2

I am currently having the following situation:

I am using a VPN (OpenVPN) over a rather unstable internet connection. This means the maximum bandwidth varies between 100kbs and 1mbit. Whenever the connection is rather unstable and there is high traffic I get a lot of packet loss and everything gets very slow. To prevent this I need some mechanism to control the maxium bandwidth based on packet loss / latency, to get below the threshold where packets are dropped massively. I was thinking of having an icmp (ping) control channel to the vpn server, which is continously analyzed using some kind of script and if the ping gets bad or packets are dropped, the maximum bandwidth will be adjusted by setting a new max bandwidth using tc (for QoS).

My Questions would be: 1. Can this already be done just using tc? 2. Is there maybe a tool, which already does, what I want?

Thanks in advance and best regards!

user2071301
  • 21
  • 1

1 Answers1

0

I think you want to find a way to shape your traffic before the encapsulation occurs, inside a VM with bridged ethernet for example. Your computer shapes and route to your VM, your VM does the encapsulation.

Moreover, as you can't fix a rate, you should use prio scheduler with tc. Since TCP has congestion avoidance mechanism and UDP hasn't (QUIC excepted), place UDP and TCP in different qdiscs. Your problem may be in TCP flows lowering rate while UDP ones doesn't.

Furthermore, you should in this case where you don't know your line rate, priorize TCP qdiscs over UDP qdiscs, with one exception : low rate high priority UDP flows (DNS, NTP) should have the highest priority.

setenforce 1
  • 928
  • 5
  • 7
  • Hey, thanks for you response. The priorization would be done before VPN ecapsulation anyway. I am not sure if the qdisc Prio would bring me anything, since my traffic is mostly tcp. The problem is that whenever traffic is too much and the connection is rather unstable, packets get dropped massiveley and it takes a while (up to 40 seconds), till everything calmed down. – user2071301 Dec 06 '15 at 05:32
  • Usually, when you're writing QoS rules, you need to know the bandwidth you can use. Prio is the lonely one, as far as I know, which doesn't. – setenforce 1 Dec 06 '15 at 16:22
  • I'm sorry, I forgot i can't use enter in comments. Prio will always priorize one flow over another, even if the second has to be completely dropped. This way, you could use something like : UDP Services (DNS, NTP) and ping > SSH > HTTP connections under 10 Mo (to avoid download connections to be here) > Other connections. Obviously, you have to change this to your needs. With such a QoS, if you have a low bandwidth for a while, your main connections should be availaible. The udp / tcp point isn't related to the qdisc. – setenforce 1 Dec 06 '15 at 16:34