Loic wrote:
Good afternoon,
I have two networks (A and B). Users on network A should have internet priority
over users in network B. We have a server acting as an internet gateway between
A, B, and the internet; and we're using iptables and tc to do some shaping
(priorizing HTTP over SMTP, A over B, etc...).
This server also runs SQUID cache, which is used by both networks A and B
users. The problem is that it's impossible to enforce A over B priority for
HTTP using the source IP because all outbound requests come from SQUID.
Having two SQUIDs (one on each network) needs additional hardware and is not
planned right now.
I have thought about setting SQUID to use different source port ranges for
outbound connections (based on the network the request came from), so that I
can shape packets from this information. I googled for such and SQUID config,
it looks like I'm not the first to ask this question, but all I found were
pieces of C code. Is there, somewhere, a configuration trick that allows to do
this ?
I read about delay pools, which seems to be a fallback "better than nothing"
solution.
I was thinking about doing 4 pools, something like :
- network A, small files (html, jpg, gif, ...) : 35% of bandwidth
- network A, big files (audio, flash, ...) : 25%
- network B, small files : 25%
- network B, big files : 15%
This would work well when the network is really crowded, but - tell me if I'm
wrong - it would prevent any user from network B to downloading at anything
faster than 25%, even if at that time he was the only one using the link. I
would prefer having any user being able to hit 100% if it doesn't disturb any
one else's traffic, but still guarantee priority of A over B users at any time.
Do you have other ideas that I may try to achieve my goal ?
http://www.squid-cache.org/Versions/v3/3.0/cfgman/tcp_outgoing_tos.html
Alternatively,
http://www.squid-cache.org/Versions/v3/3.0/cfgman/tcp_outgoing_address.html.
Either option is available in 2.6 and 2.7 as well.
Thank you for any suggestion,
Loïc
Chris
