On 05/22/2016 04:37 AM, Jacob W. Hiltz wrote: > Hello, > > > We run a Tomcat server which sometimes receives very large files over > our WAN connection and, as expected, it has been hogging bandwidth > causing delays for others using SSH and RDP. > > Our office is trying to implement Shorewall QoS to mitigate this issue > but have had no such luck. I am aware that there are several ways I > could limit the traffic but I’d rather understand what it is I am doing > wrong here so that I will be able to implement other QoS rules in the > future. > > We running Shorewall 5.0.7.2 on a KVM machine under Proxmox. > > Here is our configuration: > > #TCDEVICES CONFIG > #INTERFACE IN_BANDWITH OUT_BANDWIDTH > eth0 9000kbit 9000kbit > > #TCCLASSES CONFIG > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS > eth0 1 full full 1 default > > #MANGLE > MARK(1) 0.0.0.0/0 0.0.0.0/0 tcp 443 > MARK(1) 0.0.0.0/0 0.0.0.0/0 tcp - 443 > RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 > CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 > SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 > > > Not sure if this is important but: > 1.) The system with Shorewall also runs HAProxy > 2.) HAProxy is offloading the SSL Traffic > 3.) HAPRoxy is running in transparent mode using the new DIVERTHA rule. > 4.) I have used ethtool to disable various features of the interface as > per FAQ 97a (no change noticed) > 3.) In the TCDEVICES config, it appears that many people set IN_BANDWITH > to 0, but I have had no success with this either. > > > Im thinking this could have to do with the fact that HAProxy is handling > the connection? Any help is much appreciated! >
You must define at least *two* classes; the default class and the class that is to be restricted. Then you make the problem traffic use the restricted class. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
