Koozali.org: home of the SME Server

QoS for skype / VoIP traffic.

Offline tropicalview

  • ****
  • 196
  • +0/-0
    • http://www.tropicalview.net
QoS for skype / VoIP traffic.
« on: November 02, 2009, 10:02:39 PM »
Dear all,

I already found some (very) old forum entries about QoS (2001, 2005)
as far as i learned from them you need THB WonderShaper to have QoS services.

i don't like the idea to start messing with my LAN connections as i already have a interesting setup (OpenVPN / Dansguardian / CoovaChilli)

does anybody know a other solution to do QoS for Skype / VoIP traffic without placing an expensive router in front of my server?


Kind regards,

Hendrik Kroon
The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: QoS for skype / VoIP traffic.
« Reply #1 on: November 02, 2009, 10:32:24 PM »
would a cheap fw solution be interesting? if so, take a look at m0n0wall and its features (qos/traffic shaping etc) or at pfsense and its transparent layer 2 firewalling capability


Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: QoS for skype / VoIP traffic.
« Reply #3 on: November 02, 2009, 10:59:50 PM »
http://repo.firewall-services.com/sme/noarch/smeserver-qos-1.0-4.noarch.rpm

interesting but:
- why isn't it mentioned in the wiki?
- why isn't it in bugzilla and/or in the official repos?

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: QoS for skype / VoIP traffic.
« Reply #4 on: November 02, 2009, 11:56:54 PM »
This contrib (smeserver-qos) is not documented yet, because I'd first like to import it in the smecontrib repo. I've already asked for it, but it seems it wasn't acceted. The reason is that there's already a contrib called smeserver-htbwshaper imported, which does the same job. This contrib was not sufficient for my need, so I've "forked" it and created smeserver-qos. But now, the changes I've made are too important to merge it with the smeserver-htbwshaper with small patches. If I find some time to talk to the author of the original contrib, I'll try to merge the changes.

Regards
C'est la fin du monde !!! :lol:

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: QoS for skype / VoIP traffic.
« Reply #5 on: November 03, 2009, 12:45:56 AM »
tropicalview

See original release announcement here as well as comments from VIP-ire
http://forums.contribs.org/index.php/topic,43321.0.html

Also look in the Howtos for the HTBWondershaper script install & usage details, see here
http://wiki.contribs.org/Wondershaper

The HTBWondershaper script method has been replaced by the smeserver-htbwshaper rpm, which has been superseded by the smeserver-qos rpm.
It's just that processes and documentation have not been updated to match the newer releases.
« Last Edit: November 03, 2009, 12:59:39 AM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
Re: QoS for skype / VoIP traffic.
« Reply #6 on: November 03, 2009, 04:49:06 AM »
see http://bugs.contribs.org/show_bug.cgi?id=5005
for a later version of  smeserver-htbwshaper

I made a few minor changes, but it still had a fundamental flaw

it issues an iptables command to enable shaping after booting
but if you run a sme event that restart masq the command isn't rerun
I couldn't work out how to insert the command into a template

Offline tropicalview

  • ****
  • 196
  • +0/-0
    • http://www.tropicalview.net
Re: QoS for skype / VoIP traffic.
« Reply #7 on: November 03, 2009, 03:17:48 PM »
Hi All,

I have an other question (related to this)

If i get 2 IP addresses from my provider (one with 1mb of bandwidth and one of 265kb of bandwidth)
can i configure SME server so that the WAN NIC does use them both, but the server and the routing is using only the bandwidth of the 1mb connection.
and to connect to domain voip.voip.com it's routed trough the other IP and using the (seperated) bandwidth of that IP address?

Kind regards
The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Offline tropicalview

  • ****
  • 196
  • +0/-0
    • http://www.tropicalview.net
Re: QoS for skype / VoIP traffic.
« Reply #8 on: November 03, 2009, 03:21:50 PM »
Hi all,

thank you for the many replies,
because my browser had cached the page i saw only 2 replies before the last post i did.
therefore just a short message to thank you all, i will check our all your replies today.


Kind regards,
The sky is not the limit, But when I reach the sky, for sure I will not try to go to the limit.... (donated $25,- upto now)

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: QoS for skype / VoIP traffic.
« Reply #9 on: November 03, 2009, 08:14:57 PM »
Please notice that all the available Linux based QoS solution depends on shaping the given TCP port on which the traffic is flowing. This means that if you want to give Skype priority the you need to prioritize TCP/80 (also used for HTTP traffic) as Skype runs by default here. If you want to give classic SIP based VoIP priority then the SIP protocol runs by default on TCP/5060 but now the problems start.... The RTP flow (the actual voice in VoIP) run in a dynamically allocated TCP port (negotiated in the SIP setup) range and the mentioned FWs and Routers doesn't detect this an also prioritize dynamically the RTP flow. Therefore it makes no difference to use their QoS systems if your internet connection gets congested.

If you really want Skype and all of the new real-time applications to work you need either a seperate internet connection (no so smart) or a VoIP bandwidth manager product.

I can recommend SmartShare Systems's StraightShaper as it sits in-front (on LAN Side) of any existing router or SME server and does exactly what you are looking for.

/Jesper


 

Offline soprom

  • *
  • 589
  • +0/-0
    • www.logiciel-libre.org
Re: QoS for skype / VoIP traffic.
« Reply #10 on: November 06, 2009, 01:18:38 AM »
Skype and VoIP should not be put together in this context. 

As Skype is a client, its port usage is unpredictable (any TCP above 1024). 

For SIP, it is a bit easier to plan.

