In order to setup DSCP rules for Quality of Service under linux, the firewall needs to be configured. These commands are for firewalld (CentOS 7.x) but since the --direct syntax is used, they can easily be adapted to iptables (CentOS 6.x). The following examples show how this can be done, for port 3306 (the MySQL server connection), this concept can be easily extended to other ports and protocols. | Translations Ignore |
|---|
| Code Block |
|---|
| title | Enable DSCP Class EF (46) for outgoing packets from TCP Port 3306 |
|---|
| # DSCP Class EF is equal to DSCP 46 (Expidited)
firewall-cmd --permanent --direct --add-rule ipv4 mangle OUTPUT 0 -p tcp --sport 3306 -j DSCP --set-dscp-class EF
firewall-cmd --reload |
|
| Translations Ignore |
|---|
| Code Block |
|---|
| title | Verify DSCP is set on packets from port 3306 on interface ens192 |
|---|
| # Output should show packets if connections are present to the MySQL Server
firewall-cmd --direct --get-all-rules
tcpdump -i ens192 -v ip[1]==184 |
|
| Translations Ignore |
|---|
| Code Block |
|---|
| title | Remove DSCP rules for mangle table OUTPUT chain |
|---|
| firewall-cmd --permanent --direct --remove-rules ipv4 mangle OUTPUT
firewall-cmd --reload
|
|
| Translations Ignore |
|---|
| Code Block |
|---|
| title | Verify DSCP is removed on packets from port 3306 on interface ens192 |
|---|
| # Output should show no more packets even if connections are present to the MySQL Server
firewall-cmd --direct --get-all-rules
tcpdump -i ens192 -v ip[1]==184 |
|
| 