On 28/11/12 04:54 AM, Giles Coochey wrote:
On 28-11-2012 05:25, Steven Kath wrote:
Is there a way to mark traffic on one machine and match the
mark on another machine? so I can classify traffic on the
proxy server and shape it on the router?
This question is a good example of the rationale for the
TOS/DSCP header on IPv4 packets. netfilter/iptables are
quite capable of matching and manipulating the DSCP field,
as are some proxy servers.
--
+1 to above.
Alternatively, you could route the packet from the proxy to a different,
secondary IP on the router. The router could then shape all the traffic
that arrives on the secondary IP. You can achieve the secondary IP with
sub-interfaces, secondary IP in the same subnet, or separate VLAN
interfaces
I don't think there is any net-filter tagging, in the way that you can
tag packets in rules while it passes internally through the proxy, that
would be visible externally to the router.
Cool, thanks a lot for this advice Steven and Giles, our proxy server is
Apache Traffic Server, so I started work on a simple "remap" plugin to
set TOS/DSCP field: http://nottheoilrig.com/trafficserver/201211300/tos.cc
It should enable something like the following, in the Traffic Server
remap.config:
map http://gmail.com @plugin=tos.so @pparam=3
map http://facebook.com @plugin=tos.so @pparam=7
But what about response traffic? Is there a way to copy the TOS/DSCP
field to the response from the origin server?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
