RuggedRouter User Guide
Priorit ization Examp leA remote site router connects to a private network via a T1 line. The router uses
OSPF to manage an alternate routing, but its primary purpose is to allow access to a
switched network of RuggedServers implementing TcpModbus gateways (TCP/UDP
port 502). The router and switches are managed through their Web interfaces, but can
me managed through SSH as well. The RuggedServers are managed through Telnet.
An SNMP network management polling application tracks the status of all devices.
It is generally wise to ensure that control and management capabilities are always
provided. OSPF and SSH/Telnet should be assigned to the highest priority queue.
OSPF packet are small and do not consume much bandwidth. SSH and Telnet are not
often used but must be available when required.
TcpModbus traffic is ensured a low latency by assigning it the next lowest queue.
Web traffic will be used to manage the router and switches and should be assigned to
a still lower queue.
All other traffic can be assigned to a final queue.
In all, four queues are required. The system provides three basic queues (“high”,
“normal” and “low”) and a fourth, the “extra high” can be manually added.
Traffic filters are inspected in the order in which they are entered. To reduce load and
improve performance the filters should be entered in an order which recognizes the
most frequent traffic (under normal conditions). The best filter order is probably:
•match source port 502 -> qu eue “hi gh”
•match protocol OSPF - > queu e “extr a high”
•match source port “sn mp” -> queue “extra high”
•match source port “w ww” -> queue “ normal”
•match source port “10 000” - > queue “norma l”
•match source port “ss h” -> q ueue “ extra hi gh”
•match source port “te lnet” -> queu e “extr a high”
•match source IP/Mask 0.0.0.0/0 -> queue “low”
Note that the snmp, www, ssh and telnet keywords are defined in the
file /etc/services, so we can use their mnemonics here. We could also have used the
raw port numbers 161, 80, 22 and 23, respectively. The TcpModbus port number is
not common, and must be explicitly entered. The webmin port number of 10000
reflects the fact that web traffic from a router is issued on this port.
Each of the “port based” filters must match a source port. Matching is being applied
to packets from the service at the well known source port to an unknown and variable
destination port number.
Finally, note that the final traffic filter essentially suppresses TOS inspection by
directing all unmatched traffic onto the “low” queue.
170 RuggedCom