traffic shaping question.
I want to do traffic shaping as per protocol basis so if i give a certian bandwith to HTTP protocole , isnt there any way i can diffrenciate between HTTP webpages & HTTP downloads of huge .iso files ? i dont want users who are downloading huge files effect userrs who are only checking their webmails. is there any way ? *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: traffic shaping question.
On Tuesday 23 May 2006 18:56, S t i n g r a y wrote: > I want to do traffic shaping as per protocol basis so > if i give a certian bandwith to HTTP protocole , isnt > there any way i can diffrenciate between HTTP webpages > & HTTP downloads of huge .iso files ? With pf? No. --- Lars Hansson
Re: traffic shaping question.
On Tuesday 23 May 2006 12.56, S t i n g r a y wrote: > I want to do traffic shaping as per protocol basis so > if i give a certian bandwith to HTTP protocole , isnt > there any way i can diffrenciate between HTTP webpages > & HTTP downloads of huge .iso files ? > i dont want users who are downloading huge files > effect userrs who are only checking their webmails. > > is there any way ? > > *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com Correct me if I am wrong.. But you can differentiate shaping of traffic of the same protocol if it has different Type Of Service. You can for example give higher priority to SSH shell and lower the priority of scp bulk file transfers as they have different TOS. Don't know if there exist anything like it for HTTP (don't think so). If it doesn't exist you probably have to find another way (not in PF). Or you could have the ISO downloads from a different IP. /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: traffic shaping question.
I haven't personally tested this, but give it a look: http://www.whoopis.com/howtos/web-bandwidth-limit.html Unfortunately it doesn't have the same kind of benefits that altq/pf provide, but as stated in the previous messages, you'd have to place your webmail and iso services on different IPs. On 5/23/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote: On Tuesday 23 May 2006 12.56, S t i n g r a y wrote: > I want to do traffic shaping as per protocol basis so > if i give a certian bandwith to HTTP protocole , isnt > there any way i can diffrenciate between HTTP webpages > & HTTP downloads of huge .iso files ? > i dont want users who are downloading huge files > effect userrs who are only checking their webmails. > > is there any way ? > > *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com Correct me if I am wrong.. But you can differentiate shaping of traffic of the same protocol if it has different Type Of Service. You can for example give higher priority to SSH shell and lower the priority of scp bulk file transfers as they have different TOS. Don't know if there exist anything like it for HTTP (don't think so). If it doesn't exist you probably have to find another way (not in PF). Or you could have the ISO downloads from a different IP. /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: traffic shaping question.
On Tue, May 23, 2006 at 03:56:31AM -0700, S t i n g r a y wrote: > I want to do traffic shaping as per protocol basis so > if i give a certian bandwith to HTTP protocole , isnt > there any way i can diffrenciate between HTTP webpages > & HTTP downloads of huge .iso files ? > i dont want users who are downloading huge files > effect userrs who are only checking their webmails. > > is there any way ? The answer is, of course, yes. Now, are there any pre-written tools for this? And can pf do it? In the latter case, to some extent. You could get somewhere by defining a queue with high priority but comparatively low bandwidth, which would be decidedly suboptimal for downloading but pretty nice for surfing sane web pages[1]. It looks like altq's hfsc could do this. I can think of various schemes to detect 'a lot of traffic', but I don't think it's possible to get pf(4)/altq(9) to shift a connection in the table to another queue. So that isn't going to work. What just might work, though, especially for a comparatively small number of clients, is to assign each client its own queue. The cbq scheduler would be the classical example of a scheduler to use here; clients can be guaranteed a certain bandwidth, and any bandwidth left over is fair game ('cbq(borrow)'). This gives the downloaders plenty of bandwidth to play with, without unduly inconveniencing the surfers. Joachim [1] Of course, it's not all that clear whether or not a heavy web page like Hotmail would benefit all that much from this.
Re: traffic shaping question.
Another alternative is to use http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypass to proxy your iso directory to another httpd instance running on a private IP, eg: setup your webserver with the regular public IP address(es), and additionally setup a number of private IP addresses. Start a webserver (doesn't have to be apache) that binds solely to the private IP address(es) and configure pf accordinly (only allow in packets to the private address from whatever address that the public apache will bind to) Setup your main server's proxypass to proxy say "/iso" to "http://10.11.12.13:8080/iso"; And configure altq to limit outgoing traffic on 10.11.12.13. Mind you, this scheme is completely untested and may not be possible. On 5/23/06, S t i n g r a y <[EMAIL PROTECTED]> wrote: I want to do traffic shaping as per protocol basis so if i give a certian bandwith to HTTP protocole , isnt there any way i can diffrenciate between HTTP webpages & HTTP downloads of huge .iso files ? i dont want users who are downloading huge files effect userrs who are only checking their webmails. is there any way ? *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: traffic shaping question.
