Still having problems with QoS.
TCDEVICES eth0 - 20mbit TCCLASSES eth0 1 10kbit 100kbit 1 eth0 2 10kbit full 2 default MANGLE MARK(1) eth1.100 0.0.0.0/0 tcp 80 MARK(1) eth1.100 0.0.0.0/0 tcp - 80 MARK(2) eth1.100 0.0.0.0/0 tcp 443 MARK(2) eth1.100 0.0.0.0/0 tcp - 443 SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 I only ever see speeds of ~80kbps. I would expect that packets with mark=1 would be at most 100kbit (port 80 traffic) and packets with mark=2 (port 443) would be full speed. I must be missing something here. I’ve spent hours trying to do different combinations and nothing seems to work for me. Question: What would my tcclasses, tcdevices and mangle file look like if I wanted to just limit traffic on port 443 to 1mbps and all other traffic full speed? > On May 26, 2016, at 9:33 PM, Jacob W. Hiltz <ja...@prosperident.com> wrote: > > Ah, ok I will try that. > > Thanks, Tom > > (I forgot to thank you for the HAProxy patch a number of weeks ago as well, > so thanks for that too!) > >> On May 26, 2016, at 9:26 PM, Tom Eastep <teas...@shorewall.net> wrote: >> >> On 05/22/2016 04:37 AM, Jacob W. Hiltz wrote: >>> Hello, >>> >>> >>> We run a Tomcat server which sometimes receives very large files over >>> our WAN connection and, as expected, it has been hogging bandwidth >>> causing delays for others using SSH and RDP. >>> >>> Our office is trying to implement Shorewall QoS to mitigate this issue >>> but have had no such luck. I am aware that there are several ways I >>> could limit the traffic but I’d rather understand what it is I am doing >>> wrong here so that I will be able to implement other QoS rules in the >>> future. >>> >>> We running Shorewall 5.0.7.2 on a KVM machine under Proxmox. >>> >>> Here is our configuration: >>> >>> #TCDEVICES CONFIG >>> #INTERFACE IN_BANDWITH OUT_BANDWIDTH >>> eth0 9000kbit 9000kbit >>> >>> #TCCLASSES CONFIG >>> #INTERFACE MARK RATE CEIL PRIORITY OPTIONS >>> eth0 1 full full 1 default >>> >>> #MANGLE >>> MARK(1) 0.0.0.0/0 0.0.0.0/0 tcp 443 >>> MARK(1) 0.0.0.0/0 0.0.0.0/0 tcp - 443 >>> RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 >>> CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 >>> SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 >>> >>> >>> Not sure if this is important but: >>> 1.) The system with Shorewall also runs HAProxy >>> 2.) HAProxy is offloading the SSL Traffic >>> 3.) HAPRoxy is running in transparent mode using the new DIVERTHA rule. >>> 4.) I have used ethtool to disable various features of the interface as >>> per FAQ 97a (no change noticed) >>> 3.) In the TCDEVICES config, it appears that many people set IN_BANDWITH >>> to 0, but I have had no success with this either. >>> >>> >>> Im thinking this could have to do with the fact that HAProxy is handling >>> the connection? Any help is much appreciated! >>> >> >> You must define at least *two* classes; the default class and the class >> that is to be restricted. Then you make the problem traffic use the >> restricted class. >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. >> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
