ArgentoQoS Tutorial (Updated for version3) Created by: sebas2006, Revised by: nachazo Translated by: brahama December

the 31st of 2006

Qos Definition (Quality of Service) The Internet works with the best effort philosophy. Data packets are routed through the best possible way, according to available routes. When there is congestion, packets are discarded with no distinction. Theres no guarantee. Meanwhile, applications as VoIP and Video, need those guarantees. With QoS its possible to offer some guarantees to these applications. This is done by marking the data packets to distinguish them and create queues according to each applications priority. Introduction This tutorial is mainly for the newcomers to BrazilFW, and want to add this powerful tool from the Argento Series. Main Function: know and modify the variables to personal needs. Secondary Function: Try not to repeat the same questions made by users in the forum. Its recommended to read "jcmr79" tutorial at http://www.copercon739.com/brazil-fw/install_arqos-b3/ NOTE: BrazilFW installation is explained in detail in the link http://www.copercon739.com/brazil-fw/install-2-28/ written by "jcmr79. First, you have to create the BrazilFW diskette with the packages "L7 Filter" and "Advanced Router Options" (in the step 8 of the Assistant). After you have created the diskette, you have to copy the package "argetnoqos.tgz" to the disk. The updated package of argentoqos can be found in: http://www.ladelbarrio.com.ar/nachazo/argentoqos/beta4/argentoqos.tgz

Modifying variables Once BrazilFW is loaded; enter "ARGENTO QOS" in the webadmin. "Edit User Control" (argentoqos/usercontrol.conf) NOTE: as from argentoqos beta4, user control is done by brazilFW, not by argento. This is for versions 3 and prior. At the Top we find "User Control" Press "Editar Usuarios" ("Edit Users") and modify it according to your interests. access 192.168.1.48 00:11:D8:76:F3:24 deny 192.168.1.49 access 192.168.1.48 00:11:D8:76:F3:24 means that we are giving access to ip 192.168.1.48 only when the network interface has MAC 00:11:D8:76:F3:24 deny 192.168.1.49, denies access to IP 192.168.1.49 Last, we backup. "Edit rc.local" (/etc/rc.d/rc.local) Example "/etc/rc.d/rc.local"; #!bin/sh # Brazil Local Command Init Script /argentoqos/qosbr start /argentoqos/usercontrol start These commands activate each function during the system startup. Note that in the webadmin in argentoqos each command is put as /argentobr/qosbr start and /argentobr/usercontrol start. This is a small bug. Remember to put /argentoqos/. NOTE: Usercontrol has a bug. The solution is in the last pages of this document. Then, Backup to save modifications. And Last... In the "Acciones" ("Actions") part, in the middle, you can find, "Editar Script QOS"(Edit Script QOS), "Editar Filtrado"(Edit Filtering) and "Editar Script Variables"(Edit Script Variables). We will explain them, next.

"Edit Script QOS" (/argentoqos/class.conf) Now you put the values for each ip or subnet... automatically the QOS levels will be generated for each class_id and/or simple_class_id. You can also use block_l7 and conlimit. Example /argentoqos/class.conf ####block layer 7#### block_l7 ares block_l7 bittorrent ####class_id y simple_class_id#### class_id 48 16 64 24 128 192.168.1.0/24 simple_class_id 47 16 64 16 128 192.168.1.47 ####conlimit#### conlimit 48 80 conlimit_ip 192.168.1.47 70 conlimit_ip 192.168.2.0/24 50 First we will explain the two types of classes: class_id: It administers by subnets. It administers by IP. Gives Quality of Service. It takes the variables from filter and gives priority according to the script. simple_class_id: Simple cases. Doesnt have filtering (of any kind). Doesnt give priorities. It limits an IP or subnet to a certain speed. Second, the lines "class_id" and "simple_class": 48 is the Id. of the class, 16 is the minimum upload, 64 is the maximum upload, 24 is the minimum download, 128 is the maximum download, 192.168.1.0/24 is the subnet to which we determine the speed. 192.168.1.47 is the IP to which we determine the speed. The lines "conlimit": conlimit 48 80 limits the class id 48 to 80 simultaneous connections. conlimit_ip 192.168.1.47 70 limits the IP 192.168.1.47 to 70 simultaneous connections. conlimit_ip 192.168.2.0/24 50 limits the entire subnet 192.168.2.0 to 50 simultaneous connections.