On 5/23/06, S t i n g r a y <[EMAIL PROTECTED]> wrote: I want to do traffic shaping as per protocol basis so if i give a certian bandwith to HTTP protocole , isnt there any way i can diffrenciate between HTTP webpages & HTTP downloads of huge .iso files ? Sure, set your HTTP daemon to listen on two ports (say, ports 80 and 81). Make the ISO images available through port 81 only and use traffic shaping to limit bandwidth from that port. Chris
Re: traffic shaping question.
S t i n g r a y napisaE(a): > I want to do traffic shaping as per protocol basis so > if i give a certian bandwith to HTTP protocole , isnt > there any way i can diffrenciate between HTTP webpages > & HTTP downloads of huge .iso files ? > i dont want users who are downloading huge files > effect userrs who are only checking their webmails. > > is there any way ? Use hfsc. Define upperlimit for queue, set higher initial bandwidth assignment and decrease that after some miliseconds. Something like that: queue http_q hfsc( ecn upperlimit($initial_bw $time_in_ms_d $w_after_time) br, Darek
Re: traffic shaping question.
Per-Olov Sjvholm wrote: On Tuesday 23 May 2006 12.56, S t i n g r a y wrote: I want to do traffic shaping as per protocol basis so if i give a certian bandwith to HTTP protocole , isnt there any way i can diffrenciate between HTTP webpages & HTTP downloads of huge .iso files ? i dont want users who are downloading huge files effect userrs who are only checking their webmails. is there any way ? *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Correct me if I am wrong.. But you can differentiate shaping of traffic of the same protocol if it has different Type Of Service. You can for example give higher priority to SSH shell and lower the priority of scp bulk file transfers as they have different TOS. Don't know if there exist anything like it for HTTP (don't think so). If it doesn't exist you probably have to find another way (not in PF). Or you could have the ISO downloads from a different IP. Maybe you should give ip aliasing a try (nice howto in the openbsd faq). You could then have servers bind to these aliases, and then control how much bandwidth these aliases can use with pf or something. /Per-Olov -Jim
Re: traffic shaping question.
Planck wrote: > S t i n g r a y napisaE(a): >> I want to do traffic shaping as per protocol basis so >> if i give a certian bandwith to HTTP protocole , isnt >> there any way i can diffrenciate between HTTP webpages >> & HTTP downloads of huge .iso files ? >> i dont want users who are downloading huge files >> effect userrs who are only checking their webmails. >> >> is there any way ? > > Use hfsc. Define upperlimit for queue, set higher initial bandwidth > assignment and decrease that after some miliseconds. Something like that: > queue http_q hfsc( ecn upperlimit($initial_bw $time_in_ms_d $w_after_time) > br, > Darek > > You could use squid to transparently shape the traffic. You can, for example, redirect all http or https traffic to it, then use delay pools inside squid. Squid can filter file extensions, urls, and other sorts of things. I didn't knew about the hfsc solution, i will test it latter. I use delay pools, and they work greatly. My 2 cents, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em InformC!tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: traffic shaping question.
Planck, can you shed some more light here ? or maybe provide me a link with examples ? regards Faisal --- Planck <[EMAIL PROTECTED]> wrote: > S t i n g r a y napisaE(a): > > I want to do traffic shaping as per protocol basis > so > > if i give a certian bandwith to HTTP protocole , > isnt > > there any way i can diffrenciate between HTTP > webpages > > & HTTP downloads of huge .iso files ? > > i dont want users who are downloading huge files > > effect userrs who are only checking their > webmails. > > > > is there any way ? > > Use hfsc. Define upperlimit for queue, set higher > initial bandwidth > assignment and decrease that after some miliseconds. > Something like that: > queue http_q hfsc( ecn upperlimit($initial_bw > $time_in_ms_d $w_after_time) > br, > Darek > > *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: traffic shaping question.
> Planck, can you shed some more light here ? or maybe > provide me a link with examples ? 1. man pf.conf (hint hfsc) 2. http://www.openbsd.org/faq/pf/queueing.html (hint HFSC) 3. http://www.cs.cmu.edu/~hzhang/HFSC/main.html Darek