data and anything that is very time dependent like online games and VoIP

1. Using the "Add a new class ppp0[eth1]" section, select 101 from the Class drop down box.
2. Select the priority as 1.
3. Set the "Minimum Upload in kbit" as 90 Kbps.
4. Set the "Maximum delay in milliseconds" as 20 ms.
5. Set the "Maximum Upload in kbit" as your upload speed given by your ISP.
6. Click on save.

This class is used for all the traffic that isn't time dependent, traffic like P2P and FTP.

1. Using the "Add a new class ppp0[eth1]" section, select 103 from the Class drop down box.
2. Select the priority as 7.
3. Set the "Minimum Upload in kbit" as 0 Kbps.
4. Set the "Maximum delay in milliseconds" as 150 ms.
5. Set the "Maximum Upload in kbit" this should be 50-100 Kbps less than the total upload speed given by your ISP.
6. Click on save.

This class is used for all the traffic that isn't covered by a rule. i.e. undefined traffic.

1. Using the "Add a new class ppp0[eth1]" section, select 199 from the Class drop down box.
2. Select the priority as 4.
3. Set the "Minimum Upload in kbit" as 0 Kbps.
4. Set the "Maximum delay in milliseconds" as 50 ms.
5. Set the "Maximum Upload in kbit" this should be 50-100 Kbps less than the total upload speed given by your ISP.
6. Click on save.

ACK is a part of the TCP protocol, giving ACK packets high priority will speed up all TCP connections. And thus should assigned to the 101 class.

So in the QoS page on the IPCop do the following:

1. Go to the "select class for ACK's on ppp0[eth1]" section.
2. Select 101 from the drop down box.
3. Click on save.

Now that all the classes have been defined, you now need to choose what traffic goes through which class. This is done using Rules. Rules are either defined using ports or by using the Layer-7 filters.

Different applications use different port numbers or ranges of port numbers. They also use different packet protocols, such as TCP and UDP. To define a traffic rule you will need to find out what port numbers the application uses and what packet protocol it uses. This information is usual either in the applications manual or in the configuration selection of the application. Failing thatgoogle is your friend.To add a port based rule do the following:

1. Goto the "Add rule" section.
2. Give the rule a name e.g. the applications name (no spaces are allowed in names, nor greater than 15 characters long).
3. Set the interface from the drop down box to that of your red interface.
4. Select the protocol type for your application from the protocol drop down box.
5. From the mark drop down box select the class you wish this applications data to be tied to. i.e. if it a VoIP set it to class 101.
6. Enter the applications port number into the "Source Port" text box. Port numbers can either be single ports or ranges i.e. 80-90.
7. Click on save.

Layer-7 filters allows the identification of protocols independent of port. This is beneficial if you can not predict what ports will be used by users. There is a cost of CPU time, but this is proportional to the flow of network traffic and shouldn't be a problem with a home or office net work on the minimum hardware specification requirements for IPCop.

To add a Layer-7 based rule do the following:

1. Goto the "Add l7 rule" section.
2. Enter a the name of the protocol in the "Rulename" text box.
3. Set the interface from the drop down box to that of your red interface.
4. From the "Protocol" dropdown box select the name of the protocol that you wish to control.
5. Then from the "Mark" dropdown box select the class that you wish the protocol's traffic to flow through.
6. Click on save.

Using the imq0 dummy device will allow you to control the priority of downloaded packets, as opposed to the uploaded packets so far looked at.

Setting up this device is much the same as the previous one but with ADSL connections the bandwidth is greater down stream so this needs to be adjusted in the classes.

The setup precedes as before:

1. Set the Root Class using the 90% of the available download band width.
2. Fast Class (200) – changing the max. and min. bandwidths to suit.
3. Very Fast Class (201) – changing the max. and min. bandwidths to suit.
4. Bulk Traffic Class (203) – changing the max. and min. bandwidths to suit.
5. Default Class (299) – changing the max. and min. bandwidths to suit.
6. Add the required rules for this device using either port rules or Layer-7 filters.

To uninstall just do the following:

1. Connect to IPCop with PuTTy, remembering to connect using port 222.
2. Type the following in the terminal window

# /var/ipcop/qos/bin/uninstall

IPCOP will require an updated kernel in order for the QOS package to work, after the installing QOS,follow this linkMHADDONS, and download and install the kernel, following the associated instructions.A newer kernel version may be available, look throughDownloads, under Addons.

CBQ – Class Based Queuing.

HFSC – Hierarchical Fair Service Curve

HTB – Hierarchical Token Bucket – A packet scheduler

IMQ – A dummy device which intercepts all packets just before they are queued into the real device.

L7-filter – Application Layer Packet Classifier

RTP – Real-time Transfer Protocol

qdisc – Queuing Discipline.

VoIP – Voice over IP

• A thorough explanation of traffic shaping[1]
• Hierarchical Token Bucket manual[2]
• Linux intermediate queue (imq)[3]

• Book:Advanced QoS for IPCop