I never was able to get the QoS engine to work. The second it was enabled connectivity slammed to a stop and the COS box couldn't even ping to the outside world. I tried it again yesterday and it didn't work then either. Did some updates yesterday as well, with yum log below.
Anyway, then today it sorta struck me this morning. I should try QoS now post-update and see what happens. Well, sure enough - it worked. Connectivity gate wasn't slammed shut. I put only the basic settings in place with 2 extra rules but UDP traffic was shaped nicely even on saturated uploads. So that was pretty great.
Then this afternoon, I was editing DNS settings and BUMP. Connectivity stopped again. Humph. I remembered the morning QoS activation, so I disabled it. Connectivity was restored. Enabled QoS. BUMP again. Disabled again > Connectivity restored again. So the old pattern was back.
So on a lark, I re-enabled QoS, dropping connectivity. Then I rebooted the machine and VOILA, once more everything is working, including Qos and connectivity.
So my question is this - do any of you use QoS in production?
Anyway, then today it sorta struck me this morning. I should try QoS now post-update and see what happens. Well, sure enough - it worked. Connectivity gate wasn't slammed shut. I put only the basic settings in place with 2 extra rules but UDP traffic was shaped nicely even on saturated uploads. So that was pretty great.
Then this afternoon, I was editing DNS settings and BUMP. Connectivity stopped again. Humph. I remembered the morning QoS activation, so I disabled it. Connectivity was restored. Enabled QoS. BUMP again. Disabled again > Connectivity restored again. So the old pattern was back.
So on a lark, I re-enabled QoS, dropping connectivity. Then I rebooted the machine and VOILA, once more everything is working, including Qos and connectivity.
So my question is this - do any of you use QoS in production?
May 15 17:51:48 Updated: 1:app-intrusion-detection-core-1.5.16-1.v6.noarch
May 15 17:51:48 Updated: nss-softokn-freebl-3.14.3-10.el6_5.x86_64
May 15 17:51:50 Updated: kernel-firmware-2.6.32-431.17.1.v6.noarch
May 15 17:51:51 Updated: 2:qemu-img-0.12.1.2-2.415.el6_5.8.x86_64
May 15 17:51:51 Updated: 2:qemu-kvm-0.12.1.2-2.415.el6_5.8.x86_64
May 15 17:51:56 Installed: kernel-2.6.32-431.17.1.v6.x86_64
May 15 17:51:57 Updated: nss-softokn-3.14.3-10.el6_5.x86_64
May 15 17:51:57 Updated: 1:app-intrusion-detection-1.5.16-1.v6.noarch
May 15 17:52:02 Installed: kernel-devel-2.6.32-431.17.1.v6.x86_64
May 15 17:52:02 Updated: suva-client-3.1-10.v6.x86_64
May 15 17:52:03 Updated: kernel-headers-2.6.32-431.17.1.v6.x86_64
May 15 17:52:03 Updated: polkit-gnome-0.96-4.el6.x86_64
May 15 17:52:03 Updated: yum-marketplace-plugin-1.8-1.v6.noarch
Share this post:
Responses (4)
-
Accepted Answer
[root@system ~]# rpm -q snort
snort-2.9.5.3-4.v6.x86_64
[root@system ~]# rpm -q app-qos-core
app-qos-core-1.5.21-1.v6.noarch
I'm not sure what to say. I've tested QoS on a few customer systems and they've worked every time. So it seems like it's an anomaly on my machine. Considering that I'm running it as a VirtualBox host with Gnome packages installed, which is likely not too standard, perhaps we should not worry about it. -
Accepted Answer
-
Accepted Answer
Bingo, Tim. I forgot that I had also tried disabling snort (still running fail2ban, at least). When I restarted snort, BUMP; actually had to restart the machine because I didn't know how repeal the snort hex.
I tried an output of "firewall-start -d'" with snort Off and On, but diff showed no difference.
lsmod | grep net shows the following modules:
vboxnetadp 18384 0
vboxnetflt 17461 1
vboxdrv 350316 6 vboxpci,vboxnetadp,vboxnetflt
vhost_net 30849 0
macvtap 10071 1 vhost_net
tun 17127 3 vhost_net
I really want this to work. I was startled how well my VOIP phone sounded on saturated bandwidth. You could hardly tell any difference in quality. Is there any further troubleshooting we can do? It would be nice to have snort & QoS.
What sorta puzzles me is that I've tried QoS on another machine and both snort & QoS co-exist. :huh: -
Accepted Answer
I do here... there was a bug with the netfilter stack used by Snort...but I think that was fixed (it temporarily blacklisted the nfnetlink_queue module which was conflicting with the QOS)
Whats the output of 'lsmod | grep net'?
Try restarting snort service and see if everything still works OK
The output of 'firewall-start -d' also helps to debug QOS
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »