Re: [squid-users] How to use cbq
Do you know someone who managed to use the squid marked packets to make a QoS based on ip source with classful queuing ? (cbq, htb) Yes, I do this. For an example you could have a look at my website. It is out of date and probably not exactly what you are looking for, but it would probably give you an idea: http://www.andybev.com/index.php/Fair_traffic_shaping_an_ADSL_line_for_a_lo cal_network_using_Linux On your website I don't see where you use Squid to mark packets. Hum, I've noticed something : when i make tc class show dev eth0 I can see there are packets which pass by the class I want : they are packets marked by Squid : the source is the proxy and the destination is the web server. They represent a little proportion of packets between my user and my web server (there is mainly download with HTTP) However, I want to limit the download rate : packets from web server to proxy server. Is there a way to do this ? Was the feature written for this ? Thanks, Grégoire Leroy
Re: [squid-users] How to use cbq
That was 4 months ago. The netfilter MARK feature is now completed and working AFAIK in the 3.2 betas. Amos Hello, Is there a way to verify that packet are really marked ? In my squid.conf I've : acl user1 src /etc/squid/ip_user/user1 tcp_outgoing_mark 0x1 user1 acl user85 src /etc/squid/ip_user/user85 tcp_outgoing_mark 0x55 user85 I've made a script htb.sh : #!/bin/bash INT=eth0 BAND=12000kbit RATE=63kbit tc qdisc del dev $INT root tc qdisc add dev $INT root handle 1: htb default 30 tc class add dev $INT parent 1: classid 1:1 htb rate 100mbit burst 15k tc class add dev $INT parent 1:1 classid 1:10 htb rate $RATE ceil $RATE \ burst 15k tc class add dev $INT parent 1:1 classid 1:30 htb rate 88mbit burst 15k tc class add dev $INT parent 1:1 classid 1:20 htb rate $RATE ceil $BAND \ burst 15k tc filter add dev $INT protocol ip handle 1 fw flowid 1:10 tc filter add dev $INT protocol ip handle 0x55 fw flowid 1:20 However, when I try to download something with an ip in /etc/squid/ip_user/user85, I download at 88mbit/s... So, it seems my packets are not marked. tc filter show dev eth0 gives me : filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x55 classid 1:20 filter parent 1: protocol ip pref 49152 fw filter parent 1: protocol ip pref 49152 fw handle 0x1 classid 1:10 Have I done a misconfiguration in squid ? Thanks, Grégoire leroy
Re: [squid-users] How to use cbq
Also check that Squid was built with the netfilter-conntrack library and the QoS feature enabled. --enable-zph-qos --with-netfilter-conntrack Oh, I hadn't add these options. when not explicitly specified for ./configure the feature support is at the mercy of the automatics and may be disabled relatively silently if required system pieces are missing. Hum, should there be some errors when I use squid -k parse squid -k reconfigure if these options are disabled ? I have no warning or error. Thanks, Grégoire Leroy
Re: [squid-users] How to use cbq
Looks right for the Squid part. Also check that Squid was built with the netfilter-conntrack library and the QoS feature enabled. --enable-zph-qos --with-netfilter-conntrack when not explicitly specified for ./configure the feature support is at the mercy of the automatics and may be disabled relatively silently if required system pieces are missing. iptables should have something to track packet markings with. I've recompiled squid with the missed options, and in the iptables logs I can see the packets are marked. For information, if someone want to know how verify if the packets are marked : iptables -A OUTPUT -j LOG iptables -A INPUT -j LOG iptables -A FORWARD -j LOG cat /var/log/kern.log So, the problem comes from tc, not squid. I'm not familiar with the specific tc configuration to help further sorry. Do you know someone who managed to use the squid marked packets to make a QoS based on ip source with classful queuing ? (cbq, htb) Or do you know where I can ask help ? It seems the LARTC mailing-list is dead. Thanks, Grégoire Leroy
Re: [squid-users] How to use cbq
I recall there was a discussion on this recently on this list. A a search of the archives should find this. Tris Maybe you talk about http://squid-web-proxy- cache.1019090.n4.nabble.com/Marking-outgoing-connections-with-a-mark-acc-to- client-IP-td2340794.html However the conclusion is that the feature is not yet implemented. Have I missed something ? Is there any solution ? Thanks, Gregoire
[squid-users] How to use cbq
Hi, I would use the cbq (or htb, or any algo which is based on ip source) queuing in order to manage my bandwith (~ 12 Mbits fot 150 users). I can't make a rule in my firewall because my firewall doesn't know what is the ip source : he knows the proxy server ip. I have not seen the feature in squid - the only bandwith management I've seen is the delay pools -, is there any way to use a QOS based on ip source ? Or must I code the use of cbq ? Thanks, Grégoire Leroy
Re: [squid-users] How to use cbq
Hi Gregorie, CBQ and HTB are policy's that are applied to the network interface on the server, they are independent of Squid. I've used HTB in various scenarios where I've wanted to control a specific users bandwidth independent of the proxy software that has been running on the box. Using the info on lartc.org it is fairly easy to compile a simple shaping policy. Yes, I've seen lartc.org, but it doesn't seem it works for me. I can act on 2 servers : the gateway (firewall) or the proxy. I want act on the HTTP traffic only, other traffic don't pass on the same line (I've 2 ADSL for HTTP and 1 SDSL for other traffic). All the HTTP traffic pass by the proxy, so the firewall doesn't know the ip source. So, I can't act on the gateway. I can manage either the in or the out traffic, for the proxy. If I manage the out with some rules, I've the same problem : the ip source will be the proxy's. If I manage the in traffic, there is no differences between the cached requests and the non cache requests = I lose the interest of the cache. If you want to do more advanced things though you will need to investigate marking the packets on the firewall and also look at using Squid to apply QOS markers to the traffic. I recall there was a discussion on this recently on this list. A a search of the archives should find this. Yes, I'm going search this, it could be what I need. Tris Thanks for your help, Gregoire
[squid-users] Outsource error pages
Hello, I want to harmonize the error pages of my network. The error pages come from differents servers, and I want to centralize all the error pages on one shared platform. To do so, I would like outsource the error pages of Squid. More precisely, I would like outsource the ERR_ACCESS_DENIED page, by giving an URL, for example. deny info url acl is useful when we define acl, but when someone try a wrong url, the page which is displayed by default is ERR_ACCESS_DENIED. So, I can't use deny info for this. Thanks for the help Regards,