Last: block_l7 ares means we block the layer 7 protocol, which in this case is the application Ares. block_l7 bittorrent means the same as above but for application Bit Torrent. "Edit Filter" (/argentoqos/filter.conf) We put the filters that will be applied to each class id Example /argentoqos/filter.conf: #sub_ultra_high_l7_updown dns sub_norm_l7_updown skypetoskype #sub_ultra_high_port_updown udp 53 # DNS sub_ultra_high_port_updown tcp 6901 #voz msn sub_ultra_high_port_updown udp 6901 #voz msn sub_ultra_high_port_updown tcp 5631 #pcanywhere sub_ultra_high_port_updown udp 5631 #pcanywhere sub_ultra_high_port_updown tcp 5800 #vnc sub_ultra_high_port_updown tcp 5900 #vnc sub_ultra_high_port_updown tcp 8001:8002 sub_ultra_high_port_updown udp 8001:8002 sub_ultra_high_port_updown udp 5000:5010 #yahoo voice chat sub_ultra_high_port_updown udp 22 sub_ultra_high_port_updown tcp 22 sub_ultra_high_port_updown udp 27000:27039 sub_ultra_high_port_updown tcp 27000:27039 sub_high_l7_down html sub_high_l7_down gif sub_high_l7_down jpeg #sub_high_port_down tcp 443 #htpps #sub_norm_port_up tcp 443 #https sub_high_l7_updown ssl sub_high_port_updown udp 500 sub_high_port_updown udp 4500 sub_high_port_updown udp 10001 #vpn esteban pedro varela sub_norm_port_down tcp 110 sub_norm_port_down tcp 80 sub_norm_port_updown tcp 6891:6900 #msn file transfer #sub_norm_port_updown tcp 2083 #web mmhost sub_norm_l7_up html sub_norm_l7_up gif sub_norm_l7_up jpeg sub_norm_l7_up ftp sub_norm_l7_up msnmessenger #sub_norm_port_updown tcp 1863 sub_bulk_l7 pdf sub_bulk_l7 exe sub_bulk_l7 rar sub_bulk_l7 zip

sub_bulk_l7 quicktime sub_bulk_l7 httpvideo sub_bulk_l7 http-dap sub_bulk_l7 flash sub_low_port_updown tcp 20:21 sub_norm_l7_down msnmessenger sub_low_port_updown tcp 25 sub_low_port_updown tcp 10051:10070 #irc file transfer sub_low_port_updown tcp 5100 # yahoo webcam sub_low_port_updown tcp 5101 # yahoo messages sub_low_port_up tcp 110 sub_low_port_up tcp 80 sub_trash_port tcp 4662 sub_trash_port udp 4672 sub_trash_port tcp 1157 sub_trash_port tcp 6112 sub_trash_port tcp 21656 sub_trash_port tcp 6881 sub_trash_port tcp 1214 sub_trash_port tcp 6346 sub_trash_port tcp 20294 sub_trash_port tcp 32459 sub_trash_port tcp 64000:65535 sub_trash_port udp 64000:65535 sub_trash_l7 edonkey sub_trash_l7 bittorrent #sub_trash_l7 directconnect #sub_trash_l7 fasttrack #sub_trash_l7 soulseek #sub_proxy_port tcp 80 # Lets check this out: sub_ultra_high = max. priority sub_high = high priority sub_norm = normal priority sub_bulk = subnormal priority (Its thought for massive downloads as ftp, rar, pdf , isos, etc. It is given great bandwidth but we limit it by priority. Upload of "sub_bulk" is defined in "sub_low") sub_low = low priority sub_trash = lower priority (garbage) sub_unknow = priority for the unknown NOTE: These priorities will be ordered in the file "/argentoqos/variables.conf", which is explained later.

