Re: Managing traffic on an internal Squid box

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ben,

Thanks for the reply.

I have just managed to get this working how I wanted, based on an
example I found here
http://forums.opensuse.org/english/get-technical-help-here/network-internet/454307-wondershaper-modification-exclude-lan-should-included.html

This is the script I came up with..

http://pastebin.com/6wJ4eVnd

With some quick tests it appears to work as expected.


Lonney.

On 17 April 2013 14:11, Benjamin Kiessling <mittagessen@xxxxxxxxxxx> wrote:
> Hi,
>
> On 04/17, Lonney wrote:
>> Using this example
>> http://www.lartc.org/howto/lartc.cookbook.ultimate-tc.html#AEN2233 and
>> adjusting the settings to 75% of our down and upstream bandwidth, and
>> to use eth0 works very well for managing web traffic – as expected
>> downloads get equal bandwidth, and web browsing can continue without
>> significant slowdowns.
>>
>> However this also manages everything else on eth0 with these limits
>> which is not ideal.
>> What I want to achieve is to have the traffic control applied to
>> traffic to/from the internet (ports 80 and 443 for example), but not
>> locally between squid and other machines on the local network. I
>> assume this could be done with some iptables rules, but I'm not very
>> experienced with combining iptables and tc together.
>
> The easiest way to achieve this behavior would be to either set no
> default class for HTB as traffic which is not classified will traverse
> the interface unshaped, e.g.:
>
>         tc qdisc add dev eth0 root handle 1: htb
>         tc class add dev eth0 parent 1: classid 1:1 htb rate 3Mbit
>         tc qdisc add dev eth0 parent 1:1 handle 10: sfq
>
> and then matching on the locally generated traffic from squid using
> iptables (look for the CLASSIFY target). This works if you can be fairly
> sure that other traffic will not swamp out traffic going through HTB.
> Otherwise, setting a default class with line speed and another squid
> class beneath it will fix this flaw.
>
> Another (significantly more complex) matter is ingress shaping.
> Utilizing the ifb device to redirect ingress traffic is the technology
> of choice here, but you will have to use tc-filter here as ifb does not
> possess the necessary netfilter hooks. Take a look at [0] to get an
> example on how to employ ifbs.
>
> Regards,
> Ben
>
>
> [0] http://github.com/westnetz/qos-script
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux