Traffic Shaping

I have a 1.1 meg sDSL line.
I wanted to make an easy setup.
I don't care about protocols and all that. I just want to give highest priority to a single computer.
Those who manage the internet for their home can utilize this for their own nefarious ends.

Here is my understanding of the shaping on M0n0wall:

Traffic is sent to Rules, then the Rules send the traffic to Queues, and finally the Queues send traffic to Pipes which send traffic to the internet or the local computer.

Lets Begin.

First the Pipes. I need 2; incoming and outgoing.
Each pipe is 950kb because I have 950kb incoming and 950kb outgoing. sDSL remember.

Next the queues: I need 4. One set of incoming and outgoing for high priority and one set of incoming and outgoing for low priority.

To set the priority you assign a number (or weight) to the queue from 1 to 100.

For each set of queues (in and out) I made one 90 weight queue and one 10 weight queue.

Thus I have a 90 weight incoming queue which uses the 950kb incoming Pipe, and 90 weight outgoing queue which uses the the 950kb outgoing Pipe, a 10 weight incoming queue on the 950kb Pipe, and a 10 weight outgoing queue on the 950kb Pipe.

So 2 incoming queues are on the same 950kb incoming pipe, and 2 outgoing queues are on the same 950kb outgoing pipe.

Think of it in terms of percentages.
One queue uses 90 percent of the 950kb incoming pipe and the other queue uses 10 percent of the same 950kb incoming pipe.

Now the rules:
Rules go top down. The topmost rule is applied first. If nothing matches, then the next rule is applied until there are no more rules.

If no rule matches, then the traffic is passed normally and is not shaped at all.
You need a cleanup set of rules to make sure all traffic is shaped, otherwise you do all of this for nothing.

My rules are like this:
first: Target is 90 weight outgoing, Interface is LAN, Source is the ip of my computer, ports are any, destination is any, ports are any. (Remember I'm not messing with specific protocols.) Direction is out.

second: Target is 90 weight incoming queue, Interface is WAN. Source is any, ports are any- destination is the ip of my computer, ports are any. Direction is in.

Cleanup rules.
They are set just like the above 2 rules, but these rules use the 10 weight queues. Also these rules are applied to the lan subnet instead of my computers IP. Basically it means that any computer not mine on the lan gets dumped into these queues.

third: Target is 10 weight outgoing queue, Interface is LAN, Source is Lan Subnet, ports are any, destination is any, ports are any. Remember I'm not messing with specific protocols. Direction is out.

fourth: Target is 10 weight incoming queue, Interface is WAN, Source is any, ports are any- destination is Lan Subnet, ports are any. Direction is in.

The way this should work is everyone has the opportunity to get full bandwith, untill my computer starts sending and receiving internet traffic. Then my computer gets to hog the bandwidth. Nice

Extra fun. What if you have 2 computers you want to have the top priority?
Make another set of rules? Fine, but why make a set of rules for each computer? That could be a lot of typing if you have 50 computers and you want 12 to have top priority. Make 12 sets of rules?

I don't think so.

Instead, go to google and source up a subnet calculator. Type in your network ID and then find a subnet that holds the number of computers you need to have a special rule.

So lets say my network's IP range is 192.168.1.0-192.168.1.255 Mask 255.255.255.0
I have a set of 12 computers I want to get top priority, and the rest can suffer.
I use a subnet calculator and set it to give me subnets that hold a number of IPs closest to the number of computers I need to give priority.
(http://i29.tinypic.com/307syrs.gif)

Which gave me the subnet ID 192.168.1.16/28.
This subnet holds the IPs 192.168.1.17-192.168.1.30. 14 IP addresses.

So instead of making a rule for a single IP or the Lan Subnet, I make a rule for Network and plug in the network ID and Subnet mask bits: 192.168.1.16 and /28.

(http://i26.tinypic.com/qplzpw.gif)

Best part is m0n0wall doesn't really care about the subnet mask so you only have to make sure your computers are in the IP range 192.168.1.17-192.168.1.30.
You don't have to change the subnet mask on the computer either. You can leave it at 255.255.255.0.

Hope this helps.

Thanks, just noticed the handbook dont go into any depths on this subject yet.

But, I must ask, why are there both speed-caps AND weights?
The pipes have a bandwidth, entered in kbps, so isn't that good enough?
Why do you also need some weighting for the queues?

For example I got 2Mbps download, and maybe I want to make sure that none of my pc's can fill it up stealing all bandwidth for the other pc's....cant I just cap them all to 1.7Mbps or so?
Why do we need BOTH speed-cap AND weight?

EDIT: Ok, guess that way everyone CAN fill upp the line properly, but if many are at it at the same time the weights make sure it gets distributed evenly (or however you have set it up)...I guess.

Weights are (very) loosely, percentages of the pipe a host can use when the pipe is full.
So your edit is correct.

I think the thing to watch with pipes is that you don't over do it.
It's possible to make pipes that total up to more then the bandwidth you have.

If you do a 2mb incoming and a 1mb incoming pipe, you are effectively saying that you have 3mb incoming bandwidth.

Not what you wanted to do, which is, give host A 2mb when he needs it, and only give host B the max of 1 meg.

In my case I want to give everyone the possiblilty to have max bandwidth.
The special host is not always on the network, but when it is it should get the most bandwidth.

This way I don't "waste" bandwidth by leaving a big pipe unused when the special host isn't downloading.