Queuing by Type of Service

Previous page
Table of content
Next page

Applications can request a Type of Service from the IP stack, reflected in the Type of Service flag in the IP packet. Routers, firewalls, and other network infrastructure devices can choose to examine this flag and act appropriately — or not. Read the application's documentation to determine if and how that application supports IP Type of Service.

Queuing can specifically recognize the Types of Service flags "lowdelay" (or "0x10"). These packets are considered especially vital. If you assign multiple queues to a rule, the second applies only to packets with a "lowdelay" Type of Service. For example, the SSH application protocol requests that interactive sessions be assigned a Type of Service of "lowdelay," but requests a ToS of "throughput" for data transfers (sftp, scp). A delay of a few seconds is perfectly tolerable when uploading or downloading a large chunk of data, while a delay of a few seconds between keystrokes on a remote server is intolerable. We don't want to divide our SSH bandwidth between the two types of connection, just have one react more quickly than another. That means we want prioritize our queues:

 queue ssh bandwidth 5% cbq(borrow) { 1 ssh_interactive, 3 ssh_bulk} queue ssh_interactive 3 priority 7 queue ssh_bulk 4 priority 0

Here we've split the ssh queue into two chunks, 1 ssh_interactive and 3 ssh_bulk. The ssh_interactive queue has no further bandwidth restrictions, but is assigned the 3 highest priority, 7. The ssh_bulk queue also has no restrictions on bandwidth beyond the 5 percent reserved for the main SSH queue, but has the 4 lowest possible priority, 0. Now, let's split up our SSH traffic in the packet-filtering rule.

 pass in proto tcp from any to any port 22 keep state queue {ssh_bulk, 1 ssh_interactive}

The 1 second queue listed is only used for packets with the Type of Service of "lowdelay," meaning that our keystrokes will appear more quickly in a high-congestion situation. If you know the nitty-gritty details of how your network protocol works, this can be extremely effective.



Previous page
Table of content
Next page
Absolute Openbsd(c) Unix for the Practical Paranoid
Absolute OpenBSD: Unix for the Practical Paranoid
ISBN: 1886411999
EAN: 2147483647
Year: 2005
Pages: 298
Authors: Michael W. Lucas
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Network Security Architectures
C++ How to Program (5th Edition)
GO! with Microsoft Office 2003 Brief (2nd Edition)
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy