Applies to platform: UTM 3.0, UTM 5.0, Hotspot 3.2, Hotspot 5.0
Last updated: 5th December 2016
QoS Traffic Policing giving priority to VOIP calls case scenario
In this tutorial we will explain how to control the download stream (this is why it's called "Traffic policing" and not "Traffic shaping" which is used as term when we want to limit the upload) by presenting a real-case scenario where we have four main traffic categories.
In this case scenario we have an 10Mbit (download / upload guaranteed) uplink and a gateway-to-gateway or "net-to-net" VPN connection with phones on both sites adding other traffics , listing according to our wanted categorizing of the traffic types:
1. VOIP traffic
2. NAS via FTP
3. Internal traffic
4. External HTTP / HTTPs which is currently saturating the bandwidth
1. Adding the Devices
In a situation when we want to limit only the upload adding only the RED interface would be enough, but in this case as when we want to policy the downstream we need to add also a second device which would be GREEN if we want to control the downloads on GREEN network, or ORANGE if we want to control the downloads on the ORANGE network or both of them and so on.
By logging to our GUI we go to Dashboard > Services > Traffic Shaping and than we add firstly the RED device and than the GREEN device:
As for the GREEN (LAN) see below.
To add the internal (Green, Orange or Blue) device you can verify the device speed as following:
root@endian:~# brctl show
bridge name bridge id STP enabled interfaces
hotspotbr0 0000.525400154ff2 no eth2
br2 0000.a272c876af51 no hotspot0
br1 0000.525400e22cd0 no eth1
br0 0000.525400871bee no eth0
As you cans see br0 is bridged to eth0 and the Speed of eth0 is :
root@endian:~# ethtool eth0 | grep Speed
2. Modifying the Classes
Where : Reserved is the bandiwdth reserved for the class, for example if the uplink is 10000 kbit 55% means that 5500 kbits will be reserved for the class, while Limit is the maximum a specific class can use from the bandwidth if free. And by example you see that the Green priority 2 rule has a 500kbit reserved and can't go up more than 7000kb (in case the bandwidth is unused).
3. Adding the Rules.
So for example having an ANY = ANY rule on top would practically make the other rules below pointless.
1 - VOIP
The four /32 subnets are all VOIP phones , so we create those as the first rules (from source first for the uplink / high priority and than from GREEN / high priority , and than 2 more rules with the subnets as destinations).
2 - NAS via FTP
Our server is 192.168.0.250 and we want only the internal traffic to be medium priority so as all subnets on our network are 192.168.x.x than we can include them in to 192.168.0.1/16, and we add the rules in the same fashion (source than destination, for the Uplink and for the Green interface also).
3 - Internal Traffic
This is easier as we have to add only 2 rules while the source and the destination is the same,(our internal network 192.168.0.1/16) of course traffic priority will be "generic" for both Red and Green interface.
4 - Internet traffic.
In our scenario this is our lowest priority traffic which is basically what's left from the previous configuration, so for sure traffic generated from 192.168.0.1/16 to 192.168.0.1/16 will be already handled by the rules above , so by adding ANY = ANY the non-internal traffic will be managed and we give him the lowest priority which is "bulk" for both Green and Uplink.