IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

http://mum.mikrotik.com/presentations/AR09/mario_clep.pd


Sovint les paraules Qualitat de Servei (en anglès QoS o Quality of Service) i Control de Trànsit (en anglès Traffic Control) s'utilitzen com a sinònims.

Traffic control és el nom que es dona als mecanismes i/o conjunt de sistemes de cues (en anglès queues) que controlen com els paquets són transmesos en un dispositiu de xarxa. La qualitat de servei és sol aplicar en controladors però també es possible aplicar-la en commutadors/bridges o nodes finals com estacions de treball o servidors.

Aquests mecanismes s'encarreguen de decidir quins paquets (i quan) són acceptats per ser transmesos o rebuts i sovint també controlen el rate és a dir la quantitat de paquets per segon. Al controlar l'ordre en que es transmeten/reben els paquets es pot prioritzar certs paquets respecte a d'altres aplicant d'aquesta forma el control de trànsit.

En la majoria de casos s'aplica una Qualitat de Servei predefinida bàsica que se sol basar en les cues FIFO (First In first Out). Aquestes cues simplement encuen els paquets el l'ordre que arriben i els proporcionen al hardware a la màxima velocitat (rate) que el dispositiu suporta.

Les diferents formes en que una cua pot processar els paquets és el que es coneix com a disciplina de cua en anglès queues discipline que se sol abreviar a Linux com a qdisc

IMPORTANT: La disciplina de cua per defecte a Linux és pfifo_fast, que bàsicament és 3 cues FIFOS que tenen en compte diferents tipus de serveis per prioritzarlos de forma bàsica

Quan aplicar Qualitat de servei? Cas pràctic simple

In the case of a desktop machine and an efficient webserver sharing the same uplink to the Internet, the following contention for bandwidth may occur. The web server may be able to fill up the output queue on the router faster than the data can be transmitted across the link, at which point the router starts to drop packets (its buffer is full!). Now, the desktop machine (with an interactive application user) may be faced with packet loss and high latency. Note that high latency sometimes leads to screaming users! By separating the internal queues used to service these two different classes of application, there can be better sharing of the network resource between the two applications.


Traffic control is the set of tools which allows the user to have granular control over these queues and the queuing mechanisms of a networked device. The power to rearrange traffic flows and packets with these tools is tremendous and can be complicated, but is no substitute for adequate bandwidth.

Packet Switched networks vs Circuit Switched Networks

Altres exemples pràctics

http://etxea.net/docu/qos/presentacion.pdf

Common traffic control solutions

Limit total bandwidth to a known rate; TBF, HTB with child class(es)

Limit the bandwidth of a particular user, service or client; HTB classes and classifying with a filter. traffic.


Maximize TCP throughput on an asymmetric link; prioritize transmission of ACK packets, wondershaper.


Reserve bandwidth for a particular application or user; HTB with children classes and classifying.


Prefer latency sensitive traffic; PRIO inside an HTB class.


Managed oversubscribed bandwidth; HTB with borrowing.


Allow equitable distribution of unreserved bandwidth; HTB with borrowing.


Ensure that a particular type of traffic is dropped; policer attached to a filter with a drop action.


Remember, too that sometimes, it is simply better to purchase more bandwidth. Traffic control does not solve all problems!

Avantatges e inconvenients

TODO:

Avantatges


When properly employed, traffic control should lead to more predictable usage of network resources and less volatile contention for these resources. The network then meets the goals of the traffic control configuration. Bulk download traffic can be allocated a reasonable amount of bandwidth even as higher priority interactive traffic is simultaneously serviced. Even low priority data transfer such as mail can be allocated bandwidth without tremendously affecting the other classes of traffic.


In a larger picture, if the traffic control configuration represents policy which has been communicated to the users, then users (and, by extension, applications) know what to expect from the network.

Disdvantages


Complexity is easily one of the most significant disadvantages of using traffic control. There are ways to become familiar with traffic control tools which ease the learning curve about traffic control and its mechanisms, but identifying a traffic control misconfiguration can be quite a challenge.


Traffic control when used appropriately can lead to more equitable distribution of network resources. It can just as easily be installed in an inappropriate manner leading to further and more divisive contention for resources.


The computing resources required on a router to support a traffic control scenario need to be capable of handling the increased cost of maintaining the traffic control structures. Fortunately, this is a small incremental cost, but can become more significant as the configuration grows in size and complexity.


