[LARTC] Traffic control, squid and priorities

[LARTC] Traffic control, squid and priorities

[George Spiliotis]

Dear list members,

I am certainly sure that this question has already been
answered somehow, somewhere but unfortunately the internet
is so big these days I need days to check for the right
information...

I am the administrator for a large company and I want to
impose some bandwidth management rules to my internal PC's
as far as the internet is concerned. My linux box acts as a
firewall & traffic controller. I am running the latest 
kernel & iproute (with dsmark & htb).

All the internal clients go through a proxy (squid) unning
on the same machine as the firewall and tc. No
discrimination so far for my bosses PC's (i.e. they 
use squid as well). Now, what I want is described with the
following simple rules:

1. When my boss is using the internet (either directly or
through the proxy) he should get priority over all other
internal users. In other words, as long as he has packets
to send, no one else should be allowed to transmit (or
receive, if possible).

2. The rest of the machines should belong to one of two
groups borrowing from each other: ones with access to the
80% of the bandwidth and the others to the 60% of the
bandwidth. If both groups send too much data then the
allocation should be in respect to these percentages.

3. Lastly the usual LARTC low latency rules should apply
for all the above.

My questions are: can these rules be achieved with linux
traffic control? Can I have rules for packets going *out*
of the proxy based on relevant information for packets
going *in* the proxy? i.e. can I mark a packet and have
squid preserve the marking for his own generated packets?
Should I impose the above rules on both interfaces
(internal-external) for my linux box? Are there any
examples for configurations like these? Something to be
used as a starting 

block?

Thank you very much,
George.

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Traffic control, squid and priorities

[Patrick McHardy]

George Spiliotis wrote:

>My questions are: can these rules be achieved with linux
>traffic control? Can I have rules for packets going *out*
>of the proxy based on relevant information for packets
>going *in* the proxy? i.e. can I mark a packet and have
>squid preserve the marking for his own generated packets?
>Should I impose the above rules on both interfaces
>(internal-external) for my linux box? Are there any
>examples for configurations like these? Something to be
>used as a starting 
>
>  
>

you need to hack squid to be able to set rules. squid can already
set tos depending on who asks, it should be easy to make something
similar and use setsockopt(SO_PRIORITY) to classify the packets.

Bye,
Patrick

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Traffic control, squid and priorities

[Stef Coene]

On Wednesday 16 April 2003 18:41, George Spiliotis wrote:
> Dear list members,
>
> I am certainly sure that this question has already been
> answered somehow, somewhere but unfortunately the internet
> is so big these days I need days to check for the right
> information...
>
> I am the administrator for a large company and I want to
> impose some bandwidth management rules to my internal PC's
> as far as the internet is concerned. My linux box acts as a
> firewall & traffic controller. I am running the latest
> kernel & iproute (with dsmark & htb).
>
> All the internal clients go through a proxy (squid) unning
> on the same machine as the firewall and tc. No
> discrimination so far for my bosses PC's (i.e. they
> use squid as well). Now, what I want is described with the
> following simple rules:
>
> 1. When my boss is using the internet (either directly or
> through the proxy) he should get priority over all other
> internal users. In other words, as long as he has packets
> to send, no one else should be allowed to transmit (or
> receive, if possible).
This is almost impossible.  It's better to say "my boss has a minimum 
bandwidth of 60%.  If he is not using it, the rest can use that bandwidth."  

> 2. The rest of the machines should belong to one of two
> groups borrowing from each other: ones with access to the
> 80% of the bandwidth and the others to the 60% of the
> bandwidth. If both groups send too much data then the
> allocation should be in respect to these percentages.
No problem.

> 3. Lastly the usual LARTC low latency rules should apply
> for all the above.
Easy to do.

> My questions are: can these rules be achieved with linux
> traffic control? Can I have rules for packets going *out*
> of the proxy based on relevant information for packets
> going *in* the proxy? i.e. can I mark a packet and have
> squid preserve the marking for his own generated packets?
> Should I impose the above rules on both interfaces
> (internal-external) for my linux box? Are there any
> examples for configurations like these? Something to be
> used as a starting
It can be done.  But squid can break the setup because you don't know who is 
requesting the page if squid goes out to the internet to fetch the page.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/