Re: [LARTC] HTB traffic shaping + squid cache proxy

From: Eddie <eddieknows@ananzi.co.za>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] HTB traffic shaping + squid cache proxy
Date: Fri, 14 Nov 2003 06:12:11 +0000	[thread overview]
Message-ID: <marc-lartc-106879080623688@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106871556804786@msgid-missing>

just a thing.As I understand the users go to squid and squid goes to the
web page?Something like this

[network]-----8080----[eth0 linux eth1]----80---web.
So if you limit the port 80 traffic on eth1 it should slow down squid
but you dont want to limit traffic on eth0's 8080 because what's the use
of a proxy then?
This is just how I see it?

On Thu, 2003-11-13 at 11:23, Rokas wrote:
> Hello!
> 
> My system is:
> Internet ADSL(PPPoE) ---> ppp0 [LINUX server(router)] eth0 ---> LAN
> Server(router) is running on LINUX Slackware 8.1. I have recompiled a
> 2.4.22 kernel, enabled all QoS support in the kernel config,
> including HTB. My ADSL bandwidth is 256Kbit/s for download and
> 64Kbit/s for upload.
> 
> I use the following HTB+IPTABLES configuration, because I want to
> reduce bandwith for all traffic, except HTTP, MAIL, ICQ, IRC, SSH and
> etc.
> -------------------------------------------------------------------------
> #!/bin/bash
> TC=/sbin/tc
> IPTABLES=/usr/sbin/iptables
> 
> $TC qdisc del dev eth0 root 2> /dev/null > /dev/null
> $TC qdisc del dev ppp0 root 2> /dev/null > /dev/null
> $IPTABLES -F POSTROUTING -t mangle
> 
> $TC qdisc add dev eth0 root handle 1: htb default 50 r2q 2
> 
> $TC class add dev eth0 parent 1: classid 1:2 htb rate 248Kbit burst 35k
> 
> $TC class add dev eth0 parent 1:2 classid 1:10 htb rate 220Kbit ceil 240Kbit burst 25k prio 0
> 
> $TC class add dev eth0 parent 1:2 classid 1:30 htb rate 28Kbit ceil 28Kbit burst 10k prio 1
> 
> $TC qdisc add dev eth0 parent 1:10 handle 11: sfq perturb 10
> $TC qdisc add dev eth0 parent 1:30 handle 33: sfq perturb 10
> 
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -j MARK --set-mark 3
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 443 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 21 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 53 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p udp --sport 53 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 110 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 5190 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p tcp --sport 6661:6669 -j MARK --set-mark 1
> $IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 192.168.0.0/24 -p icmp -j MARK --set-mark 1
> 
> $TC filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:10
> $TC filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:30
> ##############################
> 
> $TC qdisc add dev ppp0 root handle 1: htb default 20
> 
> $TC class add dev ppp0 parent 1: classid 1:1 htb rate 62Kbit burst 35k
> $TC class add dev ppp0 parent 1:1 classid 1:10 htb rate 40Kbit ceil 60Kbit burst 25k prio 1
> 
> $TC class add dev ppp0 parent 1:1 classid 1:20 htb rate 15Kbit ceil 55Kbit burst 10k prio 2
> 
> $TC class add dev ppp0 parent 1:1 classid 1:30 htb rate 7Kbit ceil 28Kbit burst 5k prio 3
> 
> $TC qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10
> $TC qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10
> $TC qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10
> 
> $TC filter add dev ppp0 parent 1:0 protocol ip prio 10 u32 \
>   match ip tos 0x10 0xff  flowid 1:10
> 
> $TC filter add dev ppp0 parent 1: protocol ip prio 10 u32 \
>    match ip protocol 6 0xff \
>    match u8 0x05 0x0f at 0 \
>    match u16 0x0000 0xffc0 at 2 \
>    match u8 0x10 0xff at 33 \
>    flowid 1:10
> 
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -j MARK --set-mark 12
> 
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p icmp -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 22 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --sport 80 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s ! 192.168.0.0/24 -p tcp --dport 20 -j MARK --set-mark 11
> 
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MARK --set-mark 13
> 
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 443 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 53 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p udp --dport 53 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 22 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 23 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 25 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 110 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 5190 -j MARK --set-mark 11
> $IPTABLES -t mangle -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -p tcp --dport 6661:6669 -j MARK --set-mark 11
> 
> $TC filter add dev ppp0 parent 1:0 protocol ip handle 11 fw flowid 1:10
> $TC filter add dev ppp0 parent 1:0 protocol ip handle 12 fw flowid 1:20
> $TC filter add dev ppp0 parent 1:0 protocol ip handle 13 fw flowid 1:30
> --------------------------------------------------------------------------
> 
> This configuration works rather well. But I decided to start a SQUID
> HTTP caching transparent proxy on the same server box. I have
> configured squid on the 8080 port, and I redirect all the HTTP traffic
> to the SQUID proxy server:
> iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080
> 
> The redirection works OK, and transparent proxy does its work. But
> what about HTTP downstream traffic shaping ? In my earlier configuration
> (without SQUID), I just put HTB classes on my internal eth0 interface,
> so I could point HTTP traffic into high rate/priority class. But if I
> redirect HTTP traffic through SQUID proxy, this shaping becomes not
> effective, because I can shape only outgoing traffic on each
> interface. What would be your suggestions about this issue ? Perhaps
> it is a bad idea to use SQUID proxy ? The most important thing for me
> is to reduce the download of big files via FTP, KaZaA and etc. (all
> non-priviledeged ports), and to give the WWW and other important
> traffic the highest bandwith rate and priority and to speed the WWW...
> I would be very grateful if you could give me suggestions how to speed
> up WWW...
> 
>      Rokas Zakarevicius
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/