Quote
The RTP flow (the actual voice in VoIP) run in a dynamically allocated TCP port
This confuses me because I thought RTP was udp 10000-20000 by default or as defined in /etc/asterisk/rtp.conf
rtpstart=10000
rtpend=20000

Following VIP-hire concept, I would prioritize like this for selintra's pbx or freepbx:
Quote
udp 5060,10000-20000,4569
tcp  5060,4569
VIP-hire did not mention if his contrib "garanties" some minimum bandwidth but I don't think it does. For a PBX, it is also necessary to open more that 5060 depending on the devices to serve.

Quote
Therefore it makes no difference to use their QoS systems if your internet connection gets congested.
I hope this is concerning shaping Skype traffic on port TCP/80 !

Sophie from Montréal

Offline soprom

  • *
  • 589
  • +0/-0
    • www.logiciel-libre.org
Re: QoS for skype / VoIP traffic.
« Reply #11 on: November 06, 2009, 01:42:08 AM »
Quote
can i configure SME server so that the WAN NIC does use them both, but the server and the routing is using only the bandwidth of the 1mb connection and to connect to domain voip.voip.com it's routed trough the other IP

Combining 2 WAN links and then separating them again is a lot of work.  You might need to use a router in front of the server (tomato/mlppp or zeroshell) to combine WAN links.

If 265kb (upload?) is enough for your Sip needs (about 3 simultaneous quality conversations) you might find it a lot easier and safer to have a dedicated VoIP server.

Sophie from Montréal

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: QoS for skype / VoIP traffic.
« Reply #12 on: November 06, 2009, 10:45:25 AM »
VIP-hire did not mention if his contrib "garanties" some minimum bandwidth but I don't think it does.

Hi. The contrib smeserver-qos guaranties minimum bandwidth, but does not reserve it:
- the traffic is separated in 4 classes (and a 5th special class)
- every class can use all the bandwidth if it's not used by some other classes

- the first class (highest priority) will have 70% of the available bandwidth guarantied
This class includes:
- packets with TOS set to Low-Delay
- packets matching the destination port or destination host you've configured in the server-manager as High Priority


- the second class will have 15% of the available bandwidth guarantied (but can use all the available bandwidth if class 1 doesn't use it)
This class include:
- icmp echo requests and replay
- TCP ACK packets
- DNS requests/responses
- NTP requests/responses


- the third class has 10% of the bandwidth reserved (but can use all the available bandwidth if class 1 and 2 don't use it)
This class include all the traffic not included in other classes, it's the default one.

- the fourth class will only have 5% of the bandwidth guarantied (and can use all the bandwidth if class 1, 2 and 3 don't use it). It's the lowest priority.
This class includes SMTP(S) traffic (TCP port 465 and 25)

- the fifth class is a bit special and won't be useful in most cases: packets in this class won't be shaped at all. You can define hosts to which traffic will use this class with the "excludes" DB property:
Code: [Select]
db configuration setprop qos excludes 11.12.13.14,56.57.58.59

Regards
C'est la fin du monde !!! :lol:

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: QoS for skype / VoIP traffic.
« Reply #13 on: November 06, 2009, 10:57:51 AM »
Correct that RTP channel can be confined within a given range but what about all the other apps that uses this quite large range - should they also get priority? The torrent clients would love such as range to get extra priority....

The Skype protocol is closed but they do tend to try using port 80 first as most firewalls are open here. Secondly I think 443 (HTTPS) is tried and then it goes to random (or client configured) as far as I know.



Offline arne

  • ****
  • 1,116
  • +0/-4
Re: QoS for skype / VoIP traffic.
« Reply #14 on: November 06, 2009, 09:30:23 PM »
A ordinary Asterisk server installation does not neccessarely need that amount of open ports to "work".

First of all the IAX2 protocoll normally useses only one port, UDP 4569 and can be used for (some) clients and for server to server connections. (I also use UDP 53 as an alternative, to come trough from "everywhere".)

For SIP I have configured my Asterisk server to use only a few ports: UDP 5060 + UDP 10000-10010. (By nature I don't like to see a wide range of open ports, so I will automatically start to reduce it down to smething less, just an idea.)

It have worked fine for a couple of years. I have allways believed that the reason it works is due to a low level of traffic in a private home, and that more traffic will require more open ports. (But this is just a some kind of believe, I dont know if its right.)

This setup is used for a "manually configured" standard Asterisk server.

Confiuration of UDP 4569 for IAX2: iax.conf
Configuration of UDP 5060 for SIP/calling: sip.conf
Configuration of UDP 10000-10010 for SIP/voice: rtp.conf

I think Skype does not use TCP 80 or 443 as first or default ports. Those are both "backup ports" if the standard ports don't work. I did some traffic analysis on Skype before, but I forget. I think it were some other TCP ports.

And to fresh up my memory, I Googled a bit: http://www.skype.com/help/guides/firewalls/technical.html

It looks like it would be difficult to give some priority to Skype, but for IAX2 and SIP, it should actually be possible (!!??)

I don't understand this guide completely, but it might give some ideas to get started:
http://www.voip-info.org/wiki/view/Linux+Router

... Well thinking it ower .. the guide from voip-info.org might work directly, and more or less, "as-is" for a Linux gatway router, that has no other purpose than giving priority to ip telehony traffic. It will on the other side not work at all as an "as-is" implementation at the SME server, that has a bit more complex traffic pattern than "the pure Linux router". 
« Last Edit: November 07, 2009, 01:40:04 PM by arne »
......