For personal use, there's no training cost associated with the use of traffic control, but a company may find that purchasing more bandwidth is a simpler solution than employing traffic control. Training employees and ensuring depth of knowledge may be more costly than investing in more bandwidth.


Although traffic control on packet-switched networks covers a larger conceptual area, you can think of traffic control as a way to provide [some of] the statefulness of a circuit-based network to a packet-switched network.

Conceptes

IMPORTANT: Amb les cues determinem la forma en que les dades són ENVIADES. És important adonar-se que només podem modelar (shape) les dades que enviem no les que rebem

With the way the Internet works, we have no direct control of what people send us. It's a bit like your (physical!) mailbox at home. There is no way you can influence the world to modify the amount of mail they send you, short of contacting everybody.

However, the Internet is mostly based on TCP/IP which has a few features that help us. TCP/IP has no way of knowing the capacity of the network between two hosts, so it just starts sending data faster and faster ('slow start') and when packets start getting lost, because there is no room to send them, it will slow down. In fact it is a bit smarter than this, but more about that later.

This is the equivalent of not reading half of your mail, and hoping that people will stop sending it to you. With the difference that it works for the Internet :-)

If you have a router and wish to prevent certain hosts within your network from downloading too fast, you need to do your shaping on the *inner* interface of your router, the one that sends data to your own computers.

You also have to be sure you are controlling the bottleneck of the link. If you have a 100Mbit NIC and you have a router that has a 256kbit link, you have to make sure you are not sending more data than your router can handle. Otherwise, it will be the router who is controlling the link and shaping the available bandwith. We need to 'own the queue' so to speak, and be the slowest link in the chain. Luckily this is easily possible.

Queues

Les cues són la base del control de trànsit i són un concepte crucial. Les cues solen ser memòries (buffer) que contenen un nombre finit d'elements esperant per a ser atesos per un servei. En xarxes el servei és l'enviament a través d'un dispositiu de xarxa. normalment una interfície de xarxa.

La unitat més normal d'una cua és el nombre de paquets que pot emmagatzemar abans de ser transmesos.

IMPORTANT: Observeu que si el hardware i/o l'ampla de banda/troughtput disponible es molt més gran que l'utilitzat les cues estan sempre buides. Per tant en aquest cas la qualitat de servei és inútil (no s'arriben a ordenar ni prioritzar mai els paquets al no entrar a la cua). De la mateixa forma si les cues estan sempre saturades els paquets no arriben ni a entrar a la cua i per tant no hi cap millora pel fet d'aplicar qualitat de servei. Per tant la qualitat de servei té sentit quan els sistemes estan a prop del 100% de la seva capacitat teòrica però sense sobrepassar aquesta capacitat de forma sistemàtica. Si la capacitat es sobrepassa de forma sistemàtica la única solució és millorar l'ampla de banda

El mecanisme de cua més simple és el FIFO. Aquesta cua no proporciona cap tipus de control de trànsit.

Les cues esdevenen interessants alhora d'aplicar control de trànsit quan s'apliquen cues més complexes o encara més sovint s'apliquen diferents tipus de cues i amb més complexitat que FIFO (retards, reordenament de paquets, eliminar paquets (provocant que el trànsit TCP s'autoreguli pel mecanisme de sincronització de TCP)) i també aplicant cues en paral·lel i/o de forma jeràrquica (subcues).

Cal tenir el compte que el mecanisme de cues s'aplica a nivell de sistema operatiu i per tant les capes de software no veuen les complexitats de la cua, veuen simplement una cua simple de paquets que arriben o surten de forma ordenada.

Tipus de cues:

  • root qdisc: Esta es la cola que esta unida al dispositivo de red (la cola principal) c
  • Cues sense classe (Classless queues): un tipus de cua que no permet la subdivisió interna en altres cues (subcues)
  • Cues amb classes (Classful queues): Tipus de cua que a lseu interior permet classes. Les classes pode ser subclasses o cues.

