5.4. Traffic Control

The external interface on SISO is likely to be the bottle neck and get trully full. The traffic on the external interface will be controlled using a bandwidth provisioning system. This system supports various method for classifying, prioritizing, sharing, and limiting both inbound and outbound traffic. The configuration tool (tc) was installed in Section 2.3.5, “IP Routing Configuration (iproute2)”.

5.4.1. Requirements

The example described in this section is based on the requirements listed below.

  1. Minimize round trip delays for interactive traffic, even when big files are uploaded or downloaded. Internet Service Providers oftem improve download speed by excessive queing. This however causes interactive traffic to be delayed. To work around this:

    1. Limit the upload speed, to slightly under the truly available rate. This way no queues are built up in the access router. Instead this moves the queue to the SISO router, where we can control it.

    2. Limit download speed. We can not directly shape how fast the internet sends us data, but we can drop packets that are coming in too fast. Indirectly this will cause TCP streams to slow down to just the rate we want.

  2. Use the available bandwidth to its fullest extend, by allowing interactive traffic to jump to the head of the upstream queue. Five classes are used:

    1. Truely interactive traffic such as SSH.

      • DNS queries (destination port 53)

      • TCP acknowledgements with no data (ACK bit set, and only IP and TCP header)

      • TCP connection initiation (ACK and SYN bits set)

      • Packets with TOS set to Minimize-Delay, such as used for example by SSH and telnet.

    2. Hosts browsing the web (2BD expand this to exclude big file transfers using HTTP)

      • HTTP access (destination port 80)

      • HTTPS access (destination port 443)

    3. Outgoing VPN connections

      • Shiva/Intel VPN traffic (UDP destination port 2233)

    4. Bulk file transfers

      • Packets with TOS set to Maximize-Throughput, such as used by FTP.

    5. Minimal cost traffic

      • All remaining traffic

5.4.2. Implementation

With SISO being an edge router, a good approach is to classify the outgoing traffic in distinct classes. Each of these classes is then assigned a guaranteed and ceiling rate. The queueing discipline used is HTB. [37]

The configuration variables UPLINK, DOWNLINK and BURST determine the maximum uplink and downlink transfer rates and the maximum burst. Traffic control is configured in the startup script /etc/init.d/tc:

  • The classifier tags packets based on properties such as destination port or the Type-of-Service field. The SISO router uses netfilter to classify the packets. This gives packet counts for each of the rules opposed to only the classes as offered by the buildin traffic control filters. The section [classifier] in the configuration file lists these rules.

    Within a leaf class Sochastic Fairness Queueing (SFQ) is used to fairly share the bandwidth within the leaf class.

  • The shaper limits the outgoing traffic based on rates rules similar to ATM QoS. The rules are listed in the configuration file at section [shaper].

  • The policer limits incoming traffic to the rate set by the DOWNLINK configuration variable.

The example traffic control script and configuration file: