[NCLUG] Bandwidth throttling when SIP connection is in progress.
John Gilmore
jgilmore at glycou.com
Sat Oct 11 08:04:53 MDT 2008
Thank you for pointing that out. It does look like HTB is better
adapted to what I want to do than iptables. A dedicated bandwidth
control tool would probably do a better job than iptables fuzzy match
dropping by count of packets. HTB doesn't have an equivalent to the
"condition" match, so I'd have to create or modify the rules when a
SIP connection started, and destroy or modify them when it stopped. It
doesn't get me away from the dependency on userspace modifications to
the rules.
My understanding is that since my upstream provider (USCable) doesn't
implement QOS, to eliminate latency for the SIP calls would require
that I throttle bandwidth to quite a bit lower than the actual limit -
say 700KBps on a 1.2Mbps connection. There's no need for that most of
the time, as SIP is relatively rare. I'd like to traffic shape only
when a SIP call is actually in progress, so as to avoid lowering
overall download speeds. Particularly since SIP packets are SO
sensitive to latency, and the throttling has to be so extreme to
accommodate them.
Mostly this is a desire on my part to avoid the time-consuming
empirical testing that it would take to tune the bandwidth limit so it
doesn't interfere with SIP calls, but still has reasonable download
speeds. SIP is rare enough that I could cut everything to 1/4 of full
speed, and not care about slower downloads. Which is exactly what I
plan on doing. Basicly as long as other TCP connections don't actually
terminate, I'm OK with it.
On Sat, Oct 11, 2008 at 1:47 AM, Scott Scriven <nclug at toykeeper.net> wrote:
> * John Gilmore <jgilmore at glycou.com> wrote:
>> I'd like to setup my firewall to severely throttle all TCP
>> traffic when there is a SIP connection in progress.
>
> Try traffic shaping with HTB.
>
> Basically, set up prioritized buckets, and put your SIP calls in
> the first or second bucket. It works very well.
>
> It sounds like you know a thing or two about iptables, but if
> you'd like an example or recipe, I can send you one.
>
>
> -- Scott
> _______________________________________________
> NCLUG mailing list NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>
More information about the NCLUG
mailing list