dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
49
share rss forum feed


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
reply to maxtor

Re: Bandwidth shaping only on port 80. Penalize heavy http.

There are two different scenarios:

1.) you are operating one or more public servers and the users you want to control are anonymous users on the Internet (some of which may use the same proxy and therefore appear to be one user).

2.) you are operating a gateway that provides Internet access to internal users (that you are able to identify by their workstation IP address).

From your post I can't make out which scenario applies to you but possible solutions are going to be different.

It also matters if you are only interested in instantaneous bandwidth usage or want to take usage over a certain time period into account as well ?
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Squiddy

@pnap.net
True, if we're talking TCP 80 only Squid with a delay_pool in transparent mode with the appropriate iptables redirect rule in the nat table would work great without needing to use QoS and explicit proxy configs on the client.

maxtor

join:2012-12-21
122002
reply to leibold
Thanks Leibold,

I ll try to answer your question as far as possible. I am speaking about scenario 2. There are around 100 users on the LAN side of the gateway.

Normally, I would be interested in instantaneous bandwidth usage only, as I dont want to implement a quota for say after 2gb of download or something of that sort.

Now fingers crossed and welcome to the solutions you were pointing to ?? Help .

maxtor

join:2012-12-21
122002
reply to Squiddy
HI Squiddy,

Thanks for pointing that out.
Yes, I could have gone via the squid way, but my users are too noob or non tech to add proxy to their browsers and again take it off when they go back home. Though thats not impossible to implement but too many people and rearrangement of network involved. If it could be done without disturbing the existing setup ? That's why I said something similar to netequalizer or arbitrator.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
said by maxtor:

Yes, I could have gone via the squid way, but my users are too noob or non tech to add proxy to their browsers and again take it off when they go back home.

You missed an important part of Squiddy's solution. Instead of configuring each users browser he suggests to create a transparent proxy by intercepting the port 80 web traffic in the Linux firewall of the gateway server and redirecting it through squid.

His solution has a number of benefits for your situation:
- adding squid is reducing bandwidth usage by serving popular content from its cache instead of fetching it repeatedly from the Internet.
- no client (workstation) side configuration changes (that could be subverted by knowledgeable users).
- using application specific (http traffic) delay_pool in squid allows finer control over bandwidth usage then qos at the network transport layer (and it appeared as if you didn't want to use qos anyway).
- all needed software is included with most Linux distributions so there is no need to hunt for additional software.

Regarding squid delay pools: HOWTO .

Regarding squid as transparent proxy: HOWTO .

You can find many more examples if you google the subject.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Squiddy

@pnap.net
Exactly, this is exactly what I do on my home network. Transparent mode is very useful since it is, as the name implies, completely transparent to the clients. Squid caching is amazing and tremendously increases the speed of the network as well as errata update downloads.