I have a site with an OpenBSD firewall pair routing 12 internal VLANs
(11 client networks, 1 DMZ). All of the client HTTP traffic is
redirected to a Squid proxy on the DMZ. I'm using altq with cbq for
queuing all of the outbound traffic, but I can't seem to wrap my head
around a good way of queueing while using the proxy.
With the current ruleset, clients are properly assigned to the
"http_out" queue, but then the connection from the proxy is going to
duplicate their traffic in altq. Even if don't queue outbound
traffic from the proxy, the packets are going to be counted towards
the default queue, skewing my totals. Has anyone come up with an
effective QoS design for dealing with proxies handling multiple
networks?
(Note: I would post the ruleset, but it's over 600 lines long.)
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