The second part is: l7_* = to some layer 7 (OSI model) protocol. port_ *_ tcp = to some TCP port. port_*_udp = to some UDP port. *: This wildcard can be: up = the priority is only applied to the Upload . down = the priority is only applied to the Download. updown = It applies to both, upload and download. So, taking the example of the previous lines: sub_ultra_high_port_updown tcp 6901 #voz msn means max. priority to port TCP 6901 for down and up. sub_norm_l7_updown skypetoskype means normal priority to layer7 protocol skype for up and down. We have defined the filters. Now we pass to the variables. "Edit Script Variables" (/argentoqos/variables.conf) Example: #Definimos velocidad de LAN LAN_UP="80000" LAN_DOWN="80000" #Definimos velocidad de Internet QOSBR_UP="115" QOSBR_DOWN="240" #Definimos Placas de Red IF_LOCALBR="eth0" IF_WAN="eth1" #Definimos Maximos por clase de trfico porcentaje_ceil_ultra_high="99" porcentaje_ceil_high="80" porcentaje_ceil_norm="60" porcentaje_ceil_low="50" porcentaje_ceil_bulk="80" porcentaje_ceil_trash="35" porcentaje_ceil_unknow="25" #Definimos Mnimos garantizados por clase de trfico (la suma de las clases no debe superar el %100) porcentaje_rate_ultra_high="40" porcentaje_rate_high="30" porcentaje_rate_norm="10" porcentaje_rate_low="5" porcentaje_rate_bulk="5" porcentaje_rate_trash="1" porcentaje_rate_unknow="9"

#Definimos los maximos que se tienen a la noche porcentaje_ceil_high_night="97" porcentaje_ceil_norm_night="95" porcentaje_ceil_bulk_night="95" porcentaje_ceil_low_night="95" porcentaje_ceil_trash_night="95" porcentaje_ceil_unknow_night="95" #Definimos que prioridad tendr cada clase de trfico prio_class="1" prio_ultra_high="2" prio_high="3" prio_norm="4" prio_low="5" prio_bulk="6" prio_trash="7" prio_unknow="7" prio_lan="2" #No tocar este valor.... bridgemode="no" ####VARIABLES NO FUNCIONALES###### national="yes" country="AR" international_speed="70" I think it is self explanatory. But, we will describe each one of them: Defining speed and identifying network devices. LAN_UP= real upload speed from our LAN (80mbps in this case) LAN_DOWN= real download speed from our LAN (80mbps again) QOSBR_UP= upload speed from our ISP QOSBR_DOWN= download speed from our ISP IF_LOCALBR= the NIC (network interface) connected to our LAN (eth0) IF_WAN= the NIC connected to Internet (eth1) Defining maximum and minimum by traffic class Examples: porcentaje_ceil_ultra_high="99" means that we give, as max, the 99% of the speed, to the max priority. porcentaje_rate_norm="10" means that we give as min. the 10% of the speed, to the normal priority. porcentaje_ceil_low_night="95" means that we give as min, the 95% the speed, to the low priority during the night*. (The night schedule is established with "cron", and it is explained in detail later in this tutorial.)

Arranging Priorities We assign the priorities for each filter we configure in the file /argentoqos/filter.conf prio_class 1 prio_ultra_high 2 prio_high 3 prio_norm 4 prio_slow 5 prio_bulk 6 prio_trash 7 prio_unknow 7 (This is the lowest priority). prio_lan 2 Once you have finished, press "Start QoS", or backup and restart.

Using "cron" to establish the night schedule...

If we want to use the night schedule to enhance the p2p speed during the night, you must follow these steps: 1. Go to "Scheduled Tasks" from BrazilFW menu. 2. Enable Cron Enable Scheduled Task Process (Cron) - Yes If this wasn't enabled you must backup and restart BrazilFW. 3. In the Scheduled Tasks menu. 4. Go to "Edit Tasks File" If, for example, we want the night schedule to start at 11pm and end at 6am next morning, we will add these lines: 00 23 * * * /argentoqos/qosbr stop 01 23 * * * /argentoqos/qosnight start 59 05 * * * /argentoqos/qosnight stop 00 06 * * * /argentoqos/qosbr start NOTE: Between 11pm and 11:01pm and between 5:59am and 6am the QoS function will be disabled. 5. Press OK 6. Backup, and done. You can edit the cron file and change the night hour to your needs. Thanks to:

nachazo, gamba47, juanillo, jcmr79, coyotex ...and to all the persons which directly or indirectly help BrazilFW to grow. References: QoS Definition: http://www.rnp.br/es/qos/sobre.html All the information given by the Spanish forum users.