Ah, ok I will try that. Thanks, Tom
(I forgot to thank you for the HAProxy patch a number of weeks ago as well, so thanks for that too!) > On May 26, 2016, at 9:26 PM, Tom Eastep <teas...@shorewall.net> wrote: > > On 05/22/2016 04:37 AM, Jacob W. Hiltz wrote: >> Hello, >> >> >> We run a Tomcat server which sometimes receives very large files over >> our WAN connection and, as expected, it has been hogging bandwidth >> causing delays for others using SSH and RDP. >> >> Our office is trying to implement Shorewall QoS to mitigate this issue >> but have had no such luck. I am aware that there are several ways I >> could limit the traffic but I’d rather understand what it is I am doing >> wrong here so that I will be able to implement other QoS rules in the >> future. >> >> We running Shorewall 5.0.7.2 on a KVM machine under Proxmox. >> >> Here is our configuration: >> >> #TCDEVICES CONFIG >> #INTERFACE IN_BANDWITH OUT_BANDWIDTH >> eth0 9000kbit 9000kbit >> >> #TCCLASSES CONFIG >> #INTERFACE MARK RATE CEIL PRIORITY OPTIONS >> eth0 1 full full 1 default >> >> #MANGLE >> MARK(1) 0.0.0.0/0 0.0.0.0/0 tcp 443 >> MARK(1) 0.0.0.0/0 0.0.0.0/0 tcp - 443 >> RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 >> CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 >> SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 >> >> >> Not sure if this is important but: >> 1.) The system with Shorewall also runs HAProxy >> 2.) HAProxy is offloading the SSL Traffic >> 3.) HAPRoxy is running in transparent mode using the new DIVERTHA rule. >> 4.) I have used ethtool to disable various features of the interface as >> per FAQ 97a (no change noticed) >> 3.) In the TCDEVICES config, it appears that many people set IN_BANDWITH >> to 0, but I have had no success with this either. >> >> >> Im thinking this could have to do with the fact that HAProxy is handling >> the connection? Any help is much appreciated! >> > > You must define at least *two* classes; the default class and the class > that is to be restricted. Then you make the problem traffic use the > restricted class. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. > https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