Disciplines de cua

Cues sense classe
  • pfifo_fast: El primero que llega primero se va :) Tiene 3 bandas de prioridades, el kernel mira el TOS (tipo de servicio) y en función de ello lo manda a una banda u otra. Teóricamente es una cola con clases(las 3 bandas de prioridad), pero de cara al usuario se puede considerar sin clases, ya que no podemos modificarlas
  • Token Bucket Filter (TBF):. Esta cola limita a un ancho de banda concreto aunque permite pequeñas ráfagas a mayor velocidad. Útil para lograr que la cola de paquetes a enviar este en la maquina linux y no en el router adsl o cablemode.
  • Stochastic Fairness Queueing (SFQ): Básicamente lo que hace es un reparto equitativo entre todas las conexiones abiertas. Muy útil para evitar que un puesto acapare todo el ancho de banda.
  • Random Early Drop: Para usos avanzados en backbones...
Cues amb classe
  • PRIO:
  • CBQ: La mas completa y la mas complicada de entender/configurar. En esta cola se juega con los tiempos de retardo de los paquetes (shaping).
  • HTB (Hierarchical Token Bucket): és mas sencilla de manejar que CQB. Ideal para cuando queremos dividir u

Flows

Un fluxe o flow és una connexió entre dos màquines. Si parlem de TCP o UDP estem parlant que un flow és el conjunt de paquets que s'envien a través d'una connexió TCP (amb UDP no utilitzem el terme connexió però també tenim un flux entre dos màquines)

Els mecanismes de control de trànsit solen classificar els paquets el fluxes també anomenats classes de fluxes. També se sol utilitzar l'agregació per agregar tots els fluxes d'un mateix tipus en un sol flux agregat (p.ex. DiffServ)

També es possible que s'apliqui un equalitzador, és a dir un mecanisme que reparteixi de forma equitativa i igualitària el ampla de banda disponible entre diferents fluxes del mateix tipus. És a dir s'intenta que diferents fluxes que competeixen per al mateix recurs (ampla de banda) l'utilitzin de forma quitativa. Això eés molt important sobretot front certs protocols "agressius" com P2P que solen obrir múltiples connexions en paral·lel per tal de maximitzar l'ús de l'ampla de banda disponible.

Tokens and buckets

Són dos dels conceptes més importants:

  • Tokens: La forma més senzilla d'entendre els tokens és un analogia. En un parc d'atraccions per pujar a una atracció sol haver una cua. Suposeu la típica atracció on els visitants de la cua (en la nostra analogia els visitants són els paquets) entren a l'atracció (la interfície de xarxa) esperant l'arribada d'un "tren" on els paquets poden col·locarse per tal d'entrar a l'atracció. Aquest tren és el token. Es tracta d'un mecanisme de limitació de l'ampla de banda o rate (rate-limiting mechanism o shaping) ja que només un cert nombre de persones (paquets) poden experimentar l'atracció ("ser enviats per la interfície de xarxa"). La traducció de la paraula token és testimoni o fitxa. Només els paquets que tenen el testimoni o fitxa poden utilitzar la interfície de xarxa.
  • Buckets: La traducció de bucket és cubell. Continuant amb l'analogia anterior el conjunt de vagons del tren (els tokens) arriben a una velocitat predefinida i tenen una capacitat màxima. Els buckets són importants per tal d'entendre el trànsit que funciona a rafegues com per exemple el trànsit HTTP. La disciplina de cua TBF és un exemple clàssic de shapper. The TBF generates rate tokens and only transmits packets when a token is available. Tokens are a generic shaping concept.

TODO: per que? Per que és més complex fer-ho paquet a paquets que token a token? : In order to control the rate of dequeuing, an implementation can count the number of packets or bytes dequeued as each item is dequeued, although this requires complex usage of timers and measurements to limit accurately. Instead of calculating the current usage and time, one method, used widely in traffic control, is to generate tokens at a desired rate, and only dequeue packets or bytes if a token is available.


In the case that a queue does not need tokens immediately, the tokens can be collected until they are needed. To collect tokens indefinitely would negate any benefit of shaping so tokens are collected until a certain number of tokens has been reached. Now, the queue has tokens available for a large number of packets or bytes which need to be dequeued. These intangible tokens are stored in an intangible bucket, and the number of tokens that can be stored depends on the size of the bucket.


This also means that a bucket full of tokens may be available at any instant. Very predictable regular traffic can be handled by small buckets. Larger buckets may be required for burstier traffic, unless one of the desired goals is to reduce the burstiness of the flows.


In summary, tokens are generated at rate, and a maximum of a bucket's worth of tokens may be collected. This allows bursty traffic to be handled, while smoothing and shaping the transmitted traffic.


The concepts of tokens and buckets are closely interrelated and are used in both TBF (one of the classless qdiscs) and HTB (one of the classful qdiscs). Within the tcng language, the use of two- and three-color meters is indubitably a token and bucket concept.

Paquets i trames

The terms for data sent across network changes depending on the layer the user is examining. This document will rather impolitely (and incorrectly) gloss over the technical distinction between packets and frames although they are outlined here.


