On 05/23/2015 04:03 PM, Oliver Webb wrote:
I have a squid proxy acting as a parental filter on our LAN, however the
traffic balancing is a problem. My question is: Is it possible to set up
something that achieves this:
NB:
Where I have referred to "users" I am refering to devices as I do not have
any login system.
My internet speed here is assumed to be 10Mbps
1) When several users are browsing Wikipedia the burst downloads required,
assuming the bursts occur 1 at a time, each burst gets the full internet
bandwidth of ~10Mbps
2) When 2 or more users are downloading files the internet bandwidth gets
divided equally i.e. each user gets 5Mbps when there are 2 concurrent large
downloads and each user gets 3.33Mbps when there are 3 concurrent large
downloads
3) When there are 2 concurrent large downloads occurring and third user wants
to browse Wikipedia the burst downloads for Wikipedia momentarily change the
bandwidth allocations so that while the Wikipedia page is download each user
gets 3.33Mbps and once the page is downloaded the two large dowloads get back
their 5Mbps each
Many thanks for your help it is greatly appreciated
I suspect you're looking for iptables+tc; I do something similar for my
3 networks - auth, guest, and tenant. But really discussion of iptables
and tc is way off topic for this list. You probably want to spend some
time with the man pages and figure out what I'm doing.
bandwidth_down=10000
bandwidth_up=10000
auth_down=$(( $bandwidth_down / 2 ))
auth_up=$(( $bandwidth_up / 2 ))
tenant_down=$(( $bandwidth_down / 4 ))
tenant_up=$(( $bandwidth_up / 4 ))
guest_down=$(( $bandwidth_down / 8 ))
guest_up=$(( $bandwidth_up / 8 ))
# mark our packets
# we use the FORWARD chain so we have access to both inbound and
outbound info for the packet
# we must restore the connection mark before NAT
# and set it when the packet is all the way through
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A FORWARD -s $auth -o ${outside_if} -j MARK
--set-mark 0x04
iptables -t mangle -A FORWARD -s $guest -o ${outside_if} -j MARK
--set-mark 0x05
iptables -t mangle -A FORWARD -s $tenant -o ${outside_if} -j MARK
--set-mark 0x06
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
# HTB classes on interfaces with rate limiting
# we limit uploads on the common outside interface
tc qdisc add dev ${outside_if} root handle 1: htb default 30
tc class add dev ${outside_if} parent 1: classid 1:1 htb rate
${bandwidth_up}kbit
tc class add dev ${outside_if} parent 1:1 classid 1:14 htb rate
${auth_up}kbit ceil ${bandwidth_up}kbit
tc class add dev ${outside_if} parent 1:1 classid 1:15 htb rate
${guest_up}kbit ceil ${bandwidth_up}kbit
tc class add dev ${outside_if} parent 1:1 classid 1:16 htb rate
${tenant_up}kbit ceil ${bandwidth_up}kbit
tc filter add dev ${outside_if} parent 1:0 protocol ip handle 0x04 fw
flowid 1:14
tc filter add dev ${outside_if} parent 1:0 protocol ip handle 0x05 fw
flowid 1:15
tc filter add dev ${outside_if} parent 1:0 protocol ip handle 0x06 fw
flowid 1:16
# for downloads we limit on common inside interface, the one with the vlans
tc qdisc add dev ${inside_if} root handle 1: htb default 30
tc class add dev ${inside_if} parent 1: classid 1:1 htb rate
${bandwidth_down}kbit
tc class add dev ${inside_if} parent 1:1 classid 1:14 htb rate
${auth_down}kbit ceil ${bandwidth_down}kbit
tc class add dev ${inside_if} parent 1:1 classid 1:15 htb rate
${guest_down}kbit ceil ${bandwidth_down}kbit
tc class add dev ${inside_if} parent 1:1 classid 1:16 htb rate
${tenant_down}kbit ceil ${bandwidth_down}kbit
tc filter add dev ${inside_if} parent 1:0 protocol ip handle 0x04 fw
flowid 1:14
tc filter add dev ${inside_if} parent 1:0 protocol ip handle 0x05 fw
flowid 1:15
tc filter add dev ${inside_if} parent 1:0 protocol ip handle 0x06 fw
flowid 1:16
Oliver
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
