FireBrick Traffic Shaping: Difference between revisions

(12 intermediate revisions by 2 users not shown)

Line 1:

[[File:2700-small.png|link=:Category:FireBrick]]

==Overview==

The FireBrick 2700 has been used as a 'black' box traffic shaping device in shared offices. It's quite easy to configure a FireBrick for a 'serviced office' scenario where tenants pay for a slice of a fast pipe.

⚫

=Overview=

⚫

The FireBrick can shape based on parameters such as source/target IP/port/protocol, giving flexibility.

⚫

*The FireBrick 2700 has been used as a 'black' box traffic shaping device in shared offices. It's quite easy to configure a FireBrick for a 'serviced office' scenario where tenants pay for a slice of a fast pipe. -this would be great for leased lines, ethernet services, FTTC, FTTP etc.

⚫

When shaping, ~~CWL~~ graphs are produces for each 'shaper', giving a visual representation of the traffic.

⚫

*The FireBrick can shape based on parameters such as source/target IP/port/protocol, giving flexibility.

⚫

==~~block~~-box==

⚫

*When shaping, CQM graphs are produces for each 'shaper', giving a visual representation of the traffic.

*FireBrick are being used to traffic shape tenants in a serviced office setup where the alternative products to do the job were many times the cost.

⚫

==Black-box==

If a managed office already has network infrastructure then the FireBrick can work in a proxy-arp mode, and physically sit on your network between your router and your LAN.

=Config Examples=

==Proxy-arp Mode==

If you want the Firebrick to be 'invisible' on your LAN, ie, you have machines on the LAN which use the gateway IP of your router, and you do not want to use the FireBrick as the router, then setting proxy-arp on the subnets is required. - this will then proxy arps between the FireBricks LAN and WAN, both ways. -Note broadcast traffic is not passed through the FireBrick - so the router won't be able to do DHCP - the FireBrick can, or another host on the LAN can instead.

If you want the Firebrick to be 'invisible' on your LAN, i.e., you have machines on the LAN which use the gateway IP of your router, and you do not want to use the FireBrick as the router, then setting proxy-arp on the subnets is required. - this will then proxy arps between the FireBricks LAN and WAN, both ways. -Note broadcast traffic is not passed through the FireBrick - so the router won't be able to do DHCP - the FireBrick can, or another host on the LAN can instead.

Here is a config snipet where physical ports are as follows:

Line 18:

Line 23:

*192.0.2.245 has been assigned to the FireBrick

*192.0.2.2-253 is used for the various clients on the LAN

Line 29:

Line 35:

</interface>

</syntaxhighlight>

We're simply setting the same IP address on both sides on the FireBrick, and setting proxy-arp=true.

==Traffic Shaping configuration==

First we need some shapers - these define the speed lanes/tunnels/pipes:

</syntaxhighlight>

Here we have defined 2 shapers, one with 500kbit/s up/down, and one with 3Mbit/s up/down.

These shapers can then be used in rules, e.g.:

<route-override>

</route-override>

</syntaxhighlight>

Here we have set specific IP addresses to go through specific shapers, so 192.0.2.2 will get 500K/bs and 192.0.2.3 will get 3Mbit/s.

[[Category:FireBrick|traffic]]