The word frame is typically used to describe a layer 2 (data link) unit of data to be forwarded to the next recipient. Ethernet interfaces, PPP interfaces, and T1 interfaces all name their layer 2 data unit a frame. The frame is actually the unit on which traffic control is performed.

IMPORTANT: A packet, on the other hand, is a higher layer concept, representing layer 3 (network) units. The term packet is preferred in this documentation, although it is slightly inaccurate!!!

Recursos:


Fluxe dels paquets

Recursos:

Elements tradicionals del control de trànsit

Shapers

Shapers delay packets to meet a desired rate.

Shaping is the mechanism by which packets are delayed before transmission in an output queue to meet a desired output rate. This is one of the most common desires of users seeking bandwidth control solutions. The act of delaying a packet as part of a traffic control solution makes every shaping mechanism into a non-work-conserving mechanism, meaning roughly: "Work is required in order to delay packets."

Viewed in reverse, a non-work-conserving queuing mechanism is performing a shaping function. A work-conserving queuing mechanism (see PRIO) would not be capable of delaying a packet.

Shapers attempt to limit or ration traffic to meet but not exceed a configured rate (frequently measured in packets per second or bits/bytes per second). As a side effect, shapers can smooth out bursty traffic [4]. One of the advantages of shaping bandwidth is the ability to control latency of packets. The underlying mechanism for shaping to a rate is typically a token and bucket mechanism. See also Section 2.7 for further detail on tokens and buckets.

Scheduling

Schedulers arrange and/or rearrange packets for output.


Scheduling is the mechanism by which packets are arranged (or rearranged) between input and output of a particular queue. The overwhelmingly most common scheduler is the FIFO (first-in first-out) scheduler. From a larger perspective, any set of traffic control mechanisms on an output queue can be regarded as a scheduler, because packets are arranged for output.


Other generic scheduling mechanisms attempt to compensate for various networking conditions. A fair queuing algorithm (see SFQ) attempts to prevent any single client or flow from dominating the network usage. A round-robin algorithm (see WRR) gives each flow or client a turn to dequeue packets. Other sophisticated scheduling algorithms attempt to prevent backbone overload (see GRED) or refine other scheduling mechanisms (see ESFQ).

Classifying

Classifiers sort or separate traffic into queues.

Classifying is the mechanism by which packets are separated for different treatment, possibly different output queues. During the process of accepting, routing and transmitting a packet, a networking device can classify the packet a number of different ways. Classification can include marking the packet, which usually happens on the boundary of a network under a single administrative control or classification can occur on each hop individually.


The Linux model (see Section 4.3) allows for a packet to cascade across a series of classifiers in a traffic control structure and to be classified in conjunction with policers (see also Section 4.5).

Policing

Policers measure and limit traffic in a particular queue.

Policing, as an element of traffic control, is simply a mechanism by which traffic can be limited. Policing is most frequently used on the network border to ensure that a peer is not consuming more than its allocated bandwidth. A policer will accept traffic to a certain rate, and then perform an action on traffic exceeding this rate. A rather harsh solution is to drop the traffic, although the traffic could be reclassified instead of being dropped.


A policer is a yes/no question about the rate at which traffic is entering a queue. If the packet is about to enter a queue below a given rate, take one action (allow the enqueuing). If the packet is about to enter a queue above a given rate, take another action. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does.

Dropping

Dropping discards an entire packet, flow or classification.

Dropping a packet is a mechanism by which a packet is discarded.

Marking

Marking is a mechanism by which the packet is altered.

IMPORTANT: This is not fwmark. The iptablestarget MARKand the ipchains--markare used to modify packet metadata, not the packet itself.

Traffic control marking mechanisms install a DSCP on the packet itself, which is then used and respected by other routers inside an administrative domain (usually for DiffServ).

