Re: Fair queuing with htb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 25/12/10 16:51, Grégoire Leroy wrote:

Le Saturday 25 December 2010 03:35:12, Antoine Souques a écrit :

I've attached a graph which explains what are the marked packets.


Your design is wrong. You mark the upload traffic, when the main http
traffic is the download traffic. That is why your QoS seems ineffective


In this case I have probably misunderstood the goal of the tcp_outgoing_mark
squid directive. Andrew, in what purpose is it developped ?




The general goal is to do a QoS based on user ip. If I had no proxy, it
would be easy. However, since I've a proxy, my firewall sees the proxy
ip, not the users IP.


Where is your firewall ? Between the proxy and the webserver, or the
otherside ?



Yes it is


In the first case, you can only mark the upload traffic (it's to late
for the download traffic). You should use the conntrack module to mark a
connection, and so, you will be able to mark the download traffic


I thank it was the goal of the tcp_outgoing_mark squid directive (authored by
Andrew).


Moreover, I don't understand why you don't have access to your user
addresses. You use mark, so your firewall and your proxy are running on
the same box. So, when the download traffic leaves your proxy/firewall,
the destination adsress is the user address. tc is called when a packet
is send to the network, or when a packet arrive. So you can do IP based
QoS.


The problem is if I limit the traffic between the proxy and users, then he
won't any difference between the data downloaded from internet and the data
which was in cache in squid.

I want to limit the rate only for non-cached data, so it seems relevant to
apply QoS between proxy server and internet.



There are three ways to do that:
1) Delay_pools in Squid capping the Server bandwidth speeds based on any client info desired.
2) QoS between the clients and Squid using qos_flows. They mark traffic destined to the clients separated into flows based on the data source type; cache, sibling peer, parent peer, direct origin.
3) Between Squid and the origin servers you need to mark and limit on arrival into the box and Squid is not involved, or is set to pass-thru the markings. Squid will be limited along with the client. 

AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux