Traffic Shaping

Hi there,

I experimented for a while now and also tried some hints I found in the forums, but I can't really find anything that explains the problems I'm having.
Well first of all I set up the TS via the wizard:
(http://www.abload.de/img/wizard12kl.png)


So it generated a few neat rules. Now I found out that the wizard also created a queue named "hated upload" so I thought it might come in handy to use this queue for a single machine on lan that is used as a file server and runs other low priority services.
What I did is create a new rule right before the "catch all upload" rule for this specific machine on LAN.
This is what it looks like:
(http://www.abload.de/img/rulesk443.png)
(The rule is currently disabled)


The problem now is that even if there is no other traffic from other machines, the upload gets heavily throttled, to about 40-60% of the line speed. As soon as I disable the rule again, the upload is used properly.

I even tried the same for the download for this machine, using "hated download", with the same results. I get a nice 1MB/s down without the rule, and around 500kb/s with a rule assigning the traffic from this machine to "hated download."

The CPU load on my m0n0wall is very low all the time, its a 600MHz P3.


Any ideas why this won't work as I expect it to work would be appreciated.

If this is going through the WAN, you go the source mixed up.  If they are coming from the WAN to your file server, your file server is the "destination" since it's the server, not the "source" which would be every one else coming in from the WAN or Internet.

 

Also, this rule needs to be a very top because the first rule to match is the one it uses.  Many of those other rules could match your file server thus bypassing this one near the bottom.

I thought when adding an outgoing rule to WAN, it will be applied before NATing the packets, thus 192.168.0.100 should still be valid. Because if it wouldn't, why does it still have (negative) impact on the upload?
If the source address would already be changed at this point, the rule should have no effect at all, like it would not exist. But it still slows down the upload of this one machine when enabled.

And I did not set the rule to the very top, because I still want ACK packets and DNS requests from this machine to have higher priority.

It applies, but NAT doesn't really fill a role in what you want to do with the traffic shaper.

Hard to explain, easiest way to see, check your firewall states. This will show you exactly how your packets are being processed from an input/ouput perspective and the traffic shaping rules should match along the same format.

So to test, start a file transfer to your file server, check your firewall states to see which direction is which. If your file server IP is in the Destination column, then your traffic shaping rules need to match for the rule to work. The logic of the traffic shaper and the logic "how does computer A connect to computer B" don't always mesh, so that's why I like to refer to the firewall states to clear my confusion when creating new or complex traffic shaping rules.

I can't explain why you get two different transfer rates from your first post other than packet types not matching up exactly like you think the should.

This screen shot might help.

These are priority settings for a website, and e-mail server. The website packets are given a higher priority than the e-mail packets. Why?

Because someone surfing the website are more likely to notice a slow response than those checking their e-mail because e-mail coming in a second slower makes no difference since it's just a bulk transfer. You'll notice the rule at the bottom also sets mail being sent from our e-mail server to another e-mail server is also a lower priority.

The key to the rules is where the connection is initiated. When someone is connecting to the web server, the web server is the "destination", but when our e-mail server is connecting to another e-mail server to send mail, it's in the "source" column because it's the machine that initiated the connection and that is where the flow of packets are going to come from.

Well this is a bit late, but finally I had the time again to take a look at this, and
it seems to work now. I modified my rules to match yours
Thanks!