Sistemes operatius

QoS a Linux

Vegeu tc

QoS a mikrotik

http://wiki.mikrotik.com/wiki/Manual:PCC
http://wiki.mikrotik.com/wiki/Manual:Connection_Rate
http://matarosensefils.net/wiki/index.php?n=InstalLacions.PropostaQoS

Script per crear regles routerOS per a fer qualitat de servei en supernodes guifi:

#!/bin/bash

if [ ! $1 ]
then
  echo "
Usage:
  ./qos-guifi.sh interface bps

Ex:
  ./qos-guifi.sh wlan1 4000000

802.11b 4MBytes/s  ~= 4000000 bps
802.11g 10MBytes/s ~= 8000000 bps
  "
  exit
fi

IFACE=$1
MAXB=$2


echo "
/ queue tree 
add name=\"$IFACE-qdisc\" parent=$IFACE packet-mark=\"\" limit-at=0 \\
    queue=wireless-default priority=8 max-limit=$MAXB \\
    burst-limit=0 burst-threshold=0 burst-time=0s disabled=no 
add name=\"$IFACE-interactive\" parent=$IFACE-qdisc packet-mark=$IFACE-interactive \\
    limit-at=$[$MAXB/32] queue=wireless-default priority=1 max-limit=$MAXB \\
    burst-limit=0 burst-threshold=0 burst-time=0s disabled=no 
add name=\"$IFACE-fast\" parent=$IFACE-qdisc packet-mark=$IFACE-fast limit-at=$[$MAXB/32] \\
    queue=wireless-default priority=2 max-limit=$MAXB burst-limit=0 \\
    burst-threshold=0 burst-time=0s disabled=no 
add name=\"$IFACE-internet\" parent=$IFACE-qdisc packet-mark=$IFACE-internet \\
    limit-at=$[$MAXB/4] queue=default priority=3 max-limit=$MAXB burst-limit=0 \\
    burst-threshold=0 burst-time=0s disabled=no 
add name=\"$IFACE-guifi\" parent=$IFACE-qdisc packet-mark=$IFACE-guifi limit-at=$[$MAXB/8] \\
    queue=wireless-default priority=4 max-limit=$MAXB burst-limit=0 \\
    burst-threshold=0 burst-time=0s disabled=no 
add name=\"$IFACE-bulk\" parent=$IFACE-qdisc packet-mark=$IFACE-bulk limit-at=$[$MAXB/16] \\
    queue=synchronous-default priority=7 max-limit=$MAXB burst-limit=0 \\
    burst-threshold=0 burst-time=0s disabled=no
"


echo "
/ ip firewall mangle 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-bulk passthrough=no \\
    out-interface=$IFACE protocol=tcp connection-type=ftp comment=\"$IFACE - FTP\" disabled=no 
add chain=forward action=mark-packet new-packet-mark=$IFACE-bulk passthrough=no \\
    p2p=direct-connect out-interface=$IFACE comment=\"$IFACE - Direct Connect\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-interactive passthrough=no \\
    out-interface=$IFACE protocol=ospf comment=\"$IFACE - ospf\" disabled=no
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-interactive passthrough=no \\
    out-interface=$IFACE protocol=bgp comment=\"$IFACE - bgp\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-internet passthrough=no \\
    out-interface=$IFACE src-port=3128 protocol=tcp comment=\"$IFACE - Proxy\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-internet passthrough=no \\
    out-interface=$IFACE src-port=1194-1196 protocol=tcp comment=\"$IFACE - OpenVPN\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-interactive passthrough=no \\
    out-interface=$IFACE protocol=icmp comment=\"$IFACE - ping\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-fast passthrough=no \\
    out-interface=$IFACE dst-port=22 protocol=tcp comment=\"$IFACE - SSH \(in\)\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-fast passthrough=no \\
    out-interface=$IFACE src-port=22 protocol=tcp comment=\"$IFACE - SSH \(out\)\" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-interactive passthrough=no \\
    tcp-flags=ack out-interface=$IFACE protocol=tcp comment=\"$IFACE - TCP ACK\" disabled=yes
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-interactive passthrough=no \\
    tcp-flags=syn out-interface=$IFACE protocol=tcp comment=\"$IFACE - TCP SYN\" disabled=yes 
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-interactive passthrough=no \\
    out-interface=$IFACE src-port=53 protocol=udp comment=\"$IFACE - DNS\" disabled=no 
add action=mark-packet chain=postrouting comment=\"$IFACE - SSH (out)\" disabled=no \\
    new-packet-mark=$IFACE-fast out-interface=$IFACE passthrough=no protocol=tcp src-port=22
add action=mark-packet chain=postrouting comment=\"$IFACE - SSH (in)\" disabled=no dst-port=22 \\
    new-packet-mark=$IFACE-fast out-interface=$IFACE passthrough=no protocol=tcp
add chain=postrouting action=mark-packet new-packet-mark=$IFACE-guifi passthrough=no \\
    out-interface=$IFACE comment=\"$IFACE - Other\" disabled=no  packet-mark=!$IFACE-bulk
"

Vegeu també

Enllaços externs