Mark Tinka wrote:
I don't think this really matters as a customer's bandwidth is already limited by the last mile solution deployed, especially if last mile is rented telco circuits.
Last mile is wireless. Motorola Canopy, I believe.
I'll look into this. We had to create a private network to route between the existing internal network and the public network. Both of these networks use public IP addresses and my problem was how to send packets to the router. I think it should be possible to forward packets from the bandwidth manager (if it is setup as a bridge) to a new default gateway. I wonder if it is simpler to do that or to keep the existing private network ...This is what I meant by not being able to throttle the cache. In this
case, the bandwidth manager (default gateway for two networks) throttles
their requests, and sends them to the Internet.
Aaah, so this is the complication. I usually like my bandwidth managers as very intelligent bridges, not doing any routing at all. It's an extra hop that's a point of failure that, IMHO, shouldn't really be there.
Run the bandwidth manager as a bridge, bridging your LAN to your Internet border network. It should still be bright enough to read the IP headers going through it and apply policies accordingly.
You mean as a firewall for the network, or just using the IPTables firewall rules to intercept HTTP traffic?Both. I have settled on Shorewall and I think it is very nice because it allows you to think at a higher level than iptables rules.
Yes. The box talks directly to the router and proxies HTTP for internal clients. Cache hits are returned at full speed. Once in a while I get about 30k/second when one of my requests hits the cache. The cache is setup to keep many small objects in memory and to keep many large objects on disk.Even when the cache wants to go at full speed, the rest of the traffic (not
intercepted on port 80) still needs to get through with minimal delay.
Hence the traffic shaping ...
Hmmh, does this box forward any packets to your border router?
Suggest you do those on your edge router that they connect to (can never trust policies to be implemented and maintained on customer routers).I am recommending to the client that they firewall connections from the client side as well. The idea is to insulate customers from each other and to avoid the client's internal network being a 'soft' spot, security wise. Do you have any recommendations for this?
Well, they said the Internet was slow and they called me in to make it fast. So I gave them fast :-)In this setup, the cache responds at full speed if it has the content
already, and at throttled speed if it does not.
That is very intelligent, and I am impressed by it. My only issue is whether it matters especially if a customer is already running a rate limited line e.g., a 64Kbps leased line.
Acknowledgement packets and other TCP connection overhead that involves very small packets are sent first. It takes up less than 4kbit / second but enables other incoming connections which are waiting for an ACK to send the next packets.
The throttling is done by the bandwidth manager. What I do is to reorder the bandwidth manager
packets and cache packets to get maximum uplink utilization while
achieving some decent latency characteristics.
How?
HTTP traffic, mail traffic etc are sent next but have access to much higher bandwidth. What happens is that there is a slight pause while waiting to send the overhead packets, and everything else then comes in faster as a result. We also cache DNS traffic since we realized that the customer's web browser first makes a DNS lookup, then the transparent proxy makes the same DNS lookup. There is no internal DNS, so caching makes things respond faster by avoiding the satellite uplink/downlink latency where possible.
Do you have any recommendation for bandwidth managers? Thanks for taking the time to respond. It has been very interesting indeed.We have one of those. ET/BWMGR. I hate it.
Hmmh, I was actually referring to another manufacturer, and talking about ET. These must be new models to compete with some of the legacy manufacturers, otherwise my first model was the one I based this thread on. Newer models can accept even up to 24 Ethernet/Gig-E ports.
-- G. _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
