RuggedCom RX1000, RX1100 manual Prioritization Example

RuggedRouter™ User Guide

Prioritization Example

A remote site router connects to a private network via a T1 line. The router uses OSPF to manage an alternate routing, but its primary purpose is to allow access to a switched network of RuggedServers implementing TcpModbus gateways (TCP/UDP port 502). The router and switches are managed through their Web interfaces, but can me managed through SSH as well. The RuggedServers are managed through Telnet. An SNMP network management polling application tracks the status of all devices.

It is generally wise to ensure that control and management capabilities are always provided. OSPF and SSH/Telnet should be assigned to the highest priority queue. OSPF packet are small and do not consume much bandwidth. SSH and Telnet are not often used but must be available when required.

TcpModbus traffic is ensured a low latency by assigning it the next lowest queue.

Web traffic will be used to manage the router and switches and should be assigned to a still lower queue.

All other traffic can be assigned to a final queue.

In all, four queues are required. The system provides three basic queues (“high”, “normal” and “low”) and a fourth, the “extra high” can be manually added.

Traffic filters are inspected in the order in which they are entered. To reduce load and improve performance the filters should be entered in an order which recognizes the most frequent traffic (under normal conditions). The best filter order is probably:

∙match source port 502 -> queue “high”

∙match protocol OSPF -> queue “extra high”

∙match source port “snmp” -> queue “extra high”

∙match source port “www” -> queue “normal”

∙match source port “10000” -> queue “normal”

∙match source port “ssh” -> queue “extra high”

∙match source port “telnet” -> queue “extra high”

∙match source IP/Mask 0.0.0.0/0 -> queue “low”

Note that the snmp, www, ssh and telnet keywords are defined in the

file /etc/services, so we can use their mnemonics here. We could also have used the raw port numbers 161, 80, 22 and 23, respectively. The TcpModbus port number is not common, and must be explicitly entered. The webmin port number of 10000 reflects the fact that web traffic from a router is issued on this port.

Each of the “port based” filters must match a source port. Matching is being applied to packets from the service at the well known source port to an unknown and variable destination port number.

Finally, note that the final traffic filter essentially suppresses TOS inspection by directing all unmatched traffic onto the “low” queue.