The external interface on SISO is likely to be the bottle neck and
get trully full. The traffic on the external interface will be
controlled using a bandwidth provisioning system. This system
supports various method for classifying, prioritizing, sharing, and
limiting both inbound and outbound traffic. The configuration
was installed in Section 2.3.5, “IP Routing Configuration (iproute2)”.
The example described in this section is based on the requirements listed below.
Minimize round trip delays for interactive traffic, even when big files are uploaded or downloaded. Internet Service Providers oftem improve download speed by excessive queing. This however causes interactive traffic to be delayed. To work around this:
Limit the upload speed, to slightly under the truly available rate. This way no queues are built up in the access router. Instead this moves the queue to the SISO router, where we can control it.
Limit download speed. We can not directly shape how fast the internet sends us data, but we can drop packets that are coming in too fast. Indirectly this will cause TCP streams to slow down to just the rate we want.
Use the available bandwidth to its fullest extend, by allowing interactive traffic to jump to the head of the upstream queue. Five classes are used:
Truely interactive traffic such as SSH.
DNS queries (destination port 53)
TCP acknowledgements with no data (ACK bit set, and only IP and TCP header)
TCP connection initiation (ACK and SYN bits set)
Packets with TOS set to Minimize-Delay, such as used for example by SSH and telnet.
Hosts browsing the web (2BD expand this to exclude big file transfers using HTTP)
HTTP access (destination port 80)
HTTPS access (destination port 443)
Outgoing VPN connections
Shiva/Intel VPN traffic (UDP destination port 2233)
Bulk file transfers
Packets with TOS set to Maximize-Throughput, such as used by FTP.
Minimal cost traffic
All remaining traffic
With SISO being an edge router, a good approach is to classify the outgoing traffic in distinct classes. Each of these classes is then assigned a guaranteed and ceiling rate. The queueing discipline used is HTB. 
The configuration variables
the maximum uplink and downlink transfer rates and the maximum burst.
Traffic control is configured in the startup script
The classifier tags packets based on properties such as
destination port or the Type-of-Service field.
The SISO router uses netfilter to classify the packets.
This gives packet counts for each of the rules opposed to
only the classes as offered by the buildin traffic control
filters. The section
[classifier] in the
configuration file lists these rules.
Within a leaf class Sochastic Fairness Queueing (SFQ) is used to fairly share the bandwidth within the leaf class.
The shaper limits the outgoing traffic based on rates rules
similar to ATM QoS. The rules are listed in the configuration
file at section
The policer limits incoming traffic to the rate set
DOWNLINK configuration variable.
The example traffic control script and configuration file: