[Shorewall-users] Shorewall QoS problems

Sun, 22 May 2016 05:09:07 -0700 

Hello,


We run a Tomcat server which sometimes receives very large files over our WAN 
connection and, as expected, it has been hogging bandwidth causing delays for 
others using SSH and RDP.

Our office is trying to implement Shorewall QoS to mitigate this issue but have 
had no such luck. I am aware that there are several ways I could limit the 
traffic but I’d rather understand what it is I am doing wrong here so that I 
will be able to implement other QoS rules in the future.

We running Shorewall 5.0.7.2 on a KVM machine under Proxmox.

Here is our configuration:

#TCDEVICES CONFIG
#INTERFACE      IN_BANDWITH     OUT_BANDWIDTH
eth0            9000kbit        9000kbit

#TCCLASSES CONFIG
#INTERFACE      MARK    RATE            CEIL        PRIORITY    OPTIONS
eth0            1       full       full                  1       default

#MANGLE
MARK(1)  0.0.0.0/0 0.0.0.0/0    tcp     443
MARK(1)  0.0.0.0/0 0.0.0.0/0    tcp     -  443
RESTORE  0.0.0.0/0 0.0.0.0/0    all     -             -       -        0
CONTINUE 0.0.0.0/0 0.0.0.0/0    all     -             -       -       !0
SAVE     0.0.0.0/0 0.0.0.0/0    all     -             -       -       !0


Not sure if this is important but:
1.) The system with Shorewall also runs HAProxy
2.) HAProxy is offloading the SSL Traffic
3.) HAPRoxy is running in transparent mode using the new DIVERTHA rule.
4.) I have used ethtool to disable various features of the interface as per FAQ 
97a (no change noticed)
3.) In the TCDEVICES config, it appears that many people set IN_BANDWITH to 0, 
but I have had no success with this either.


Im thinking this could have to do with the fact that HAProxy is handling the 
connection? Any help is much appreciated!

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to