This webconfig app will let you get under the skin of the bandwidth rules created by ClearOS. Ever wanted to check whether the rules you have in place are effective? matching the intended traffic, and are prioritising / capping traffic? well now you can. This app was inspired by the TCCS (tc class statistics parser)

Info
The bandwidth system consists of two intermediate queueing devices (imq) that sit between the ClearOS box and the internet. These devices filter upload and download traffic and prioritise according to the defined rules. The app will display each of the rules on each interface, whether packets are being dropped, over the limits, or creating a backlog. It will also show which classes are consistently borrowing traffic from others.

Bandwidth is distributed between all the classes according to their rate, and their priority. When a class needs more traffic than it's rate it will attempt to borrow more from the parent class. The priority in which traffic is borrowed and shared is based on the priority of the class. Each class can borrow more traffic up to the ceiling limit. You can artificially limit traffic by setting the ceiling limit lower than your upload.

The top table will list all rules which have seen traffic since the firewall was restarted. It's essentially a static snapshot - refresh the page to see updates....(todo: use AJAX to update the table)

Install
To install simply setup the community repo with instructions here HERE

yum --enablerepo=timb install app-bandwidth-monitor

Navigate to Gateway > Bandwidth and QOS > Bandwidth Monitor

What this app doesn't do....record bandwidth usage or log bandwidth totals, sorry!

Lessons learnt- all other traffic not specified by your bandwidth rules end up in the standard 1:2 class. This is hard coded to have a low priority and 1/8th of your upload. It maybe obvious but to maintain maximum throughput and interactivity you should create rules for all traffic that rely on packets being passed in a timely manner. Namely SSH (port 22), DNS (port 53), VOIP, Gaming UDP ports. Everything else can be left as bulk traffic. Or if you wish to limit P2P create a rule for that but limit the Ceiling slightly lower than your upload.

For all things bandwidth related see this excellent guide
http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm

Tricks!
since i've been learning a lot about how the bandwidth system goes together, there are a couple of tweaks which originate from the wondershaper scripts that you can apply to the bandwidth system here:-

Prioritise small ACK and ICMP packets. Run the following from the console:-

#create upload class for low traffic. Set ceil to your upload limit. Because ACK and ICMP packets are only applied to packets <64bytes, you can safely use a value of 50kbit here.

tc class add dev imq0 parent 1:1 classid 1:3 htb rate 50000bit ceil [YOURVALUE]bit prio 0



## create a new filter class that matches acks the hard way, and passes it to our new class above 1:3.

tc filter add dev imq0 parent 1:0 protocol ip prio 1 u32 \

            match ip protocol 6 0xff \

            match u8 0x05 0x0f at 0 \

            match u16 0x0000 0xffc0 at 2 \

            match u8 0x10 0xff at 33 \

            flowid 1:3



# do the same for ICMP packets

tc filter add dev imq0 parent 1:0 protocol ip prio 1 u32 \

            match ip protocol 1 0xff \

            match u8 0x05 0x0f at 0 \

            flowid 1:3

Note both rules only apply to packets <64bytes, as ACK and ICMP can have some payload which we don't want to prioritise. To show off to your friends once these are in place you should try and max out your upload whilst demonstrating a very low ping!

This application doesn't do anything amazingly special, but if you want to understand a bit more about how your bandwidth rules are implemented I find it useful