In order to make full use of my half-duplex WiMAX link, I started looking for anything and everything I could use to optimize it. Linux has some pretty decent utilities with iproute2 and netem to handle these type of configurations. They don’t compare to OpenBSD’s PF, but they work once you get the setup in place.
Due in part to how ugly TC is out of the box, I really like FireQOS for defining the basic configuration. The developer also makes a great iptables wrapper called FireHOL, but iptables rules are easy enough to write in my opinion.
I wanted to share my FireQOS script for those who may have similar needs. It prioritizes my traffic with the following basics:
- VOIP – Commits 30kbit no matter what else is going on. This is sufficient for a single G.729 SIP connection
- Interactive protocols such as DNS, SSH, and XMPP receive 20% of the bandwidth
- Facetime – Committed 200kbit for video streaming
- VPN connections (PPTP/IPSEC/OpenVPN) are given 20% of the bandwidth
- Surfing is given majority of bandwidth with 60%
- Synacks, Mail, and Usenet bring up the rear with whatever is left. They will consume available bandwidth if nothing else is going on
As I write this my network is function just spiffy with no issues streaming via SONOS and downloads via USENET. I am very happy with the config.
From /etc/firehol/fireqos.conf
DEVICE=enp3s0
INPUT_SPEED=1910kbit OUTPUT_SPEED=200kbit
interface $DEVICE world-in input rate $INPUT_SPEED $LINKTYPE
class voip commit 30kbit match udp port 5060 match udp dports 10000:10100 match sports 3478,5349
class interactive commit 20%
match udp port 53 match tcp port 22 match tcp port 2222 match tcp port 8022 match icmp match tcp sports 5222,5228 match tcp sports 5223
class facetime commit 200kbit
match udp ports 3478:3497,16384:16387,16393:16402
class vpns commit 20%
match tcp port 1723 match gre match dport 1195:1198 match tcp port 1701 match tcp port 500 match udp port 500 match udp port 4500
class surfing commit 60%
match tcp port 80 match tcp port 443
class synacks
match tcp syn match tcp ack
class defaultclass mail
match tcp port 143 match tcp port 993 match tcp port 25 match tcp port 465 match tcp port 587
class usenet
match tcp port 563
interface $DEVICE world-out output rate $OUTPUT_SPEED $LINKTYPE
class voip commit 30kbit match udp port 5060 match udp sports 10000:10100 match dports 3478,5349
class interactive commit 20%
match udp port 53 match tcp port 22 match tcp port 2222 match tcp port 8022 match icmp match tcp dports 5222,5228 match tcp dports 5223
class facetime commit 200kbit
match udp ports 3478:3497,16384:16387,16393:16402
class vpns commit 20%
match tcp port 1723 match gre match sport 1195:1198 match tcp port 1701 match tcp port 500 match udp port 500 match udp port 4500
class surfing commit 6%
match tcp port 80 match tcp port 443
class synacks
match tcp syn match tcp ack
class defaultclass mail
match tcp port 143 match tcp port 993 match tcp port 25 match tcp port 465 match tcp port 587
class usenet
match tcp port 563