Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shaping VOIP within DMZ

    Scheduled Pinned Locked Moved Traffic Shaping
    2 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dunji
      last edited by

      Hi

      I could need some help on configuring our traffic shaper. We have some severe problems with the VOIP system, resulting in dropouts until no conversation is possible anymore, although we are only 4 people using VOIP phones all together.

      Here is our topology: We have 2 MB S-Dsl-Line to the outside. Then we have a DMZ with two web and DB-servers and the LAN. Our VOIP phones are Snom IP-phones and are connected on the DMZ. Next we have the LAN, where the users are surfing and moving document from/to the WAN and DMZ. Internally all interfaces hang on 100Mb switches, as well as the router itself (inside and outside).

      Now, the top priority is the VOIP-traffic, which should never ever drop. Then second is the Webservers traffic in the DMZ. Third, there should always be about 300-500kB left for the LAN-WAN traffiic.

      I tried several possibilities using the Shaper-Wizard, finding that these configurations were fairly useless without finetuning. The VOIP quality has even been better without enabling the traffic shaper at all (except while downloading big files, or watching online videos). Now I am looking for a conservative shaper config, only guaranteeing the VOIP traffic, from where I can emerge further.

      Why is the wizard created configuration so useless, even if I wish to have so simple thins like 1. priorize VOIP and 2. penalty Webservers to 1500MB?
      Then I tried fiddling with qwanAck/qwanDef Bandwith, without really understanding what it is, and without full knowledge how the VOIP traffic differs from other traffic. Finally it got much better, after keeping only the DMZ penalty without the VOIP priorization, but increasing the ACK bandwith to about 20%. But the main problem with this configuration is, that the LAN traffic is taken into account at all.

      Tomorrow I will test another try with the VOIP Prio: Prio 0) WAN-DMZ Total Bandwith 1792kB, Prio 1) qwanDef/qDMZdef 10% (3% realtime), Prio 2) PenaltyUp/Down of the webservers IPs with 5% bandwith (1536kB max), Prio 7) VOIPup/down at 25% (384kB realtime) and finally Prio 7) qwanAcks/qDMZAcks 20% each (with 10% realtime guarantee).

      I did not change any of the conceptual settings of these queues, only fiddling around with bandwiths and limits.
      Any hints, why this should be good or no good?

      Is it wise to copy the rules concerning the DMZ-WAN traffic to limit the DMZ-LAN traffic using the same queues? Or should I create two more root queues for the internal traffic routes and deriving the penalty queues on them? And another two for the limitation of the LAN-WAN traffic?

      Any help is highly appreciated.
      Thank you

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Search around and always keep in mind that you can shape only on 2 interfaces on 1.2.X you have to go to the ALPHA snapshots for something else.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.